Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 221-230

September 15, 2017

EnsurePass
2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/CAS-002.html

CompTIA Advanced Security Practitioner (CASP)

Question No: 221 – (Topic 2)

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

  1. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.

  2. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.

  3. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

  4. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

Answer: C

Question No: 222 – (Topic 2)

In a situation where data is to be recovered from an attacker’s location, which of the following are the FIRST things to capture? (Select TWO).

  1. Removable media

  2. Passwords written on scrap paper

  3. Snapshots of data on the monitor

  4. Documents on the printer

  5. Volatile system memory

  6. System hard drive

Answer: C,E

Question No: 223 – (Topic 2)

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network.

Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN’s no other security action was taken.

To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

  1. Residual Risk calculation

  2. A cost/benefit analysis

  3. Quantitative Risk Analysis

  4. Qualitative Risk Analysis

Answer: C

Question No: 224 – (Topic 2)

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:

POST http://www.example.com/resources/NewBankAccount HTTP/1.1

Content-type: application/json

{

“account”: [

{ “creditAccount”:”Credit Card Rewards account”} { “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”}

],

“customer”: [

{ “name”:”Joe Citizen”} { “custRef”:”3153151″}

]

}

The banking website responds with: HTTP/1.1 200 OK

{

“newAccountDetails”: [

{ “cardNumber”:”1234123412341234″} { “cardExpiry”:”2020-12-31″}

{ “cardCVV”:”909″}

],

“marketingCookieTracker”:”JSESSIONID=000000001″ “returnCode”:”Account added successfully”

}

Which of the following are security weaknesses in this example? (Select TWO).

  1. Missing input validation on some fields

  2. Vulnerable to SQL injection

  3. Sensitive details communicated in clear-text

  4. Vulnerable to XSS

  5. Vulnerable to malware file uploads

  6. JSON/REST is not as secure as XML

    Answer: A,C

    Question No: 225 – (Topic 2)

    A small company is developing a new Internet-facing web application. The security requirements are:

    1. Users of the web application must be uniquely identified and authenticated.

    2. Users of the web application will not be added to the company’s directory services.

    3. Passwords must not be stored in the code. Which of the following meets these requirements?

      1. Use OpenID and allow a third party to authenticate users.

      2. Use TLS with a shared client certificate for all users.

      3. Use SAML with federated directory services.

      4. Use Kerberos and browsers that support SAML.

Answer: A

Question No: 226 – (Topic 2)

An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents?

  1. Memorandum of Understanding

  2. Information System Security Agreement

  3. Interconnection Security Agreement

  4. Interoperability Agreement

  5. Operating Level Agreement

Answer: C

Question No: 227 – (Topic 2)

The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).

  1. SIM’s PIN

  2. Remote wiping

  3. Chargeback system

  4. MDM software

  5. Presence software

  6. Email profiles

  7. Identity attestation

  8. GPS tracking

Answer: B,D,G

Question No: 228 – (Topic 2)

A security administrator has noticed that an increased number of employees’ workstations are becoming infected with malware. The company deploys an enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce malware infection?

  1. Implement an Acceptable Use Policy which addresses malware downloads.

  2. Deploy a network access control system with a persistent agent.

  3. Enforce mandatory security awareness training for all employees and contractors.

  4. Block cloud-based storage software on the company network.

Answer: D

Question No: 229 – (Topic 2)

An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements?

  1. Implementing federated network access with the third party.

  2. Using a HSM at the network perimeter to handle network device access.

  3. Using a VPN concentrator which supports dual factor via hardware tokens.

  4. Implementing 802.1x with EAP-TTLS across the infrastructure.

Answer: D

Question No: 230 – (Topic 2)

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE).

  1. Establish a list of users that must work with each regulation

  2. Establish a list of devices that must meet each regulation

  3. Centralize management of all devices on the network

  4. Compartmentalize the network

  5. Establish a company framework

  6. Apply technical controls to meet compliance with the regulation

Answer: B,D,F

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE