Exambible CAS-002 Questions are updated and all CAS-002 answers are verified by experts. Once you have completely prepared with our CAS-002 exam prep kits you will be ready for the real CAS-002 exam without a problem. We have Update CompTIA CAS-002 dumps study guide. PASSED CAS-002 First attempt! Here What I Did.
Q31. - (Topic 2)
An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements?
A. Implementing federated network access with the third party.
B. Using a HSM at the network perimeter to handle network device access.
C. Using a VPN concentrator which supports dual factor via hardware tokens.
D. Implementing 802.1x with EAP-TTLS across the infrastructure.
Answer: D
Q32. - (Topic 1)
During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?
A. Implement an IPS to block the application on the network
B. Implement the remote application out to the rest of the servers
C. Implement SSL VPN with SAML standards for federation
D. Implement an ACL on the firewall with NAT for remote access
Answer: C
Q33. - (Topic 2)
A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN’s no other security action was taken.
To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?
A. Residual Risk calculation
B. A cost/benefit analysis
C. Quantitative Risk Analysis
D. Qualitative Risk Analysis
Answer: C
Q34. - (Topic 1)
An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).
A. LDAP/S
B. SAML
C. NTLM
D. OAUTH
E. Kerberos
Answer: B,E
Q35. - (Topic 4)
A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner?
A. The security administrator should consider deploying a signature-based intrusion detection system.
B. The security administrator should consider deploying enterprise forensic analysis tools.
C. The security administrator should consider installing a cloud augmented security service.
D. The security administrator should consider establishing an incident response team.
Answer: C
Q36. - (Topic 1)
Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test?
A. Test password complexity of all login fields and input validation of form fields
B. Reverse engineering any thick client software that has been provided for the test
C. Undertaking network-based denial of service attacks in production environment
D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
E. Running a vulnerability scanning tool to assess network and host weaknesses
Answer: C
Q37. - (Topic 3)
The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection?
Linux Server: 192.168.10.10/24
Mac Laptop: 192.168.10.200/24
A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.
C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to
127.0.0.1.
Answer: D
Q38. - (Topic 2)
A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system’s SLE?
A. $2,000
B. $8,000
C. $12,000
D. $32,000
Answer: B
Q39. - (Topic 4)
Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks?
A. Create a DMZ to isolate the two companies and provide a security inspection point for all inter-company network traffic.
B. Determine the necessary data flows between the two companies.
C. Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.
D. Implement inline NIPS on the connection points between the two companies.
Answer: B
Q40. CORRECT TEXT - (Topic 3)
Answer: 192.18.1.0/24 any 192.168.20.0/24 3389 any