The CAS-002 exam may be the first and also necessary step to get the CompTIA CompTIA certification. The CAS-002 real exam tests a candidate?¡¥s capacity and expertise in real implementation. You can consider the CompTIA CAS-002 online course for you to prepare the CompTIA exam. You can in addition take a quiz prior to buy the CompTIA CompTIA products. Even so, its tough for you for you to choose a new proper CompTIA CAS-002 training materials due to the numerous varieties regarding CompTIA CompTIA exam questions and answers from the market. All of us are proud with the passing ratio. Its each of our honor and duty for you to offer you the best services. Customer help is online at anytime, please get in touch with us and express the questions or suggestions and suggestions. Your own satisfaction is each of our perpetual objective.

2021 Dec CAS-002 simulations

Q231. - (Topic 1) 

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). 

A. Physical penetration test of the datacenter to ensure there are appropriate controls. 

B. Penetration testing of the solution to ensure that the customer data is well protected. 

C. Security clauses are implemented into the contract such as the right to audit. 

D. Review of the organizations security policies, procedures and relevant hosting certifications. 

E. Code review of the solution to ensure that there are no back doors located in the software. 

Answer: C,D 


Q232. - (Topic 5) 

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company’s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations? 

A. Block in-bound connections to the company’s NTP servers. 

B. Block IPs making monlist requests. 

C. Disable the company’s NTP servers. 

D. Disable monlist on the company’s NTP servers. 

Answer:


Q233. - (Topic 1) 

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss? 

A. The company should mitigate the risk. 

B. The company should transfer the risk. 

C. The company should avoid the risk. 

D. The company should accept the risk. 

Answer:


Q234. - (Topic 2) 

Using SSL, an administrator wishes to secure public facing server farms in three subdomains: dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the following is the number of wildcard SSL certificates that should be purchased? 

A. 0 

B. 1 

C. 3 

D. 6 

Answer:


Q235. - (Topic 3) 

The VoIP administrator starts receiving reports that users are having problems placing phone calls. The VoIP administrator cannot determine the issue, and asks the security administrator for help. The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. Using a protocol analyzer, the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy. Based on the information given, which of the following types of attacks is underway and how can it be remediated? 

A. Man in the middle attack; install an IPS in front of SIP proxy. 

B. Man in the middle attack; use 802.1x to secure voice VLAN. 

C. Denial of Service; switch to more secure H.323 protocol. 

D. Denial of Service; use rate limiting to limit traffic. 

Answer:


Most recent CAS-002 exam cost:

Q236. - (Topic 1) 

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of: 

A. an administrative control 

B. dual control 

C. separation of duties 

D. least privilege 

E. collusion 

Answer:


Q237. - (Topic 5) 

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO). 

A. Demonstration of IPS system 

B. Review vendor selection process 

C. Calculate the ALE for the event 

D. Discussion of event timeline 

E. Assigning of follow up items 

Answer: D,E 


Q238. - (Topic 4) 

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE). 

A. Business or technical justification for not implementing the requirements. 

B. Risks associated with the inability to implement the requirements. 

C. Industry best practices with respect to the technical implementation of the current controls. 

D. All section of the policy that may justify non-implementation of the requirements. 

E. A revised DRP and COOP plan to the exception form. 

F. Internal procedures that may justify a budget submission to implement the new requirement. 

G. Current and planned controls to mitigate the risks. 

Answer: A,B,G 


Q239. - (Topic 1) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now? 

A. Agile 

B. Waterfall 

C. Scrum 

D. Spiral 

Answer:


Q240. - (Topic 5) 

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted? 

A. The company should develop an in-house solution and keep the algorithm a secret. 

B. The company should use the CEO’s encryption scheme. 

C. The company should use a mixture of both systems to meet minimum standards. 

D. The company should use the method recommended by other respected information security organizations. 

Answer: