Abreast of the times CAS-002: Passleader real resource from 10 to 19
It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Certleader soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Abreast of the times CompTIA Advanced Security Practitioner (CASP) practice guides.
P.S. Real CAS-002 pdf are available on Google Drive, GET MORE: https://drive.google.com/open?id=1o83EG0ADisGFtGQxvx-BzUZbRUif5wko
New CompTIA CAS-002 Exam Dumps Collection (Question 10 - Question 19)
Question No: 10
A security manager has received the following email from the Chief Financial Officer (CFO):
u201cWhile I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?u201d
Based on the information provided, which of the following would be the MOST appropriate response to the CFO?
A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed.
B. Allow VNC access to corporate desktops from personal computers for the users working from home.
C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home.
D. Work with the executive management team to revise policies before allowing any remote access.
Question No: 11
A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be introduced into hospitals within the next 12 months. In order to ensure a competitor does not become aware, management at the medical device manufacturer has decided to keep it secret until formal contracts are signed. Which of the following documents is MOST likely to contain a description of the initial terms and arrangement and is not legally enforceable?
Question No: 12
Which of the following activities is commonly deemed u201cOUT OF SCOPEu201d when undertaking a penetration test?
A. Test password complexity of all login fields and input validation of form fields
B. Reverse engineering any thick client software that has been provided for the test
C. Undertaking network-based denial of service attacks in production environment
D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
E. Running a vulnerability scanning tool to assess network and host weaknesses
Question No: 13
Company A needs to export sensitive data from its financial system to company Bu2019s database, using company Bu2019s API in an automated manner. Company Au2019s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company Au2019s financial system and company Bu2019s destination server using the supplied API. Additionally, company Au2019s legacy financial software does not support encryption, while company Bu2019s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?
A. Company A must install an SSL tunneling software on the financial system.
B. Company Au2019s security administrator should use an HTTPS capable browser to transfer the data.
C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.
Question No: 14
A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?
A. Update company policies and procedures
B. Subscribe to security mailing lists
C. Implement security awareness training
A. D. Ensure that the organization vulnerability management plan is up-to-date
Question No: 15
Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?
A. B. Data snapshots
C. LUN masking
D. Storage multipaths
Question No: 16
A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller companyu2019s main applications were created in-house. Which of the following actions should the large companyu2019s security administrator take in preparation for the merger?
A. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed.
B. An ROI calculation should be performed to determine which company's application should be used.
C. A security assessment should be performed to establish the risks of integration or co- existence.
D. A regression test should be performed on the in-house software to determine security risks associated with the software.
Question No: 17
In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).
A. Provide free email software for personal devices.
B. Encrypt data in transit for remote access.
C. Require smart card authentication for all devices.
D. Implement NAC to limit insecure devices access.
E. Enable time of day restrictions for personal devices.
Question No: 18
ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?
Question No: 19
A small companyu2019s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the companyu2019s security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
A. Survey threat feeds from services inside the same industry.
B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
C. Conduct an internal audit against industry best practices to perform a qualitative analysis.
D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
Recommend!! Get the Real CAS-002 dumps in VCE and PDF From Examcollection, Welcome to download: http://www.examcollectionuk.com/CAS-002-vce-download.html (New 532 Q&As Version)