Proper study guides for Update CompTIA CompTIA Advanced Security Practitioner (CASP) certified begins with CompTIA CAS-002 preparation products which designed to deliver the Free CAS-002 questions by making you pass the CAS-002 test at your first time. Try the free CAS-002 demo right now.
2018 NEW RECOMMEND
Free VCE & PDF File for CompTIA CAS-002 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
P.S. Free CAS-002 testing software are available on Google Drive, GET MORE: https://drive.google.com/open?id=1LW12huDLg6jOYg9lhN_DwABm-ur1zaYh
New CompTIA CAS-002 Exam Dumps Collection (Question 2 – Question 11)
Question No: 2
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
D. What snapshot or u201cundou201d features are present in the application?
E. What encryption standards are used in remote desktop and file transfer functionality?
Question No: 3
A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).
A. Demonstration of IPS system
B. Review vendor selection process
C. Calculate the ALE for the event
D. Discussion of event timeline
E. Assigning of follow up items
Question No: 4
A security tester is testing a website and performs the following manual query: https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload: u201cORA-000001: SQL command not properly endedu201d
Which of the following is the response an example of?
B. Cross-site scripting
C. SQL injection
D. Privilege escalation
Question No: 5
A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but also be flexible enough to minimize overhead and support in regards to password resets and lockouts. Which of the following implementations would BEST meet the needs?
A. A partition-based software encryption product with a low-level boot protection and authentication
B. A container-based encryption product that allows the end users to select which files to encrypt
C. A full-disk hardware-based encryption product with a low-level boot protection and authentication
D. A file-based encryption product using profiles to target areas on the file system to encrypt
Question No: 6
A firmu2019s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the productu2019s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEOu2019s requirements?
A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.
B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.
Question No: 7
An administrator is implementing a new network-based storage device. In selecting a storage protocol, the administrator would like the data in transit's integrity to be the most important concern. Which of the following protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data?
Question No: 8
Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software from running on mobile devices?
A. Single sign-on
B. Identity propagation
C. Remote attestation
D. Secure code review
Question No: 9
A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:
A. an administrative control
B. dual control
C. separation of duties
D. least privilege
Question No: 10
Two universities are making their 802.11n wireless networks available to the other universityu2019s students. The infrastructure will pass the studentu2019s credentials back to the home school for authentication via the Internet.
The requirements are:
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A. The transport layer between the RADIUS servers should be secured
B. WPA Enterprise should be used to decrease the network overhead
C. The RADIUS servers should have local accounts for the visiting students
D. Students should be given certificates to use for authentication to the network
Question No: 11
A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).
P.S. Easily pass CAS-002 Exam with Examcollectionplus Free Dumps & pdf vce, Try Free: https://www.examcollectionplus.net/vce-CAS-002/ (532 New Questions)