CAS-002 Exam
Top CompTIA CAS-002 dumps Choices
Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Regenerate CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.
P.S. Exact CAS-002 training tools are available on Google Drive, GET MORE: https://drive.google.com/open?id=1MWxVvRqKw5P-3mL6Zi7QlXk_26ObOJ_y
New CompTIA CAS-002 Exam Dumps Collection (Question 15 - Question 24)
Question No: 15
A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?
A. Isolate the system on a secure network to limit its contact with other systems
B. Implement an application layer firewall to protect the payroll system interface
C. Monitor the systemu2021s security log for unauthorized access to the payroll application
D. Perform reconciliation of all payroll transactions on a daily basis
Answer: A
Question No: 16
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization
$10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
A. $0
B. $7,500 C. $10,000 D. $12,500 E. $15,000
Answer: B
Question No: 17
The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?
A. HIPS
B. UTM
C. Antivirus
D. NIPS
E. DLP
Answer: A
Question No: 18
The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following cases should the helpdesk staff use the new procedure? (Select THREE).
A. During asset disposal
B. While reviewing the risk assessment
C. While deploying new assets
D. Before asset repurposing
E. After the media has been disposed of
F. During the data classification process
G. When installing new printers
H. When media fails or is unusable
Answer: A,D,H
Question No: 19
Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software from running on mobile devices?
A. Single sign-on
B. Identity propagation
C. Remote attestation
D. Secure code review
Answer: C
Question No: 20
The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).
A. SIMu2021s PIN
B. Remote wiping
C. Chargeback system
D. MDM software
E. Presence software
F. Email profiles
A. G. Identity attestation
H. GPS tracking
Answer: B,D,G
Question No: 21
A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the companyu2021s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity?
A. RDP server
B. Client-based VPN
C. IPSec
D. Jump box
E. SSL VPN
Answer: A
Question No: 22
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victimu2021s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?
A. Integer overflow
B. Click-jacking
C. Race condition
D. SQL injection
E. Use after free
F. Input validation
Answer: E
Question No: 23
Which of the following describes a risk and mitigation associated with cloud data storage?
A. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest
B. Risk: Offsite replicationMitigation: Multi-site backups
C. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing
D. Risk: Combined data archivingMitigation: Two-factor administrator authentication
Answer: A
Question No: 24
News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective
solution to protect against unrecognized malware infections?
A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
B. Implement an application whitelist at all levels of the organization.
C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
Answer: B
Recommend!! Get the Exact CAS-002 dumps in VCE and PDF From Thedumpscentre, Welcome to download: http://www.thedumpscentre.com/CAS-002-dumps/ (New 450 Q&As Version)