♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: http://www.exam.com/CAS-002-dumps.html

Exam Code: CAS-002 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass CAS-002 Exam.

2017 Jan certainteed cas-002:

Q251. - (Topic 2) 

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following cases should the helpdesk staff use the new procedure? (Select THREE). 

A. During asset disposal 

B. While reviewing the risk assessment 

C. While deploying new assets 

D. Before asset repurposing 

E. After the media has been disposed of 

F. During the data classification process 

G. When installing new printers 

H. When media fails or is unusable 

Answer: A,D,H 

Q252. - (Topic 2) 

ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone? 

A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone. 

B. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s). 

C. Organize VM hosts into containers based on security zone and restrict access using an ACL. 

D. Require multi-factor authentication when accessing the console at the physical VM host. 


Q253. - (Topic 4) 

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE). 

A. Security of data storage 

B. The cost of the solution 

C. System availability 

D. User authentication strategy 

E. PBX integration of the service 

F. Operating system compatibility 

Answer: A,C,D 

Q254. - (Topic 5) 

An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server. 

Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline 

Archived Financial Data = No need for the database to be online. Low damage for integrity loss 

Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted 

Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server? 

A. Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)} 

B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)} 

C. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)} 

D. Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)} 


Q255. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 


Most recent comptia casp cas-002 pdf:

Q256. - (Topic 4) 

A general insurance company wants to set up a new online business. The requirements are that the solution needs to be: 

The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway. 

Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO). 

A. Implement WS-Security for services authentication and XACML for service authorization. 

B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database. 

C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users. 

D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users. 

E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest. 

F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage. 

Answer: A,F 

Q257. - (Topic 2) 

The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information? 

A. Review the flow data against each server’s baseline communications profile. 

B. Configure the server logs to collect unusual activity including failed logins and restarted services. 

C. Correlate data loss prevention logs for anomalous communications from the server. 

D. Setup a packet capture on the firewall to collect all of the server communications. 


Q258. - (Topic 4) 

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s 

provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: – - [02/Mar/2014:06:13:04] “GET /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724 

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer? 

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters. 

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side. 

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation. 

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced. 


Q259. - (Topic 5) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now? 

A. Agile 

B. Waterfall 

C. Scrum 

D. Spiral 


Q260. - (Topic 4) 

Which of the following BEST explains SAML? 

A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management. 

B. An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model. 

C. A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data. 

D. A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.