Want to know Pass4sure CAS-002 Exam practice test features? Want to lear more about CompTIA CompTIA Advanced Security Practitioner (CASP) certification experience? Study High quality CompTIA CAS-002 answers to Far out CAS-002 questions at Pass4sure. Gat a success with an absolute guarantee to pass CompTIA CAS-002 (CompTIA Advanced Security Practitioner (CASP)) test on your first attempt.
2021 Dec CAS-002 torrent
Q161. - (Topic 3)
Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.
Which of the following is the MOST important to be considered before going ahead with the service?
A. Internal auditors have approved the outsourcing arrangement.
B. Penetration testing can be performed on the externally facing web system.
C. Ensure there are security controls within the contract and the right to audit.
D. A physical site audit is performed on Company XYZ’s management / operation.
Answer: C
Q162. - (Topic 4)
In developing a new computing lifecycle process for a large corporation, the security team is developing the process for decommissioning computing equipment. In order to reduce the potential for data leakage, which of the following should the team consider? (Select TWO).
A. Erase all files on drive
B. Install of standard image
C. Remove and hold all drives
D. Physical destruction
E. Drive wipe
Answer: D,E
Q163. - (Topic 3)
A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).
A. Password Policy
B. Data Classification Policy
C. Wireless Access Procedure
D. VPN Policy
E. Database Administrative Procedure
Answer: A,B
Q164. - (Topic 1)
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?
A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties
Answer: B
Q165. - (Topic 4)
Company XYZ recently acquired a manufacturing plant from Company ABC which uses a different manufacturing ICS platform. Company XYZ has strict ICS security regulations while Company ABC does not. Which of the following approaches would the network security administrator for Company XYZ MOST likely proceed with to integrate the new manufacturing plant?
A. Conduct a network vulnerability assessment of acquired plant ICS platform and correct all identified flaws during integration.
B. Convert the acquired plant ICS platform to the Company XYZ standard ICS platform solely to eliminate potential regulatory conflicts.
C. Conduct a risk assessment of the acquired plant ICS platform and implement any necessary or required controls during integration.
D. Require Company ABC to bring their ICS platform into regulatory compliance prior to integrating the new plant into Company XYZ’s network.
Answer: C
Regenerate CAS-002 latest exam:
Q166. - (Topic 5)
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).
A. Block traffic from the ISP’s networks destined for blacklisted IPs.
B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network.
D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
E. Notify customers when services they run are involved in an attack.
Answer: C,E
Q167. - (Topic 4)
A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?
A. The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses.
B. The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses.
C. The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses.
D. The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses.
Answer: A
Q168. - (Topic 3)
A network administrator notices a security intrusion on the web server. Which of the following is noticed by http://test.com/modules.php?op=modload&name=XForum&file=[hostilejavascript]&fid=2 in the log file?
A. Buffer overflow
B. Click jacking
C. SQL injection
D. XSS attack
Answer: D
Q169. - (Topic 3)
The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?
A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.
B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.
C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.
D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.
Answer: B
Q170. - (Topic 2)
The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has grown exponentially. Analysis of these trends would seem to suggest which of the following strategies should be employed?
A. Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should increase substantially.
B. Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should increase substantially.
C. Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase by 100%.
D. Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections should remain steady.
Answer: B