Master the CAS-002 CompTIA Advanced Security Practitioner (CASP) content and be ready for exam day success quickly with this Actualtests CAS-002 vce. We guarantee it!We make it a reality and give you real CAS-002 questions in our CompTIA CAS-002 braindumps.Latest 100% VALID CompTIA CAS-002 Exam Questions Dumps at below page. You can use our CompTIA CAS-002 braindumps and pass your exam.
P.S. Breathing CAS-002 testing material are available on Google Drive, GET MORE: https://drive.google.com/open?id=1jFEYVEoSSaRH30NOS859G8vaEUVGAdF5
New CompTIA CAS-002 Exam Dumps Collection (Question 7 - Question 16)
Question No: 7
A security manager is concerned about performance and patch management, and, as a result, wants to implement a virtualization strategy to avoid potential future OS vulnerabilities in the host system. The IT manager wants a strategy that would provide the hypervisor with direct communications with the underlying physical hardware allowing the hardware resources to be paravirtualized and delivered to the guest machines. Which of the following recommendations from the server administrator BEST meets the IT and security managersu2019 requirements? (Select TWO).
A. Nested virtualized hypervisors
B. Type 1 hypervisor
C. Hosted hypervisor with a three layer software stack
D. Type 2 hypervisor
E. Bare metal hypervisor with a software stack of two layers
Question No: 8
An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?
A. Ensure the SaaS provider supports dual factor authentication.
B. Ensure the SaaS provider supports encrypted password transmission and storage.
C. Ensure the SaaS provider supports secure hash file exchange.
D. Ensure the SaaS provider supports role-based access control.
E. Ensure the SaaS provider supports directory services federation.
Question No: 9
An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).
Question No: 10
A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of the product. Which of the following should the administrator do to prevent these issues from occurring in the future?
A. Recommend switching to an SDLC methodology and perform security testing during each maintenance iteration
B. Recommend switching to a spiral software development model and perform security testing during the requirements gathering
C. Recommend switching to a waterfall development methodology and perform security testing during the testing phase
D. Recommend switching to an agile development methodology and perform security testing during iterations
Question No: 11
A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organizationu2019s customer database. The database will be accessed by both the companyu2019s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).
A. Physical penetration test of the datacenter to ensure there are appropriate controls.
B. Penetration testing of the solution to ensure that the customer data is well protected.
C. Security clauses are implemented into the contract such as the right to audit.
D. Review of the organizations security policies, procedures and relevant hosting certifications.
E. Code review of the solution to ensure that there are no back doors located in the software.
Question No: 12
A company has migrated its data and application hosting to a cloud service provider (CSP).
To meet its future needs, the company considers an IdP. Why might the company want to select an IdP that is separate from its CSP? (Select TWO).
A. A circle of trust can be formed with all domains authorized to delegate trust to an IdP
B. Identity verification can occur outside the circle of trust if specified or delegated
C. Replication of data occurs between the CSP and IdP before a verification occurs
D. Greater security can be provided if the circle of trust is formed within multiple CSP domains
E. Faster connections can occur between the CSP and IdP without the use of SAML
Question No: 13
Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted?
A. The company should develop an in-house solution and keep the algorithm a secret.
B. The company should use the CEOu2019s encryption scheme.
C. The company should use a mixture of both systems to meet minimum standards.
D. The company should use the method recommended by other respected information security organizations.
Question No: 14
provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:
10.235.62.11 u2013 - [02/Mar/2014:06:13:04] u201cGET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1u201d 200 5724
Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?
A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.
Question No: 15
A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction?
A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival.
B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival.
C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival.
D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival.
Question No: 16
An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1. Selective sandboxing of suspicious code to determine malicious intent.
2. VoIP handling for SIP and H.323 connections.
3. Block potentially unwanted applications.
1. Which of the following devices would BEST meet all of these requirements?
100% Most recent CompTIA CAS-002 Questions & Answers shared by Certleader, Get HERE: https://www.certleader.com/CAS-002-dumps.html (New 532 Q&As)