[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 21-30

Ensurepass

QUESTION 21

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

 

A.

Business or technical justification for not implementing the requirements.

B.

Risks associated with the inability to implement the requirements.

C.

Industry best practices with respect to the technical implementation of the current controls.

D.

All sections of the policy that may justify non-implementation of the requirements.

E.

A revised DRP and COOP plan to the exception form.

F.

Internal procedures that may justify a budget submission to implement the new requirement.

G.

Current and planned controls to mitigate the risks.

 

Correct Answer: ABG

 

 

QUESTION 22

A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM.

 

Requirement 1: The system shall provide confidentiality for data in transit and data at rest.

Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.

Requirement 3: The system shall implement a file-level encryption scheme.

Requirement 4: The system shall provide integrity for all data at rest.

Requirement 5: The system shall perform CRC checks on all files.

 

A.

Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

B.

Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4

C.

Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2

D.

Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5

 

Correct Answer: B

 

 

QUESTION 23

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

 

A.

Facilities management

B.

Human resources

C.

Research and development

D.

Programming

E.

Data center operations

F.

Marketing

G.

Information technology

 

Correct Answer: AEG

 

 

 

 

 

QUESTION 24

A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?

 

A.

SSL certificate revocation

B.

SSL certificate pinning

C.

Mobile device root-kit detection

D.

Extended Validation certificates

 

Correct Answer: B

 

 

QUESTION 25

A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:

 

clip_image002Customers to upload their log files to the “big data” platform

clip_image002[1]Customers to perform remote log search

clip_image002[2]Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or discovery

 

Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).

 

A.

Secure storage and transmission of API keys

B.

Secure protocols for transmission of log files and search results

C.

At least two years retention of log files in case of e-discovery requests

D.

Multi-tenancy with RBAC support

E.

Sanitizing filters to prevent upload of sensitive log file contents

F.

Encryption of logical volumes on which the customers’ log files reside

 

Correct Answer: ABD

 

 

QUESTION 26

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

 

A.

The user’s certificate private key must be installed on the VPN concentrator.

B.

The CA’s certificate private key must be installed on the VPN concentrator.

C.

The user certificate private key must be signed by the CA.

D.

The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator.

E.

The VPN concentrator’s certificate private key must be installed on the VPN concentrator.

F.

The CA’s certificate public key must be installed on the VPN concentrator.

 

Correct Answer: EF

QUESTION 27

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?

 

A.

The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP.

B.

The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP.

C.

The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.

D.

The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP.

 

Correct Answer: C

 

 

QUESTION 28

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

 

A.

PING

B.

NESSUS

C.

NSLOOKUP

D.

NMAP

 

Correct Answer: D

 

 

QUESTION 29

A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

 

A.

Client side input validation

B.

Stored procedure

C.

Encrypting credit card details

D.

Regular expression matching

 

Correct Answer: D

 

 

 

 

 

 

QUESTION 30

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).

 

A.

Availability

B.

Authentication

C.

Integrity

D.

Confidentiality

E.

Encryption

 

Correct Answer: BC

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in Uncategorized. Bookmark the permalink.