Shortcuts To CAS-002(10 to 19)

Your success in CompTIA CAS-002 is our sole target and we develop all our CAS-002 braindumps in a way that facilitates the attainment of this target. Not only is our CAS-002 study material the best you can find, it is also the most detailed and the most updated. CAS-002 Practice Exams for CompTIA CASP CAS-002 are written to the highest standards of technical accuracy.

P.S. Validated CAS-002 vce are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 10 - Question 19)

Q10. Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks?

A. Create a DMZ to isolate the two companies and provide a security inspection point for all inter-company network traffic.

B. Determine the necessary data flows between the two companies.

C. Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.

D. Implement inline NIPS on the connection points between the two companies.

Answer: B

Q11. Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victimu2019s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A. Integer overflow

B. Click-jacking

C. Race condition

D. SQL injection

E. Use after free

F. Input validation

Answer: E

Q12. An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms?

A. Benchmark each possible solution with the integrators existing client deployments.

B. Develop testing criteria and evaluate each environment in-house.

C. Run virtual test scenarios to validate the potential solutions.

D. Use results from each vendoru2019s test labs to determine adherence to project requirements.

Answer: B

Q13. An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organizationu2019s technology?

A. An operational level agreement

B. An interconnection security agreement

C. A non-disclosure agreement

D. A service level agreement

Answer: B

Q14. A security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher and algorithm in use. The security architect advocates for the use of well-randomized keys as a mitigation to brute force and rainbow attacks. Which of the following is the security architect trying to increase in the design?

A. Key stretching

B. Availability

C. Entropy

D. Root of trust

E. Integrity

Answer: C

Q15. A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).

A. Availability

B. Authentication

C. Integrity

D. Confidentiality

E. Encryption

Answer: B,C

Q16. A company uses a custom Line of Business (LOB) application to facilitate all back-end manufacturing control. Upon investigation, it has been determined that the database used by the LOB application uses a proprietary data format. The risk management group has flagged this as a potential weakness in the companyu2019s operational robustness. Which of the following would be the GREATEST concern when analyzing the manufacturing control application?

A. Difficulty backing up the custom database

B. Difficulty migrating to new hardware

C. Difficulty training new admin personnel

D. Difficulty extracting data from the database

Answer: D

Q17. A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

A. An administrative control

B. Dual control

C. Separation of duties

D. Least privilege

E. Collusion

Answer: C

Q18. An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISOu2019s objectives?



C. ISO 27002


Answer: D

Q19. Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.

The information security team has been a part of the department meetings and come away with the following notes:

-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.

-Sales is asking for easy order tracking to facilitate feedback to customers.

-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.

-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.

-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.

The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and data encryption.

Which of the following departmentsu2019 request is in contrast to the favored solution?

A. Manufacturing

B. Legal

C. Sales

D. Quality assurance

E. Human resources

Answer: E

P.S. Easily pass CAS-002 Exam with Dumpscollection Validated Dumps & pdf vce, Try Free: (450 New Questions)