The CAS-002 exam may be the first and also necessary action to get your CompTIA CompTIA certification. The CAS-002 true exam tests a candidate?¡¥s capability and abilities in true implementation. You can take the CompTIA CAS-002 online course in order to prepare your CompTIA exam. You can in addition take a quiz before buy your CompTIA CompTIA products. Nonetheless, its hard for you in order to choose a new proper CompTIA CAS-002 training materials because of the several varieties associated with CompTIA CompTIA exam questions and answers within the market. We all are proud of the passing ratio. Its our honor and duty in order to offer anyone the best program. Customer assist is online at anytime, please get in touch with us and express your current questions or advice and suggestions. Your satisfaction is our perpetual objective.
2021 Dec CAS-002 free exam
Q291. - (Topic 4)
A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator’s concerns?
A. The SOAP header is not encrypted and allows intermediaries to view the header data. The body can be partially or completely encrypted.
B. The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.
C. The SOAP protocol can be easily tampered with, even though the header is encrypted.
D. The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.
Answer: A
Q292. - (Topic 5)
The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).
A. Web cameras
B. Email
C. Instant messaging
D. BYOD
E. Desktop sharing
F. Presence
Answer: C,E
Q293. - (Topic 5)
A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?
A. Outdated antivirus definitions
B. Insecure wireless
C. Infected USB device
D. SQL injection
Answer: C
Q294. - (Topic 2)
An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC.
Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).
A. Static and dynamic analysis is run as part of integration
B. Security standards and training is performed as part of the project
C. Daily stand-up meetings are held to ensure security requirements are understood
D. For each major iteration penetration testing is performed
E. Security requirements are story boarded and make it into the build
F. A security design is performed at the end of the requirements phase
Answer: A,D
Q295. - (Topic 4)
When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is necessary?
A. The user needs a non-repudiation data source in order for the application to generate the key pair.
B. The user is providing entropy so the application can use random data to create the key pair.
C. The user is providing a diffusion point to the application to aid in creating the key pair.
D. The application is requesting perfect forward secrecy from the user in order to create the key pair.
Answer: B
Up to the immediate present CAS-002 test:
Q296. DRAG DROP - (Topic 2)
IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.
Answer:
Q297. - (Topic 3)
A startup company offering software on demand has hired a security consultant to provide expertise on data security. The company’s clients are concerned about data confidentiality. The security consultant must design an environment with data confidentiality as the top priority, over availability and integrity. Which of the following designs is BEST suited for this purpose?
A. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store.
B. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store.
C. Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.
D. Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application.
Answer: C
Q298. - (Topic 4)
The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a junior security administrator to solve the issue. Which of the following is the BEST course of action for the junior security administrator to take?
A. Work with the department head to find an acceptable way to change the business needs so the department no longer violates the corporate security policy.
B. Draft an RFP for the purchase of a COTS product or consulting services to solve the problem through implementation of technical controls.
C. Work with the CISO and department head to create an SLA specifying the response times of the IT security department when incidents are reported.
D. Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behavior, and actions to be taken by both teams.
Answer: D
Q299. - (Topic 1)
Which of the following describes a risk and mitigation associated with cloud data storage?
A. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest
B. Risk: Offsite replicationMitigation: Multi-site backups
C. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing
D. Risk: Combined data archivingMitigation: Two-factor administrator authentication
Answer: A
Q300. - (Topic 3)
The security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. The security administrator is only able to find one year’s worth of email records on the server and is now concerned about the possible legal implications of not complying with the request. Which of the following should the security administrator check BEFORE responding to the request?
A. The company data privacy policies
B. The company backup logs and archives
C. The company data retention policies and guidelines
D. The company data retention procedures
Answer: B