Master the CAS-002 CompTIA Advanced Security Practitioner (CASP) content and be ready for exam day success quickly with this Actualtests CAS-002 study guide. We guarantee it!We make it a reality and give you real CAS-002 questions in our CompTIA CAS-002 braindumps.Latest 100% VALID CompTIA CAS-002 Exam Questions Dumps at below page. You can use our CompTIA CAS-002 braindumps and pass your exam.


♥♥ 2018 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/CAS-002-exam-dumps.html

P.S. Virtual CAS-002 forum are available on Google Drive, GET MORE: https://drive.google.com/open?id=1MWxVvRqKw5P-3mL6Zi7QlXk_26ObOJ_y


New CompTIA CAS-002 Exam Dumps Collection (Question 11 - Question 20)

Question No: 11

Which of the following activities is commonly deemed u201cOUT OF SCOPEu201d when undertaking a penetration test?

A. Test password complexity of all login fields and input validation of form fields

B. Reverse engineering any thick client software that has been provided for the test

C. Undertaking network-based denial of service attacks in production environment

D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks

E. Running a vulnerability scanning tool to assess network and host weaknesses

Answer: C


Question No: 12

The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?

A. HIPS

B. UTM

C. Antivirus

D. NIPS

E. DLP

Answer: A


Question No: 13

There have been some failures of the companyu2019s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last monthu2019s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month?

A. 92.24 percent

B. 98.06 percent

C. 98.34 percent

D. 99.72 percent

Answer: C


Question No: 14

A company sales manager received a memo from the companyu2019s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial departmentu2019s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?

A. Discuss the issue with the software product's user groups

B. Consult the companyu2019s legal department on practices and law

C. Contact senior finance management and provide background information

D. Seek industry outreach for software practices and law

Answer: B


Question No: 15

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

A. Ensure web services hosting the event use TCP cookies and deny_hosts.

B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

C. Contract and configure scrubbing services with third-party DDoS mitigation providers.

D. Purchase additional bandwidth from the companyu2019s Internet service provider.

Answer: C


Question No: 16

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

A. $4,800 B. $24,000 C. $96,000 D. $120,000

Answer: C


Question No: 17

Which of the following describes a risk and mitigation associated with cloud data storage?

A. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest

B. Risk: Offsite replicationMitigation: Multi-site backups

C. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing

D. Risk: Combined data archivingMitigation: Two-factor administrator authentication

Answer: A


Question No: 18

VPN users cannot access the active FTP server through the router but can access any

server in the data center.

Additional network information:

DMZ network u2013 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network u2013 192.168.1.0/24

Datacenter u2013 192.168.2.0/24 User network - 192.168.3.0/24 HR network u2013 192.168.4.0/24\\

Traffic shaper configuration: VLAN Bandwidth Limit (Mbps) VPN50

User175 HR250

Finance250 Guest0

Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24 Deny192.168.1.0/24192.168.4.0/24

Denyanyany

Which of the following solutions would allow the users to access the active FTP server?

A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network

B. Add a permit statement to allow traffic to 192.168.5.1 from the VPN network

C. IPS is blocking traffic and needs to be reconfigured

D. Configure the traffic shaper to limit DMZ traffic

E. Increase bandwidth limit on the VPN network

Answer: A


Question No: 19

A firmu2019s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the productu2019s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEOu2019s requirements?

A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.

B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.

C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

Answer: C


Question No: 20

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applicationsu2019 compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted?

A. Establish the security control baseline

B. Build the application according to software development security standards

C. Review the results of user acceptance testing

D. Consult with the stakeholders to determine which standards can be omitted

Answer: A


P.S. Easily pass CAS-002 Exam with Dumpscollection Virtual Dumps & pdf vce, Try Free: http://www.dumpscollection.net/dumps/CAS-002/ (450 New Questions)