Its never an straightforward and quickly way to get through the CompTIA exam without having any help. Many candidates seek CompTIA CAS-002 on the web training program for help. Its of an great help for people that are busy about work. Even so, choose any right CompTIA CAS-002 exam dumps which usually with large quality as well as great value is difficult. Currently, I suggest you any reliable website-Exambible. Its an optimal choice in your case to make preparation to the CompTIA CAS-002 exam. Just commit a little cash, you will get access to be able to all the CompTIA CompTIA exam questions as well as answers. CompTIA CAS-002 exam dumps are the combination associated with all the simulated practice questions that might appear on your CAS-002 real exam. The particular Exambible CompTIA CAS-002 exam questions and answers are generally comprehensive, verified and guaranteed to be able to pass your CAS-002 actual exam.

2017 Mar CAS-002 braindumps

Q61. - (Topic 3) 

An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred? 

A. The IDS generated too many false negatives. 

B. The attack occurred after hours. 

C. The IDS generated too many false positives. 

D. No one was reviewing the IDS event logs. 

Answer:


Q62. - (Topic 5) 

An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organization’s technology? 

A. An operational level agreement 

B. An interconnection security agreement 

C. A non-disclosure agreement 

D. A service level agreement 

Answer:


Q63. - (Topic 4) 

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem? 

A. Change the IDS to use a heuristic anomaly filter. 

B. Adjust IDS filters to decrease the number of false positives. 

C. Change the IDS filter to data mine the false positives for statistical trending data. 

D. Adjust IDS filters to increase the number of false negatives. 

Answer:


Q64. - (Topic 3) 

A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE). 

A. The email system may become unavailable due to overload. 

B. Compliance may not be supported by all smartphones. 

C. Equipment loss, theft, and data leakage. 

D. Smartphone radios can interfere with health equipment. 

E. Data usage cost could significantly increase. 

F. Not all smartphones natively support encryption. 

G. Smartphones may be used as rogue access points. 

Answer: B,C,F 


Q65. - (Topic 5) 

A security consultant is investigating acts of corporate espionage within an organization. Each time the organization releases confidential information to high-ranking engineers, the information is soon leaked to competing companies. Which of the following techniques should the consultant use to discover the source of the information leaks? 

A. Digital watermarking 

B. Steganography 

C. Enforce non-disclosure agreements 

D. Digital rights management 

Answer:


Renovate CAS-002 exam prep:

Q66. - (Topic 2) 

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC. 

Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO). 

A. Static and dynamic analysis is run as part of integration 

B. Security standards and training is performed as part of the project 

C. Daily stand-up meetings are held to ensure security requirements are understood 

D. For each major iteration penetration testing is performed 

E. Security requirements are story boarded and make it into the build 

F. A security design is performed at the end of the requirements phase 

Answer: A,D 


Q67. DRAG DROP - (Topic 2) 

Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam, downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost list for each item is listed below: 

1. Anti-Virus Server - $10,000 

2. Firewall-$15,000 

3. Load Balanced Server - $10,000 

4. NIDS/NIPS-$10,000 

5. Packet Analyzer - $5,000 

6. Patch Server-$15,000 

7. Proxy Server-$20,000 

8. Router-$10,000 

9. Spam Filter-$5,000 

10. Traffic Shaper - $20,000 

11. Web Application Firewall - $10,000 

Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place an object on the network diagram, you can remove it by clicking the 

(x) in the upper right-hand of the object. 

Answer: 


Q68. - (Topic 3) 

A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation’s Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department’s IT teams? 

A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall. 

B. Provide each department with a virtual firewall and assign administrative control to the physical firewall. 

C. Put both departments behind the firewall and incorporate restrictive controls on each department’s network. 

CompTIA CAS-002 : Practice Test 

D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device. 

Answer:


Q69. - (Topic 2) 

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank’s other systems through dedicated encrypted links. Which of the following is critical to ensure the successful management of system security concerns between the two organizations? 

A. ISA 

B. BIA 

C. MOU 

D. SOA 

E. BPA 

Answer:


Q70. - (Topic 4) 

A sensitive database needs its cryptographic integrity upheld. Which of the following controls meets this goal? (Select TWO). 

A. Data signing 

B. Encryption 

C. Perfect forward secrecy 

D. Steganography 

E. Data vaulting 

F. RBAC 

G. Lock and key 

Answer: A,F