[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 51-60

Ensurepass

QUESTION 51

Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test?

 

A.

Test password complexity of all login fields and input validation of form fields

B.

Reverse engineering any thick client software that has been provided for the test

C.

Undertaking network-based denial of service attacks in production environment

D.

Attempting to perform blind SQL injection and reflected cross-site scripting attacks

E.

Running a vulnerability scanning tool to assess network and host weaknesses

 

Correct Answer: C

 

 

QUESTION 52

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

 

 

Correct Answer: E

 

 

QUESTION 53

An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?

 

A.

Ensure the SaaS provider supports dual factor authentication.

B.

Ensure the SaaS provider supports encrypted password transmission and storage.

C.

Ensure the SaaS provider supports secure hash file exchange.

D.

Ensure the SaaS provider supports role-based access control.

E.

Ensure the SaaS provider supports directory services federation.

A.

Replicate NAS changes to the tape backups at the other datacenter.

B.

Ensure each server has two HBAs connected through two routes to the NAS.

C.

Establish deduplication across diverse storage paths.

D.

Establish a SAN that replicates between datacenters.

 

Correct Answer: D

 

 

QUESTION 54

The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system?

 

A.

Virtualize the system and migrate it to a cloud provider.

B.

Segment the device on its own secure network.

C.

Install an antivirus and HIDS on the system.

D.

Hire developers to reduce vulnerabilities in the code.

 

Correct Answer: B

 

 

QUESTION 55

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

 

A.

Enable multipath to increase availability

B.

Enable deduplication on the storage pools

C.

Implement snapshots to reduce virtual disk size

D.

Implement replication to offsite datacenter

 

Correct Answer: B

 

 

QUESTION 56

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

 

A.

The malware file’s modify, access, change time properties.

B.

The timeline analysis of the file system.

C.

The time stamp of the malware in the swap file.

D.

The date/time stamp of the malware detection in the antivirus logs.

 

Correct Answer: B

 

 

 

 

 

 

 

QUESTION 57

An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems?

 

A.

Use the pass the hash technique

B.

Use rainbow tables to crack the passwords

C.

Use the existing access to change the password

D.

Use social engineering to obtain the actual password

 

Correct Answer: A

 

 

QUESTION 58

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

 

A.

Geographical regulation issues, loss of intellectual property and interoperability agreement issues

B.

Improper handling of client data, interoperability agreement issues and regulatory issues

C.

Cultural differences, increased cost of doing business and divestiture issues

D.

Improper handling of customer data, loss of intellectual property and reputation damage

 

Correct Answer: D

 

 

QUESTION 59

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

 

A.

Avoid

B.

Accept

C.

Mitigate

D.

Transfer

 

Correct Answer: C

 

 

QUESTION 60

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

 

A.

Physical penetration test of the datacenter to ensure there are appropriate controls.

B.

Penetration testing of the solution to ensure that the customer data is well protected.

C.

Security clauses are implemented into the contract such as the right to audit.

D.

Review of the organizations security policies, procedures and relevant hosting certifications.

E.

Code review of the solution to ensure that there are no back doors located in the software.< /font>

 

Correct Answer: CD

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-002 Exam Questions (December) and tagged , , , , , , . Bookmark the permalink.