[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 291-300

Ensurepass

QUESTION 291

A financial institution wants to reduce the costs associated with managing and troubleshooting employees’ desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task?

 

A.

Implement desktop virtualization and encrypt all sensitive data at rest and in transit.

B.

Implement server virtualization and move the application from the desktop to the server.

C.

Implement VDI and disable hardware and storage mapping from the thin client.

D.

Move the critical applications to a private cloud and disable VPN and tunneling.

 

Correct Answer: C

 

 

QUESTION 292

A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company’s security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches?

 

A.

Reload all user laptops with full disk encryption software immediately.

B.

Implement full disk encryption on all storage devices the firm owns.

C.

Implement new continuous monitoring procedures.

D.

Implement an open source system which allows data to be encrypted while processed.

 

Correct Answer: B

 

 

QUESTION 293

A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO’s business decision?

 

A.

Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.

B.

Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

C.

Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization’s flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.

D.

Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

 

Correct Answer: D

 

 

QUESTION 294

Customer Need:

 

“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.”

 

Which of the following BEST restates the customer need?

 

A.

The system shall use a pseudo-random number generator seeded the same every time.

B.

The system shall generate a pseudo-random number upon invocation by the existing Java program.

C.

The system shall generate a truly random number based upon user PKI certificates.

D.

The system shall implement a pseudo-random number generator for use by corporate customers.

 

Correct Answer: B

 

 

QUESTION 295

The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?

 

A.

Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.

B.

Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.

C.

Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.

D.

Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.

 

Correct Answer: B

 

 

QUESTION 296

A database administrator comes across the below records in one of the databases during an internal audit of the payment system:

 

UserIDAddressCredit Card No.Password

 

jsmith123 fake street55XX-XXX-XXXX-1397Password100

 

jqdoe234 fake street42XX-XXX-XXXX-202717DEC12

 

From a security perspective, which of the following should be the administrator’s GREATEST concern, and what will correct the concern?

 

A.

Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password.

B.

Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive account information. Correction: Require user IDs to be more complex by using alphanumeric characters and hash the UserIDs.

C.

Concern: User IDs are confidential private information. Correction: Require encryption of user IDs.

D.

Concern: More than four digits within a credit card number are stored. Correction: Only store the last four digits of a credit card to protect sensitive financial information.

 

Correct Answer: A

 

 

QUESTION 297

About twice a year a switch fails in a company’s network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year. Which of the following is true in this scenario?

 

A.

It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure.

B.

It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract.

C.

It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage.

D.

It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract.

 

Correct Answer: D

 

 

QUESTION 298

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?

 

A.

Construct a library of re-usable security patterns

B.

Construct a security control library

C.

Introduce an ESA framework

D.

Include SRTM in the SDLC

 

Correct Answer: C

 

 

 

 

 

 

 

 

 

 

 

QUESTION 299

CORRECT TEXT

The IDS has detected abnormal behavior on this network Click on the networ
k devices to view device information Based on this information, the following tasks need to be completed:

 

1. Select the server that is a victim of a SQL injection attack.

2. Select the source of the buffer overflow attack.

3. Modify the access control list (ACL) on the router(s) to ONLY block the buffer overflow attack.

 

Instructions:

Simulations can be reset at any time to the initial state: however, all selections will be deleted.

 

clip_image002

clip_image004

clip_image006

 

Correct Answer:

Follow the Steps as:

1. Click on the server and find the SQL Server then Note the ip address of the server.

2. Click on the host machine and find the attacker then note the ip adddress of the host.

3. Check the host machine ip address in router ac source field and SQL Server ip in destination field and check the deny and unchek the permit.

 

Explanation:

First, we need to determine the source of the attack and the victim. View the IDS logs to determine this information. Although SIMs may vary, one example clearly shows the source of the attack as the 10.2.0.50 host and the victim is Server D.

To block only this traffic we need to modify the following rule on router 2 only:

Source address = 10.2.0.50

Destination address = 192.168.1.0/24

Deny box should be checked.

QUESTION 300

If a technician must take an employee’s workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?

 

A.

A formal letter from the company’s president approving the seizure of the workstation.

B.

A formal training and awareness program on information security for all company managers.

C.

A screen displayed at log in that informs users of the employer’s rights to seize, search, and monitor company devices.

D.

A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-002 Exam Questions (December) and tagged , , , , , , . Bookmark the permalink.