Our pass rate is high to 98.9% and the similarity percentage between our CAS-002 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA CAS-002 exam in just one try? I am currently studying for the CompTIA CAS-002 exam. Latest CompTIA CAS-002 Test exam practice questions and answers, Try CompTIA CAS-002 Brain Dumps First.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/CAS-002-exam-dumps.html

Q241. - (Topic 2) 

A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company’s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity? 

A. RDP server 

B. Client-based VPN 

C. IPSec 

D. Jump box 

E. SSL VPN 

Answer:


Q242. - (Topic 2) 

The following has been discovered in an internally developed application: 

Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; 

printf(“Welcome to: %sn”, myBuffer); 

exit(0); 

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO). 

A. Static code analysis 

B. Memory dumping 

C. Manual code review 

D. Application sandboxing 

E. Penetration testing 

F. Black box testing 

Answer: A,C 


Q243. - (Topic 2) 

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems? 

A. Require each Company XYZ employee to use an IPSec connection to the required systems 

B. Require Company XYZ employees to establish an encrypted VDI session to the required systems 

C. Require Company ABC employees to use two-factor authentication on the required systems 

D. Require a site-to-site VPN for intercompany communications 

Answer:


Q244. - (Topic 1) 

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53? 

A. PING 

B. NESSUS 

C. NSLOOKUP 

D. NMAP 

Answer:


Q245. - (Topic 5) 

A security administrator was doing a packet capture and noticed a system communicating with an address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action? 

A. Investigate the network traffic and block UDP port 3544 at the firewall 

B. Remove the system from the network and disable IPv6 at the router 

C. Locate and remove the unauthorized 6to4 relay from the network 

D. Disable the switch port and block the 2001::/32 traffic at the firewall 

Answer:


Q246. - (Topic 1) 

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). 

A. Block traffic from the ISP’s networks destined for blacklisted IPs. 

B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP. 

C. Scan the ISP’s customer networks using an up-to-date vulnerability scanner. 

D. Notify customers when services they run are involved in an attack. 

E. Block traffic with an IP source not allocated to customers from exiting the ISP's network. 

Answer: D,E 


Q247. - (Topic 2) 

A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO). 

A. NIPS 

B. HSM 

C. HIPS 

D. NIDS 

E. WAF 

Answer: C,E 


Q248. - (Topic 1) 

News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections? 

A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology. 

B. Implement an application whitelist at all levels of the organization. 

C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring. 

D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection. 

Answer:


Q249. - (Topic 4) 

An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organization’s new web services gateway. All rendering of the content is performed on the mobile application. 

The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO? 

A. A registration process is implemented to have a random number stored on the client. 

B. The identity is passed between the applications as a HTTP header over REST. 

C. Local storage of the authenticated token on the mobile application is secured. 

D. Attestation of the XACML payload to ensure that the client is authorized. 

Answer:


Q250. - (Topic 3) 

A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture? 

A. Service oriented architecture (SOA) 

B. Federated identities 

C. Object request broker (ORB) 

D. Enterprise service bus (ESB) 

Answer: