★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Certleader soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Replace CompTIA Advanced Security Practitioner (CASP) practice guides.
P.S. Actual CAS-002 torrent are available on Google Drive, GET MORE: https://drive.google.com/open?id=1o83EG0ADisGFtGQxvx-BzUZbRUif5wko
New CompTIA CAS-002 Exam Dumps Collection (Question 7 - Question 16)
Q1. An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?
A. Interconnection Security Agreement
B. Memorandum of Understanding
C. Business Partnership Agreement
D. Non-Disclosure Agreement
Q2. ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone?
A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone.
B. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s).
C. Organize VM hosts into containers based on security zone and restrict access using an ACL.
D. Require multi-factor authentication when accessing the console at the physical VM host.
Q3. Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.
Which of the following is the MOST important to be considered before going ahead with the service?
A. Internal auditors have approved the outsourcing arrangement.
B. Penetration testing can be performed on the externally facing web system.
C. Ensure there are security controls within the contract and the right to audit.
D. A physical site audit is performed on Company XYZu2019s management / operation.
Q4. Company A has a remote work force that often includes independent contractors and out of state full time employees.
Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals:
Which of the following solutions should the security engineer recommend to meet the MOST goals?
A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.
B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.
C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.
D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server
A. Gateway, use remote installation services to standardize application on useru2019s laptops.
Q5. A finance manager says that the company needs to ensure that the new system can u201creplayu201d data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the companyu2019s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manageru2019s needs?
A. Compliance standards
B. User requirements
C. Data elements
D. Data storage
E. Acceptance testing
F. Information digest
G. System requirements
Q6. A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?
A. Government regulation
B. Industry standard
C. Company guideline
D. Company policy
Q7. In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).
A. Correctly assert the identity and authorization credentials of the end user.
B. Correctly assert the authentication and authorization credentials of the end user.
C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use.
D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use.
A. E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use.
F. Correctly assert the identity and authentication credentials of the end user.
Topic 4, Volume D
Q8. The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a junior security administrator to solve the issue. Which of the following is the BEST course of action for the junior security administrator to take?
A. Work with the department head to find an acceptable way to change the business needs so the department no longer violates the corporate security policy.
B. Draft an RFP for the purchase of a COTS product or consulting services to solve the problem through implementation of technical controls.
C. Work with the CISO and department head to create an SLA specifying the response times of the IT security department when incidents are reported.
D. Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behavior, and actions to be taken by both teams.
Q9. After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the
requirements needed by the firm. Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms?
A. A T&M contract
B. An RFP
C. A FFP agreement
D. A new RFQ
Q10. CORRECT TEXTThe IDS has detected abnormal behavior on this network. Click on the network devices to view device information. Based on this information, the following tasks should be completed:
1. Select the server that is a victim of a cross-site scripting (XSS) attack. 2 Select the source of the brute force password attack.
3. Modify the access control list (ACL) on the router(s) to ONLY block the XSS attack.
Instructions: Simulations can be reset at anytime to the initial state: however, all selections will be deleted
Answer: Please review following steps:
Click to learn more regarding http://www.exam4collection.com/vce/CAS-002/
P.S. Easily pass CAS-002 Exam with Examcollection Actual Dumps & pdf vce, Try Free: http://www.examcollectionuk.com/CAS-002-vce-download.html (532 New Questions)