Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 261-270

September 15, 2017

EnsurePass
2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/CAS-002.html

CompTIA Advanced Security Practitioner (CASP)

Question No: 261 – (Topic 3)

At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly- based IDS about a company database administrator performing unusual transactions. At 10:55 a.m. the security administrator resets the database administrator’s password.

At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?

  1. The IDS logs are compromised.

  2. The new password was compromised.

  3. An input validation error has occurred.

  4. A race condition has occurred.

Answer: D

Question No: 262 – (Topic 3)

The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection?

Linux Server: 192.168.10.10/24 Mac Laptop: 192.168.10.200/24

  1. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.

  2. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.

  3. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.

  4. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.

Answer: D

Question No: 263 – (Topic 3)

A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the payroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?

  1. Provide targeted security awareness training and impose termination for repeat violators.

  2. Block desktop sharing and web conferencing applications and enable use only with approval.

  3. Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.

  4. Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.

Answer: A

Question No: 264 CORRECT TEXT – (Topic 3)

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Answer: 192.18.1.0/24 any 192.168.20.0/24 3389 any

Question No: 265 – (Topic 3)

An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?

  1. The IDS generated too many false negatives.

  2. The attack occurred after hours.

  3. The IDS generated too many false positives.

  4. No one was reviewing the IDS event logs.

Answer: D

Question No: 266 – (Topic 3)

A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?

  1. Data retention policy

  2. Business continuity plan

  3. Backup and archive processes

  4. Electronic inventory

Answer: A

Question No: 267 – (Topic 3)

As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company’s privacy policies and procedures to reflect the changing business environment and business requirements.

Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be:

  1. presented by top level management to only data handling staff.

  2. customized for the various departments and staff roles.

  3. technical in nature to ensure all development staff understand the procedures.

  4. used to promote the importance of the security department.

Answer: B

Question No: 268 DRAG DROP – (Topic 3)

Drag and Drop the following information types on to the appropriate CIA category

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Question No: 269 – (Topic 3)

An organization has had six security incidents over the past year against their main web application. Each time the organization was able to determine the cause of the incident and restore operations within a few hours to a few days. Which of the following provides the

MOST comprehensive method for reducing the time to recover?

  1. Create security metrics that provide information on response times and requirements to determine the best place to focus time and money.

  2. Conduct a loss analysis to determine which systems to focus time and money towards increasing security.

  3. Implement a knowledge management process accessible to the help desk and finance departments to estimate cost and prioritize remediation.

  4. Develop an incident response team, require training for incident remediation, and provide incident reporting and tracking metrics.

Answer: D

Question No: 270 – (Topic 3)

A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un-disclosed zero day exploits. The code base used for the device is a combination of compiled C and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?

  1. Device fingerprinting

  2. Switchport analyzer

  3. Grey box testing

  4. Penetration testing

Answer: A

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE