Ucertify CAS-002 Questions are updated and all CAS-002 answers are verified by experts. Once you have completely prepared with our CAS-002 exam prep kits you will be ready for the real CAS-002 exam without a problem. We have Replace CompTIA CAS-002 dumps study guide. PASSED CAS-002 First attempt! Here What I Did.

♥♥ 2018 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/CAS-002-exam-dumps.html

P.S. Highest Quality CAS-002 dumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1_tUd--bSxHsmM0l1n-Nz8GSCb42PusVv

New CompTIA CAS-002 Exam Dumps Collection (Question 2 - Question 11)

Q1. Every year, the accounts payable employee, Ann, takes a week off work for a vacation. She typically completes her responsibilities remotely during this week. Which of the following policies, when implemented, would allow the company to audit this employee's work and potentially discover improprieties?

A. Job rotation

A. B. Mandatory vacations

C. Least privilege

D. Separation of duties

Answer: A

Q2. Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?

A. Create an IP camera network and deploy NIPS to prevent unauthorized access.

B. Create an IP camera network and only allow SSL access to the cameras.

C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

D. Create an IP camera network and restrict access to cameras from a single management host.

Answer: C

Q3. The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?

A. hash = sha512(password + salt);for (k = 0; k < 4000; k++) {hash = sha512 (hash);}

B. hash = md5(password + salt);for (k = 0; k < 5000; k++) {hash = md5 (hash);}

C. hash = sha512(password + salt);for (k = 0; k < 3000; k++) {hash = sha512 (hash + password + salt);}

D. hash1 = sha1(password + salt);hash = sha1 (hash1);

Answer: C

Q4. A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions.

DATE/TIMEPIDCOMMAND%CPUMEM 031020141030002055com.proc10.2920K





Which of the following is the MOST likely cause for the DoS?

A. The system does not implement proper garbage collection.

B. The system is susceptible to integer overflow.

C. The system does not implement input validation.

D. The system does not protect against buffer overflows properly.

Answer: A

Q5. A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame as to whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

A. During the Identification Phase

B. During the Lessons Learned phase

C. During the Containment Phase

D. During the Preparation Phase

Answer: B

Q6. An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

A. Ensure the SaaS provider supports dual factor authentication.

B. Ensure the SaaS provider supports encrypted password transmission and storage.

C. Ensure the SaaS provider supports secure hash file exchange.

D. Ensure the SaaS provider supports role-based access control.

E. Ensure the SaaS provider supports directory services federation.

Answer: E

Q7. A security administrator needs to deploy a remote access solution for both staff and contractors. Management favors remote desktop due to ease of use. The current risk assessment suggests protecting Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should be selected?

A. Deploy a remote desktop server on your internal LAN, and require an active directory integrated SSL connection for access.

B. Change remote desktop to a non-standard port, and implement password complexity for the entire active directory domain.

C. Distribute new IPSec VPN client software to applicable parties. Virtualize remote desktop services functionality.

A. D. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.

Answer: D

Q8. A company has decided to move to an agile software development methodology. The company gives all of its developers security training. After a year of agile, a management review finds that the number of items on a vulnerability scan has actually increased since the methodology change. Which of the following best practices has MOST likely been overlooked in the agile implementation?

A. Penetration tests should be performed after each sprint.

B. A security engineer should be paired with a developer during each cycle.

C. The security requirements should be introduced during the implementation phase.

D. The security requirements definition phase should be added to each sprint.

Answer: D

Q9. The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the companyu2019s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

A. Block traffic from the ISPu2019s networks destined for blacklisted IPs.

B. Prevent the ISPu2019s customers from querying DNS servers other than those hosted by the ISP.

C. Block traffic with a source IP not allocated to the ISP from exiting the ISPu2019s network.

D. Scan the ISPu2019s customer networks using an up-to-date vulnerability scanner.

E. Notify customers when services they run are involved in an attack.

Answer: C,E

Q10. An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

A. The companyu2019s IDS signatures were not updated.

B. The companyu2019s custom code was not patched.

C. The patch caused the system to revert to http.

D. The software patch was not cryptographically signed.

E. The wrong version of the patch was used.

F. Third-party plug-ins were not patched.

Answer: B,F

Recommend!! Get the Highest Quality CAS-002 dumps in VCE and PDF From Examcollection, Welcome to download: http://www.examcollectionuk.com/CAS-002-vce-download.html (New 532 Q&As Version)