Latest Certified Success Dumps Download

CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 171-180

September 15, 2017

2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 171 – (Topic 2)

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents.


External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%.

The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years?

A. -$30,000 B. $120,000 C. $150,000 D. $180,000

Answer: A

Question No: 172 – (Topic 2)

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization

$10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?

  1. $0

    B. $7,500 C. $10,000 D. $12,500 E. $15,000

    Answer: B

    Question No: 173 – (Topic 2)

    An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses. The requirements are:

    1. Each lab must be on a separate network segment.

    2. Labs must have access to the Internet, but not other lab networks.

    3. Student devices must have network access, not simple access to hosts on the lab networks.

    4. Students must have a private certificate installed before gaining access.

    5. Servers must have a private certificate installed locally to provide assurance to the students.

    6. All students must use the same VPN connection profile.

      Which of the following components should be used to achieve the design in conjunction with directory services?

      1. L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls between each lab segment

      2. SSL VPN for remote connectivity, directory services groups for each lab group, ACLs on

        routing equipment

      3. IPSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment

      4. Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment

Answer: C

Question No: 174 – (Topic 2)

A storage as a service company implements both encryption at rest as well as encryption in transit of customers’ data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the development team to implement a solution that will strengthen the customer’s encryption key. Which of the following, if implemented, will MOST increase the time an offline password attack against the customers’ data would take?

  1. key = NULL ; for (int i=0; ilt;5000; i ) { key = sha(key password) }

  2. password = NULL ; for (int i=0; ilt;10000; i ) { password = sha256(key) }

  3. password = password sha(password salt) aes256(password salt)

  4. key = aes128(sha256(password), password))

Answer: A

Question No: 175 – (Topic 2)

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS.

Which solution should the company select if the contract is only valid for three years?

  1. First quote

  2. Second quote

  3. Third quote

  4. Accept the risk

Answer: B

Question No: 176 – (Topic 2)

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance?

  1. The devices are being modified and settings are being overridden in production.

  2. The patch management system is causing the devices to be noncompliant after issuing the latest patches.

  3. The desktop applications were configured with the default username and password.

  4. 40 percent of the devices use full disk encryption.

Answer: A

Question No: 177 – (Topic 2)

In an effort to minimize costs, the management of a small candy company wishes to explore a cloud service option for the development of its online applications. The company does not wish to invest heavily in IT infrastructure. Which of the following solutions should be recommended?

  1. A public IaaS

  2. A public PaaS

  3. A public SaaS

  4. A private SaaS

  5. A private IaaS

  6. A private PaaS

    Answer: B

    Question No: 178 DRAG DROP – (Topic 2)

    An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. The following requirements exist. Drag and drop the

    BEST security solution to meet the given requirements. Options may be used once or not at all. All placeholders must be filled.

    Ensurepass 2017 PDF and VCE


    Ensurepass 2017 PDF and VCE

    Question No: 179 DRAG DROP – (Topic 2)

    A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified:

    1. Developers have the ability to perform technical validation of development applications.

    2. End users have the ability to access internal web applications.

    3. Third-party vendors have the ability to support applications.

      In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All placeholders must be filled.

      Ensurepass 2017 PDF and VCE


      Ensurepass 2017 PDF and VCE

      Question No: 180 – (Topic 2)

      A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).

      1. Use AES in Electronic Codebook mode

      2. Use RC4 in Cipher Block Chaining mode

      3. Use RC4 with Fixed IV generation

      4. Use AES with cipher text padding

      5. Use RC4 with a nonce generated IV

      6. Use AES in Counter mode

Answer: E,F

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE