We provide real CAS-002 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA CAS-002 Exam quickly & easily. The CAS-002 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA CAS-002 dumps pdf and vce product and material, you can easily pass the CAS-002 exam.
Q161. - (Topic 4)
An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO’s objectives?
A. CoBIT
B. UCF
C. ISO 27002
D. eGRC
Answer: D
Q162. - (Topic 2)
In a situation where data is to be recovered from an attacker’s location, which of the following are the FIRST things to capture? (Select TWO).
A. Removable media
B. Passwords written on scrap paper
C. Snapshots of data on the monitor
D. Documents on the printer
E. Volatile system memory
F. System hard drive
Answer: C,E
Q163. - (Topic 3)
Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?
A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.
B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.
C. Provide sales staff with a separate laptop with no administrator access just for sales visits.
D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.
Answer: A
Q164. - (Topic 4)
A business owner has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently implemented a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation?
A. The business owner is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products.
B. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete.
C. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the business owner.
D. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly.
Answer: D
Q165. - (Topic 4)
A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).
A. An authorized administrator has logged into the root account remotely.
B. The administrator should disable remote root logins.
C. Isolate the system immediately and begin forensic analysis on the host.
D. A remote attacker has compromised the root account using a buffer overflow in sshd.
E. A remote attacker has guessed the root password using a dictionary attack.
F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
G. A remote attacker has compromised the private key of the root account.
H. Change the root password immediately to a password not found in a dictionary.
Answer: C,E
Q166. - (Topic 2)
A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this?
A. Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables.
B. Allow the security engineering team to do application development so they understand why it takes so long.
C. Allow the application developers to attend a sales conference so they understand how business is done.
D. Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle.
Answer: A
Q167. - (Topic 3)
A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
B. Create an IP camera network and only allow SSL access to the cameras.
C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
D. Create an IP camera network and restrict access to cameras from a single management host.
Answer: C
Q168. - (Topic 3)
A financial institution wants to reduce the costs associated with managing and troubleshooting employees’ desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task?
A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit.
B. Implement server virtualization and move the application from the desktop to the server.
C. Implement VDI and disable hardware and storage mapping from the thin client.
D. Move the critical applications to a private cloud and disable VPN and tunneling.
Answer: C
Q169. - (Topic 2)
An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package?
A. 1
B. 2
C. 3
D. 4
Answer: D
Q170. - (Topic 3)
A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company’s security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches?
A. Reload all user laptops with full disk encryption software immediately.
B. Implement full disk encryption on all storage devices the firm owns.
C. Implement new continuous monitoring procedures.
D. Implement an open source system which allows data to be encrypted while processed.
Answer: B