It is more faster and easier to pass the CompTIA CAS-002 exam by using Pinpoint CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Down to date CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CAS-002-exam-dumps.html
Q121. - (Topic 2)
A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).
A. Perform penetration testing over the HR solution to identify technical vulnerabilities
B. Perform a security risk assessment with recommended solutions to close off high-rated risks
C. Secure code review of the HR solution to identify security gaps that could be exploited
D. Perform access control testing to ensure that privileges have been configured correctly
E. Determine if the information security standards have been complied with by the project
Answer: B,E
Q122. - (Topic 3)
As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company’s privacy policies and procedures to reflect the changing business environment and business requirements.
Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be:
A. presented by top level management to only data handling staff.
B. customized for the various departments and staff roles.
C. technical in nature to ensure all development staff understand the procedures.
D. used to promote the importance of the security department.
Answer: B
Q123. - (Topic 1)
A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:
A. an administrative control
B. dual control
C. separation of duties
D. least privilege
E. collusion
Answer: C
Q124. - (Topic 1)
An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems?
A. Use the pass the hash technique
B. Use rainbow tables to crack the passwords
C. Use the existing access to change the password
D. Use social engineering to obtain the actual password
Answer: A
Q125. - (Topic 4)
A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage.
The following three goals must be met after the new implementation:
1. Provide all users (including students in their dorms) connections to the Internet.
2. Provide IT department with the ability to make changes to the network environment to improve performance.
3. Provide high speed connections wherever possible all throughout campus including sporting event areas.
Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above?
A. Avoid any risk of network outages by providing additional wired connections to each user and increasing the number of data ports throughout the campus.
B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network.
C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus.
D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement.
Answer: C
Q126. - (Topic 3)
A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem?
A. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.
B. The Java developers accounted for network latency only for the read portion of the processing and not the write process.
C. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.
D. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.
Answer: D
Q127. - (Topic 4)
Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research.
The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy.
Which of the following is the BEST course of action for the security administrator to take?
A. Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and then donate the machines.
B. Delay the donation until all storage media on the computers can be sanitized.
C. Reload the machines with an open source operating system and then donate the machines.
D. Move forward with the donation, but remove all software license keys from the machines.
Answer: B
Q128. - (Topic 5)
A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance?
A. Tape backup policies
B. Offsite backup policies
C. Data retention policies
D. Data loss prevention policies
Answer: C
Q129. - (Topic 4)
Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommissioned. Which of the following is the reason for wiping the SAN LUNs?
A. LUN masking will prevent the next server from accessing the LUNs.
B. The data may be replicated to other sites that are not as secure.
C. Data remnants remain on the LUN that could be read by other servers.
D. The data is not encrypted during transport.
Answer: C
Q130. - (Topic 2)
An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?
A. $4,800
B. $24,000
C. $96,000
D. $120,000
Answer: C