Your success in CompTIA CAS-002 is our sole target and we develop all our CAS-002 braindumps in a way that facilitates the attainment of this target. Not only is our CAS-002 study material the best you can find, it is also the most detailed and the most updated. CAS-002 Practice Exams for CompTIA CASP CAS-002 are written to the highest standards of technical accuracy.

P.S. Realistic CAS-002 software are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 1 - Question 10)

New Questions 1

A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?

A. Software-based root of trust

B. Continuous chain of trust

C. Chain of trust with a hardware root of trust

D. Software-based trust anchor with no root of trust

Answer: C

New Questions 2

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).

A. Add guests with more memory to increase capacity of the infrastructure.

B. A backup is running on the thin clients at 9am every morning.

C. Install more memory in the thin clients to handle the increased load while booting.

D. Booting all the lab desktops at the same time is creating excessive I/O.

E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.

F. Install faster SSD drives in the storage system used in the infrastructure.

G. The lab desktops are saturating the network while booting.

H. The lab desktops are using more memory than is available to the host systems.

Answer: D,F

New Questions 3

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

A. Demonstration of IPS system

B. Review vendor selection process

C. Calculate the ALE for the event

D. Discussion of event timeline

E. Assigning of follow up items

Answer: D,E

New Questions 4

A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the companyu2019s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity?

A. RDP server

B. Client-based VPN

C. IPSec

D. Jump box


Answer: A

New Questions 5

A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?

A. Generate a one-time key as part of the device registration process.

B. Require SSL between the mobile application and the web services gateway.

C. The jsession cookie should be stored securely after authentication.

D. Authentication assertion should be stored securely on the client.

Answer:: D

New Questions 6

An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the

following formal documents?

A. Memorandum of Understanding

B. Information System Security Agreement

C. Interconnection Security Agreement

D. Interoperability Agreement

E. Operating Level Agreement

Answer: C

New Questions 7

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

A. During the Identification Phase

B. During the Lessons Learned phase

C. During the Containment Phase

D. During the Preparation Phase

Answer: B

New Questions 8

A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider?

A. Offload some data processing to a public cloud

B. Aligning their client intake with the resources available

C. Using a community cloud with adequate controls

D. Outsourcing the service to a third party cloud provider

Answer: C

New Questions 9

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

A. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options.

B. Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any u2018highu2019 or u2018criticalu2019 penetration test findings and put forward recommendations for mitigation.

C. Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.

D. Notify all customers about the threat to their hosted data. Bring the web servers down into u201cmaintenance modeu201d until the vulnerability can be reliably mitigated through a vendor patch.

Answer: A

New Questions 10

Which of the following describes a risk and mitigation associated with cloud data storage?

A. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest

B. Risk: Offsite replicationMitigation: Multi-site backups

C. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing

D. Risk: Combined data archivingMitigation: Two-factor administrator authentication

Answer: A

P.S. Easily pass CAS-002 Exam with Certleader Realistic Dumps & pdf vce, Try Free: (532 New Questions)