we provide Validated CompTIA CAS-002 actual exam which are the best for clearing CAS-002 test, and to get certified by CompTIA CompTIA Advanced Security Practitioner (CASP). The CAS-002 Questions & Answers covers all the knowledge points of the real CAS-002 exam. Crack your CompTIA CAS-002 Exam with latest dumps, guaranteed!

P.S. Validated CAS-002 courses are available on Google Drive, GET MORE: https://drive.google.com/open?id=1ddthACQd1JGf0imm89GpLL8acwMLf-_e


New CompTIA CAS-002 Exam Dumps Collection (Question 9 - Question 18)

Question No: 9

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

A. Ensure web services hosting the event use TCP cookies and deny_hosts.

B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

C. Contract and configure scrubbing services with third-party DDoS mitigation providers.

D. Purchase additional bandwidth from the companyu2019s Internet service provider.

Answer: C


Question No: 10

An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?

A. Replicate NAS changes to the tape backups at the other datacenter.

B. Ensure each server has two HBAs connected through two routes to the NAS.

C. Establish deduplication across diverse storage paths.

D. Establish a SAN that replicates between datacenters.

Answer: D


Question No: 11

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement?

A. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's email account.

B. Perform an e-discover using the applicable search terms. Next, back up the user's email for a future investigation.

C. Place a legal hold on the user's email account. Next, perform e-discovery searches to collect applicable emails.

D. Perform a back up of the user's email account. Next, export the applicable emails that match the search terms.

Answer: C


Question No: 12

A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the

shortest time period?

A. Online password testing

B. Rainbow tables attack

C. Dictionary attack

D. Brute force attack

Answer: B


Question No: 13

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.

The information security team has been a part of the department meetings and come away with the following notes:

-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.

-Sales is asking for easy order tracking to facilitate feedback to customers.

-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.

-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.

-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.

The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and data encryption.

Which of the following departmentsu2019 request is in contrast to the favored solution?

A. Manufacturing

B. Legal

C. Sales

D. Quality assurance

E. Human resources

Answer: E


Question No: 14

An administrator is implementing a new network-based storage device. In selecting a storage protocol, the administrator would like the data in transit's integrity to be the most important concern. Which of the following protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data?

A. SMB

B. NFS

C. FCoE

D. iSCSI

Answer: A


Question No: 15

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applicationsu2019 compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted?

A. Establish the security control baseline

B. Build the application according to software development security standards

C. Review the results of user acceptance testing

D. Consult with the stakeholders to determine which standards can be omitted

Answer: A


Question No: 16

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victimu2019s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A. Integer overflow

B. Click-jacking

C. Race condition

D. SQL injection

E. Use after free

F. Input validation

Answer: E


Question No: 17

Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZu2019s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory

requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?

A. Most of company XYZu2019s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.

B. The availability requirements in SLAs with each hosted customer would have to be re- written to account for the transfer of virtual machines between physical platforms for regular maintenance.

C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.

D. Not all of company XYZu2019s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.

Answer: C


Question No: 18

select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson

Which of the following types of attacks is the user attempting?

A. XML injection

B. Command injection

C. Cross-site scripting

D. SQL injection

Answer: D



To know more about the CAS-002 dumps download, click here.

100% Up to date CompTIA CAS-002 Questions & Answers shared by Examcollection, Get HERE: http://www.examcollectionuk.com/CAS-002-vce-download.html (New 450 Q&As)