The professionals, which want to be experts of their fields and also have any wish to mount for the climax of their potential and good results, take part in distinct CompTIA certification exams. CompTIA CAS-002 exam is a comprehensive way to check the candidates knowledge and abilities inside a relevant discipline of function. CompTIA CAS-002 online practice exams are usually authentic certifications that will guarantee your current manager that you are usually highly skilled and competent. CompTIA CAS-002 practice exams incorporate all the questions and answers to help you throughout passing the true exam with higher marks. If you wish to be any triumphant in your range of function and be different via others, you ought to use the CompTIA CompTIA CAS-002 dumps guide. Getting CAS-002 on-line training may lay a solid foundation on your desired jobs.

2021 Mar CAS-002 testing engine

Q271. - (Topic 4) 

An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms? 

A. Benchmark each possible solution with the integrators existing client deployments. 

B. Develop testing criteria and evaluate each environment in-house. 

C. Run virtual test scenarios to validate the potential solutions. 

D. Use results from each vendor’s test labs to determine adherence to project requirements. 

Answer:


Q272. - (Topic 1) 

A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year? 

A. -45 percent 

B. 5.5 percent 

C. 45 percent 

D. 82 percent 

Answer:


Q273. - (Topic 5) 

A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The sales team is continuously contacting the security administrator to answer security questions posed by potential customers/clients. Which of the following is the BEST strategy to minimize the frequency of these requests? 

A. Request the major stakeholder hire a security liaison to assist the sales team with security-related questions. 

B. Train the sales team about basic security, and make them aware of the security policies and procedures of the company. 

C. The job description of the security administrator is to assist the sales team; thus the process should not be changed. 

D. Compile a list of the questions, develop an FAQ on the website, and train the sales team about basic security concepts. 

Answer:


Q274. - (Topic 2) 

A company Chief Information Officer (CIO) is unsure which set of standards should govern the company’s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO? 

A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company. 

B. Issue a policy that requires only the most stringent security standards be implemented throughout the company. 

C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company. 

D. Issue a RFI for vendors to determine which set of security standards is best for the company. 

Answer:


Q275. - (Topic 4) 

Which of the following BEST explains SAML? 

A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management. 

B. An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model. 

C. A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data. 

D. A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML. 

Answer:


Improve CAS-002 free exam:

Q276. - (Topic 2) 

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE). 

A. Check log files for logins from unauthorized IPs. 

B. Check /proc/kmem for fragmented memory segments. 

C. Check for unencrypted passwords in /etc/shadow. 

D. Check timestamps for files modified around time of compromise. 

E. Use lsof to determine files with future timestamps. 

F. Use gpg to encrypt compromised data files. 

G. Verify the MD5 checksum of system binaries. 

H. Use vmstat to look for excessive disk I/O. 

Answer: A,D,G 


Q277. - (Topic 2) 

A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period and consequently have the following requirements: 

Requirement 1 – Ensure their server infrastructure operating systems are at their latest patch levels 

Requirement 2 – Test the behavior between the application and database 

Requirement 3 – Ensure that customer data can not be exfiltrated Which of the following is the BEST solution to meet the above requirements? 

A. Penetration test, perform social engineering and run a vulnerability scanner 

B. Perform dynamic code analysis, penetration test and run a vulnerability scanner 

C. Conduct network analysis, dynamic code analysis, and static code analysis 

D. Run a protocol analyzer perform static code analysis and vulnerability assessment 

Answer:


Q278. - (Topic 4) 

A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered? 

A. During the product selection phase 

B. When testing the appliance 

C. When writing the RFP for the purchase process 

D. During the network traffic analysis phase 

Answer:


Q279. - (Topic 4) 

A business owner has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently implemented a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation? 

A. The business owner is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products. 

B. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete. 

C. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the business owner. 

D. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly. 

Answer:


Q280. - (Topic 4) 

A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business’ IT department. Both parties have agreed that the large business will retain 95% of the smaller business’ IT staff. Additionally, the larger business has a strong interest in specific processes that the smaller business has in place to handle its regional interests. Which of the following IT security related objectives should the small business’ IT staff consider reviewing during the integration process? (Select TWO). 

A. How the large business operational procedures are implemented. 

B. The memorandum of understanding between the two businesses. 

C. New regulatory compliance requirements. 

D. Service level agreements between the small and the large business. 

E. The initial request for proposal drafted during the merger. 

F. The business continuity plan in place at the small business. 

Answer: A,C