Want to know Testking CAS-002 Exam practice test features? Want to lear more about CompTIA CompTIA Advanced Security Practitioner (CASP) certification experience? Study Approved CompTIA CAS-002 answers to Most recent CAS-002 questions at Testking. Gat a success with an absolute guarantee to pass CompTIA CAS-002 (CompTIA Advanced Security Practitioner (CASP)) test on your first attempt.

P.S. Approved CAS-002 keys are available on Google Drive, GET MORE: https://drive.google.com/open?id=1LW12huDLg6jOYg9lhN_DwABm-ur1zaYh


New CompTIA CAS-002 Exam Dumps Collection (Question 5 - Question 14)

New Questions 5

A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance?

A. Tape backup policies

B. Offsite backup policies

C. Data retention policies

D. Data loss prevention policies

Answer: C


New Questions 6

A company wishes to purchase a new security appliance. A security administrator has extensively researched the appliances, and after presenting security choices to the companyu2019s management team, they approve of the proposed solution. Which of the following documents should be constructed to acquire the security appliance?

A. SLA

B. RFQ

C. RFP

D. RFI

Answer: B


New Questions 7

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?

A. vTPM

B. HSM

C. TPM

D. INE

Answer: A


New Questions 8

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the companyu2019s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?

A. Block in-bound connections to the companyu2019s NTP servers.

B. Block IPs making monlist requests.

C. Disable the companyu2019s NTP servers.

D. Disable monlist on the companyu2019s NTP servers.

Answer: D


New Questions 9

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

A. Demonstration of IPS system

B. Review vendor selection process

C. Calculate the ALE for the event

D. Discussion of event timeline

E. Assigning of follow up items

Answer: D,E


New Questions 10

An asset manager is struggling with the best way to reduce the time required to perform asset location activities in a large warehouse. A project manager indicated that RFID might be a valid solution if the asset manageru2019s requirements were supported by current RFID capabilities. Which of the following requirements would be MOST difficult for the asset manager to implement?

A. The ability to encrypt RFID data in transmission

B. The ability to integrate environmental sensors into the RFID tag

C. The ability to track assets in real time as they move throughout the facility

D. The ability to assign RFID tags a unique identifier

Answer: A


New Questions 11

A security administrator is shown the following log excerpt from a Unix system:

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port

37914 ssh2

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port

37915 ssh2

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port

37916 ssh2

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port

37918 ssh2

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port

37920 ssh2

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port

37924 ssh2

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

A. An authorized administrator has logged into the root account remotely.

B. The administrator should disable remote root logins.

C. Isolate the system immediately and begin forensic analysis on the host.

D. A remote attacker has compromised the root account using a buffer overflow in sshd.

E. A remote attacker has guessed the root password using a dictionary attack.

F. Use iptables to immediately DROP connections from the IP 198.51.100.23.

G. A remote attacker has compromised the private key of the root account.

H. Change the root password immediately to a password not found in a dictionary.

Answer: C,E


New Questions 12

A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The sales team is continuously contacting the security administrator to answer security questions posed by potential customers/clients. Which of the following is the BEST strategy to minimize the frequency of these requests?

A. Request the major stakeholder hire a security liaison to assist the sales team with security-related questions.

B. Train the sales team about basic security, and make them aware of the security policies and procedures of the company.

C. The job description of the security administrator is to assist the sales team; thus the process should not be changed.

D. Compile a list of the questions, develop an FAQ on the website, and train the sales team about basic security concepts.

Answer: D


New Questions 13

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients.

Which of the following is MOST likely the cause of this problem?

A. TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped.

B. TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall.

C. Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped.

D. The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped.

Answer: A


New Questions 14

A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology trends which a government will be moving towards in the future. This information is available to the public. By consolidating the information, the security manager will be able to combine several perspectives into a broader view of technology trends. This is an example of which of the following? (Select TWO).

A. Supervisory control and data acquisition

B. Espionage

C. Hacktivism

D. Data aggregation

E. Universal description discovery and integration

F. Open source intelligence gathering

Answer: D,F


100% Most recent CompTIA CAS-002 Questions & Answers shared by Certleader, Get HERE: https://www.certleader.com/CAS-002-dumps.html (New 532 Q&As)