[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 11-20

Ensurepass

QUESTION 11

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?

 

A.

Social media is an effective solution because it is easily adaptable to new situations.

B.

Social media is an ineffective solution because the policy may not align with the business.

C.

Social media is an effective solution because it implements SSL encryption.

D.

Social media is an ineffective solution because it is not primarily intended for business applications.

 

Correct Answer: B

 

 

QUESTION 12

An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

 

A.

Review switch and router configurations

B.

Review the security policies and standards

C.

Perform a network penetration test

D.

Review the firewall rule set and IPS logs

 

Correct Answer: B

 

 

QUESTION 13

A new piece of ransomware got install
ed on a company’s backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the deduplication data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern?

 

A.

Determining how to install HIPS across all server platforms to prevent future incidents

B.

Preventing the ransomware from re-infecting the server upon restore

C.

Validating the integrity of the deduplicated data

D.

Restoring the data will be difficult without the application configuration

 

Correct Answer: D

 

 

QUESTION 14

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appr
opriately address Joe’s concerns?

 

A.

Ensure web services hosting the event use TCP cookies and deny_hosts.

B.

Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

C.

Contract and configure scrubbing services with third-party DDoS mitigation providers.

D.

Purchase additional bandwidth from the company’s Internet service provider.

 

Correct Answer: C

 

 

QUESTION 15

Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the secu
rity architect?

 

A.

Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.

B.

The availability requirements in SLAs with each hosted customer would have to be re- written to account for the transfer of virtual machines between physical platforms for regular maintenance.

C.

Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.

D.

Not all of company XYZ’s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.

 

Correct Answer: C

 

 

QUESTION 16

The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users’ workstations from both known and unknown malicious attacks when conne
cted to either the office or home network. Which of the following would BEST meet this requirement?

 

A.

HIPS

B.

UTM

C.

Antivirus

D.

NIPS

E.

DLP

 

Correct Answer: A

 

 

QUESTION 17

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).

 

A.

LDAP/S

B.

SAML

C.

NTLM

D.

OAUTH

E.

Kerberos

 

Correct Answer: BE

 

 

QUESTION 18

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:

 

10.235.62.11 — [02/Mar/2014:06:13:04] “GET/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724

 

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

A.

The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.

B.

The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.

C.

The security administrator is concerned with SQL injection, and the developer should implement server side input validation.

D.

The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

 

Correct Answer: C

 

 

QUESTION 19

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

 

A.

During the Identification Phase

B.

During the Lessons Learned phase

C.

During the Containment Phase

D.

During the Preparation Phase

 

Correct Answer: B

 

 

QUESTION 20

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?

 

A.

They should logon to the system using the username concatenated with the 6-digit code and their original password.

B.

They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.

C.

They should use the username format: LANfirst.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.

D.

They should use the username format: first.lastname@company.com, together with a password and their 6-digit code.

 


Correct Answer: D

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in Uncategorized. Bookmark the permalink.