For any limited time only, choose the 100 % pair of CompTIA CAS-002 test study components, plus help save 10% against your invest in. Reinvest that money in you triumph dance, once you become the future CompTIA qualification via driving the CAS-002 test. Although you may know of other CAS-002 study components, only Ucertify offers you the CAS-002 study components which will help you easily keep the practical experience you will have to correctly launch your job during the Them business.
2021 Mar CAS-002 exam price
Q151. - (Topic 5)
A network administrator with a company’s NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company’s physical security, which of the following can the network administrator use to scan and detect the presence of a malicious actor physically accessing the company’s network or information systems from within? (Select TWO).
A. RAS
B. Vulnerability scanner
C. HTTP intercept
D. HIDS
E. Port scanner
F. Protocol analyzer
Answer: D,E
Q152. - (Topic 4)
A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?
A. During the product selection phase
B. When testing the appliance
C. When writing the RFP for the purchase process
D. During the network traffic analysis phase
Answer: B
Q153. - (Topic 5)
A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger computational overheads. Browser compatibility is not a concern; however system performance is. Which of the following, when implemented, would BEST meet the engineer’s requirements?
A. DHE
B. ECDHE
C. AES128-SHA
D. DH
Answer: B
Q154. - (Topic 3)
Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).
A. File level transfer of data
B. Zoning and LUN security
C. Block level transfer of data
D. Multipath
E. Broadcast storms
F. File level encryption
G. Latency
Answer: A,E,G
Q155. - (Topic 5)
An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).
A. LDAP/S
B. SAML
C. NTLM
D. OAUTH
E. Kerberos
Answer: B,E
Replace CAS-002 book:
Q156. - (Topic 5)
A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
A. Survey threat feeds from analysts inside the same industry.
B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
C. Conduct an internal audit against industry best practices to perform a gap analysis.
D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
Answer: A
Q157. - (Topic 1)
The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?
A. HIPS
B. UTM
C. Antivirus
D. NIPS
E. DLP
Answer: A
Q158. - (Topic 2)
A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?
A. A separate physical interface placed on a private VLAN should be configured for live host operations.
B. Database record encryption should be used when storing sensitive information on virtual servers.
C. Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data.
D. Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network.
Answer: A
Q159. - (Topic 5)
An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).
A. Facilities management
B. Human resources
C. Research and development
D. Programming
E. Data center operations
F. Marketing
G. Information technology
Answer: A,E,G
Q160. - (Topic 5)
A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:
A. An administrative control
B. Dual control
C. Separation of duties
D. Least privilege
E. Collusion
Answer: C