Certleader 2018 New CAS-002 Exam Dumps (PDF & VCE) Download: https://www.certleader.com/CAS-002-dumps.html

Cause all that matters here is passing the CompTIA CAS-002 exam. Cause all that you need is a high score of CAS-002 CompTIA Advanced Security Practitioner (CASP) exam. The only one thing you need to do is downloading Ucertify CAS-002 exam study guides now. We will not let you down with our money-back guarantee.

P.S. Approved CAS-002 forum are available on Google Drive, GET MORE: https://drive.google.com/open?id=1o83EG0ADisGFtGQxvx-BzUZbRUif5wko


New CompTIA CAS-002 Exam Dumps Collection (Question 15 - Question 24)

Q1. A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future?

A. SIP session tagging and QoS

B. A dedicated VLAN

A. C. Lower encryption setting

D. Traffic shaping

Answer: B


Q2. A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network.

The current infrastructure design includes:

The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless access points.

Which of the following cryptographic improvements should be made to the current architecture to achieve the stated goals?

A. PKI based authorization

B. Transport encryption

C. Data at rest encryption

D. Code signing

Answer: B


Q3. Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?

A. The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.

B. Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third partyu2019s responsibility.

C. The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues.

D. If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation.

Answer: A


Q4. Company XYZ is in negotiations to acquire Company ABC for $1.2millon. Due diligence activities have uncovered systemic security issues in the flagship product of Company ABC. It has been established that a complete product rewrite would be needed with average estimates indicating a cost of $1.6millon. Which of the following approaches should the risk manager of Company XYZ recommend?

A. Transfer the risk

B. Accept the risk

C. Mitigate the risk

D. Avoid the risk

Answer: D


Q5. If a technician must take an employeeu2019s workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?

A. A formal letter from the companyu2019s president approving the seizure of the workstation.

B. A formal training and awareness program on information security for all company

A. managers.

C. A screen displayed at log in that informs users of the employeru2019s rights to seize, search, and monitor company devices.

D. A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.

Answer: C


Q6. A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage.

The following three goals must be met after the new implementation:

1. Provide all users (including students in their dorms) connections to the Internet.

2. Provide IT department with the ability to make changes to the network environment to improve performance.

3. Provide high speed connections wherever possible all throughout campus including sporting event areas.

Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above?

A. Avoid any risk of network outages by providing additional wired connections to each

A. user and increasing the number of data ports throughout the campus.

B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network.

C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus.

D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement.

Answer: C


Q7. A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus serveru2019s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner?

A. The security administrator should consider deploying a signature-based intrusion detection system.

B. The security administrator should consider deploying enterprise forensic analysis tools.

C. The security administrator should consider installing a cloud augmented security service.

D. The security administrator should consider establishing an incident response team.

Answer: C


Q8. The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?

A. One of the companies may use an outdated VDI.

A. B. Corporate websites may be optimized for different web browsers.

C. Industry security standards and regulations may be in conflict.

D. Data loss prevention standards in one company may be less stringent.

Answer: C


Q9. An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO).

A. Periodic key changes once the initial keys are established between the DNS name servers.

B. Secure exchange of the key values between the two DNS name servers.

C. A secure NTP source used by both DNS name servers to avoid message rejection.

D. DNS configuration files on both DNS name servers must be identically encrypted.

E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers.

Answer: B,C


Q10. A recently hired security administrator is advising developers about the secure integration of a legacy in-house application with a new cloud based processing system. The systems must exchange large amounts of fixed format data such as names, addresses, and phone numbers, as well as occasional chunks of data in unpredictable formats. The developers want to construct a new data format and create custom tools to parse and process the data. The security administrator instead suggests that the developers:

A. Create a custom standard to define the data.

B. Use well formed standard compliant XML and strict schemas.

C. Only document the data format in the parsing application code.

D. Implement a de facto corporate standard for all analyzed data.

Answer: B



To know more about the CAS-002 dumps download, click here.

P.S. Easily pass CAS-002 Exam with 2passeasy Approved Dumps & pdf vce, Try Free: https://www.2passeasy.com/dumps/CAS-002/ (532 New Questions)