Our pass rate is high to 98.9% and the similarity percentage between our CAS-002 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA CAS-002 exam in just one try? I am currently studying for the CompTIA CAS-002 exam. Latest CompTIA CAS-002 Test exam practice questions and answers, Try CompTIA CAS-002 Brain Dumps First.
♥♥ 2018 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
P.S. Real CAS-002 pack are available on Google Drive, GET MORE: https://drive.google.com/open?id=1i-DSDDbU7Ij9pDq-9iid94VozRUrxe72
New CompTIA CAS-002 Exam Dumps Collection (Question 10 - Question 19)
New Questions 10
A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network.
The current infrastructure design includes:
The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless access points.
Which of the following cryptographic improvements should be made to the current architecture to achieve the stated goals?
A. PKI based authorization
B. Transport encryption
C. Data at rest encryption
D. Code signing
New Questions 11
A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?
A. Provide targeted security awareness training and impose termination for repeat violators.
B. Block desktop sharing and web conferencing applications and enable use only with approval.
C. Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.
D. Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.
New Questions 12
A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE).
A. Security of data storage
B. The cost of the solution
C. System availability
D. User authentication strategy
E. PBX integration of the service
F. Operating system compatibility
New Questions 13
A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).
A. The email system may become unavailable due to overload.
B. Compliance may not be supported by all smartphones.
C. Equipment loss, theft, and data leakage.
D. Smartphone radios can interfere with health equipment.
E. Data usage cost could significantly increase.
F. Not all smartphones natively support encryption.
G. Smartphones may be used as rogue access points.
New Questions 14
An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability?
A. Source code vulnerability scanning
B. Time-based access control lists
C. ISP to ISP network jitter
D. File-size validation
E. End to end network encryption
New Questions 15
CORRECT TEXTThe IDS has detected abnormal behavior on this network Click on the network devices to view device information Based on this information, the following tasks need to be completed:
1. Select the server that is a victim of a SQL injection attack. 2 Select the source of the buffer overflow attack.
3. Modify the access control list (ACL) on the router(s) to ONLY block the buffer overflow attack.
Instructions: Simulations can be reset at any time to the initial state: however, all selections will be deleted.
Answer: Follow the Steps as
New Questions 16
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 u2013 Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 u2013 For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
A. Apply a hidden field that triggers a SIEM alert
B. Cross site scripting attack
C. Resource exhaustion attack
D. Input a blacklist of all known BOT malware IPs into the firewall
E. SQL injection
F. Implement an inline WAF and integrate into SIEM
G. Distributed denial of service
H. Implement firewall rules to block the attacking IP addresses
New Questions 17
A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the companyu2019s security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches?
A. Reload all user laptops with full disk encryption software immediately.
B. Implement full disk encryption on all storage devices the firm owns.
C. Implement new continuous monitoring procedures.
D. Implement an open source system which allows data to be encrypted while processed.
New Questions 18
Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).
A. Passive banner grabbing
B. Password cracker
D. 443/tcp open http
E. dig host.company.com
F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0
New Questions 19
A trucking company delivers products all over the country. The executives at the company would like to have better insight into the location of their drivers to ensure the shipments are following secure routes. Which of the following would BEST help the executives meet this goal?
A. Install GSM tracking on each product for end-to-end delivery visibility.
B. Implement geo-fencing to track products.
C. Require drivers to geo-tag documentation at each delivery location.
D. Equip each truck with an RFID tag for location services.
100% Latest CompTIA CAS-002 Questions & Answers shared by Examcollection, Get HERE: http://www.examcollectionuk.com/CAS-002-vce-download.html (New 450 Q&As)