Your success in CompTIA CAS-002 is our sole target and we develop all our CAS-002 braindumps in a way that facilitates the attainment of this target. Not only is our CAS-002 study material the best you can find, it is also the most detailed and the most updated. CAS-002 Practice Exams for CompTIA CASP CAS-002 are written to the highest standards of technical accuracy.

Q301. - (Topic 2) 

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system? 

A. Isolate the system on a secure network to limit its contact with other systems 

B. Implement an application layer firewall to protect the payroll system interface 

C. Monitor the system’s security log for unauthorized access to the payroll application 

D. Perform reconciliation of all payroll transactions on a daily basis 

Answer:


Q302. - (Topic 3) 

A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable? 

A. LUN masking 

B. Data injection 

C. Data fragmentation 

D. Moving the HBA 

Answer:


Q303. - (Topic 3) 

Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users? 

A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking. 

B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site. 

C. Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site. 

D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site. 

Answer:


Q304. - (Topic 3) 

Customer Need: 

“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.” 

Which of the following BEST restates the customer need? 

A. The system shall use a pseudo-random number generator seeded the same every time. 

B. The system shall generate a pseudo-random number upon invocation by the existing Java program. 

C. The system shall generate a truly random number based upon user PKI certificates. 

D. The system shall implement a pseudo-random number generator for use by corporate customers. 

Answer:


Q305. - (Topic 1) 

A company sales manager received a memo from the company’s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial department’s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble? 

A. Discuss the issue with the software product's user groups 

B. Consult the company’s legal department on practices and law 

C. Contact senior finance management and provide background information 

D. Seek industry outreach for software practices and law 

Answer:


Q306. - (Topic 2) 

A finance manager says that the company needs to ensure that the new system can “replay” data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the company’s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manager’s needs? 

A. Compliance standards 

B. User requirements 

C. Data elements 

D. Data storage 

E. Acceptance testing 

F. Information digest 

G. System requirements 

Answer:


Q307. - (Topic 3) 

An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents? 

A. Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities. 

B. Implement a peer code review requirement prior to releasing code into production. 

C. Follow secure coding practices to minimize the likelihood of creating vulnerable applications. 

D. Establish cross-functional planning and testing requirements for software development activities. 

Answer:


Q308. - (Topic 2) 

A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO). 

A. NIPS 

B. HSM 

C. HIPS 

D. NIDS 

E. WAF 

Answer: C,E 


Q309. - (Topic 5) 

The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager’s requirements, which of the following types of IPS products would be BEST suited for use in this situation? 

A. Signature-based 

B. Rate-based 

C. Anomaly-based 

D. Host-based 

Answer:


Q310. - (Topic 1) 

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management? 

A. Guest users could present a risk to the integrity of the company’s information 

B. Authenticated users could sponsor guest access that was previously approved by management 

C. Unauthenticated users could present a risk to the confidentiality of the company’s information 

D. Meeting owners could sponsor guest access if they have passed a background check 

Answer: