Testking Exam Engine Features: 1. CompTIA CompTIA CAS-002 exam has questions and answers within details. Only two. Take a CompTIA prep check before you buy that. 3. Promptly update the CompTIA CAS-002 exam dump. 4. Almost 100% guarantee towards the CompTIA exam questions and answers. Your five. The CompTIA certification stimulation exam is analogous to the real CompTIA exam.

2021 Mar CAS-002 sample question

Q141. - (Topic 4) 

A systems administrator establishes a CIFS share on a Unix device to share data to windows systems. The security authentication on the windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the Unix share. Which of the following settings on the Unix server is the cause of this problem? 

A. Refuse LM and only accept NTLMv2 

B. Accept only LM 

C. Refuse NTLMv2 and accept LM 

D. Accept only NTLM 

Answer:


Q142. - (Topic 2) 

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory? 

A. Use fuzzing techniques to examine application inputs 

B. Run nmap to attach to application memory 

C. Use a packet analyzer to inspect the strings 

D. Initiate a core dump of the application 

E. Use an HTTP interceptor to capture the text strings 

Answer:


Q143. - (Topic 1) 

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented? 

A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues 

B. Improper handling of client data, interoperability agreement issues and regulatory issues 

C. Cultural differences, increased cost of doing business and divestiture issues 

D. Improper handling of customer data, loss of intellectual property and reputation damage 

Answer:


Q144. - (Topic 2) 

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC. 

Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO). 

A. Static and dynamic analysis is run as part of integration 

B. Security standards and training is performed as part of the project 

C. Daily stand-up meetings are held to ensure security requirements are understood 

D. For each major iteration penetration testing is performed 

E. Security requirements are story boarded and make it into the build 

F. A security design is performed at the end of the requirements phase 

Answer: A,D 


Q145. - (Topic 5) 

An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organization’s technology? 

A. An operational level agreement 

B. An interconnection security agreement 

C. A non-disclosure agreement 

D. A service level agreement 

Answer:


Most recent CAS-002 vce:

Q146. - (Topic 4) 

A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner? 

A. The security administrator should consider deploying a signature-based intrusion detection system. 

B. The security administrator should consider deploying enterprise forensic analysis tools. 

C. The security administrator should consider installing a cloud augmented security service. 

D. The security administrator should consider establishing an incident response team. 

Answer:


Q147. - (Topic 5) 

The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values? 

A. MOU 

B. BPA 

C. RA 

D. SLA 

E. BIA 

Answer:


Q148. - (Topic 5) 

The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system? 

A. Virtualize the system and migrate it to a cloud provider. 

B. Segment the device on its own secure network. 

C. Install an antivirus and HIDS on the system. 

D. Hire developers to reduce vulnerabilities in the code. 

Answer:


Q149. - (Topic 5) 

The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be implemented: 

-All business units must now identify IT risks and include them in their business risk profiles. 

-Key controls must be identified and monitored. 

-Incidents and events must be recorded and reported with management oversight. 

-Exemptions to the information security policy must be formally recorded, approved, and managed. 

-IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives. 

In addition to the above, which of the following would BEST help the CIO meet the requirements? 

A. Establish a register of core systems and identify technical service owners 

B. Establish a formal change management process 

C. Develop a security requirement traceability matrix 

D. Document legacy systems to be decommissioned and the disposal process 

Answer:


Q150. - (Topic 5) 

A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand? 

A. Threat actor types, threat actor motivation, and attack tools 

B. Unsophisticated agents, organized groups, and nation states 

C. Threat actor types, attack sophistication, and the anatomy of an attack 

D. Threat actor types, threat actor motivation, and the attack impact 

Answer: