Want to know Examcollection CAS-002 Exam practice test features? Want to lear more about CompTIA CompTIA Advanced Security Practitioner (CASP) certification experience? Study Realistic CompTIA CAS-002 answers to Improve CAS-002 questions at Examcollection. Gat a success with an absolute guarantee to pass CompTIA CAS-002 (CompTIA Advanced Security Practitioner (CASP)) test on your first attempt.
P.S. Realistic CAS-002 prep are available on Google Drive, GET MORE: https://drive.google.com/open?id=1ddthACQd1JGf0imm89GpLL8acwMLf-_e
New CompTIA CAS-002 Exam Dumps Collection (Question 16 - Question 22)
Question No: 16
A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution?
A. Application firewall and NIPS
B. Edge firewall and HIDS
C. ACLs and anti-virus
D. Host firewall and WAF
Answer: D
Question No: 17
An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?
A. Back office database
B. Asset tracking
C. Geo-fencing
D. Barcode scanner
Answer: C
Topic 3, Volume C
Question No: 18
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function
will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIOu2021s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?
A. The company should mitigate the risk.
B. The company should transfer the risk.
C. The company should avoid the risk.
D. The company should accept the risk.
Answer: B
Question No: 19
At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the companyu2021s statistical anomaly- based IDS about a company database administrator performing unusual transactions. At 10:55 a.m. the security administrator resets the database administratoru2021s password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?
A. The IDS logs are compromised.
B. The new password was compromised.
C. An input validation error has occurred.
D. A race condition has occurred.
Answer: D
Question No: 20
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZu2021s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?
A. Most of company XYZu2021s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.
B. The availability requirements in SLAs with each hosted customer would have to be re- written to account for the transfer of virtual machines between physical platforms for regular maintenance.
C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
D. Not all of company XYZu2021s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.
Answer: C
Question No: 21
A financial institution wants to reduce the costs associated with managing and
troubleshooting employeesu2021 desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task?
A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit.
B. Implement server virtualization and move the application from the desktop to the server.
C. Implement VDI and disable hardware and storage mapping from the thin client.
D. Move the critical applications to a private cloud and disable VPN and tunneling.
Answer: C
Question No: 22
Company XYZ has had repeated vulnerability exploits of a critical nature released to the companyu2021s flagship product. The product is used by a number of large customers. At the Chief Information Security Officeru2021s (CISOu2021s) request, the product manager now has to budget for a team of security consultants to introduce major product security improvements.
Here is a list of improvements in order of priority:
1. A noticeable improvement in security posture immediately.
2. Fundamental changes to resolve systemic issues as an ongoing process
3. Improvements should be strategic as opposed to tactical
4. Customer impact should be minimized
Which of the following recommendations is BEST for the CISO to put forward to the product manager?
A. Patch the known issues and provide the patch to customers. Make a company announcement to customers on the main website to reduce the perceived exposure of the application to alleviate customer concerns. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that any defects have been resolved.
B. Patch the known issues and provide the patch to customers. Engage penetration testers and code reviewers to perform an in-depth review of the product. Based on the findings, address the defects and re-test the findings to ensure that the defects have been resolved. Introduce periodic code review and penetration testing of the product in question and consider including all relevant future projects going forward.
A. C. Patch the known issues and provide the patch to customers. Implement an SSDLC / SDL overlay on top of the SDLC. Train architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases. Use the product as the primary focal point to close out issues and consider using the SSDLC / SDL overlay for all relevant future projects.
D. Stop active support of the product. Bring forward end-of-life dates for the product so that it can be decommissioned. Start a new project to develop a replacement product and ensure that an SSDLC / SDL overlay on top of the SDLC is formed. Train BAs, architects, designers, developers, testers and operators on security importance and ensure that security-relevant activities are performed within each of the SDLC phases.
Answer: C
Recommend!! Get the Realistic CAS-002 dumps in VCE and PDF From Certifytools, Welcome to download: https://www.certifytools.com/CAS-002-exam.html (New 532 Q&As Version)