Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 321-330

September 15, 2017

EnsurePass
2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/CAS-002.html

CompTIA Advanced Security Practitioner (CASP)

Question No: 321 – (Topic 3)

A network administrator notices a security intrusion on the web server. Which of the following is noticed by http://test.com/modules.php?op=modloadamp;name=XForumamp;file=[hostilejavascript]amp;fid=2 in the log file?

  1. Buffer overflow

  2. Click jacking

  3. SQL injection

  4. XSS attack

Answer: D

Question No: 322 – (Topic 3)

Customer Need:

“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.”

Which of the following BEST restates the customer need?

  1. The system shall use a pseudo-random number generator seeded the same every time.

  2. The system shall generate a pseudo-random number upon invocation by the existing Java program.

  3. The system shall generate a truly random number based upon user PKI certificates.

  4. The system shall implement a pseudo-random number generator for use by corporate customers.

Answer: B

Question No: 323 CORRECT TEXT – (Topic 3)

An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission

Ensurepass 2017 PDF and VCE

Answer: You need to check the hash value of download software with md5 utility.

Explanation:

Check the below images for more details:

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Question No: 324 – (Topic 3)

Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?

  1. Purchase the product and test it in a lab environment before installing it on any live system.

  2. Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it.

  3. Purchase the product and test it on a few systems before installing it throughout the entire company.

  4. Use Company A’s change management process during the evaluation of the new product.

Answer: D

Question No: 325 – (Topic 3)

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of

client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

  1. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

  2. Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

  3. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

  4. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

Answer: D

Question No: 326 – (Topic 3)

After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm. Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms?

  1. A Tamp;M contract

  2. An RFP

  3. A FFP agreement

  4. A new RFQ

Answer: B

Question No: 327 – (Topic 3)

A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the

desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO’s business decision?

  1. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.

  2. Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

  3. Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization’s flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.

  4. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

    Answer: D

    Question No: 328 CORRECT TEXT – (Topic 3)

    The IDS has detected abnormal behavior on this network Click on the network devices to view device information Based on this information, the following tasks need to be completed:

    1. Select the server that is a victim of a SQL injection attack. 2 Select the source of the buffer overflow attack.

  1. Modify the access control list (ACL) on the router(s) to ONLY block the buffer overflow attack.

    Instructions: Simulations can be reset at any time to the initial state: however, all selections will be deleted.

    Ensurepass 2017 PDF and VCE

    Ensurepass 2017 PDF and VCE

    Ensurepass 2017 PDF and VCE

    Answer: Follow the Steps as

    Explanation:

    First, we need to determine the source of the attack and the victim. View the IDS logs to determine this information. Although SIMs may vary, one example clearly shows the source of the attack as the 10.2.0.50 host, and the victim is serverD.

    To block only this traffic we need to modify the following rule on router 2 only: Source address = 10.2.0.50

    Destination address = 192.168.1.0/24 Deny box should be checked.

    Question No: 329 – (Topic 3)

    A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?

    1. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user’s credentials. Require each user to install the public key on their computer.

    2. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.

    3. Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.

    4. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.

Answer: D

Question No: 330 – (Topic 3)

A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

  1. Loss of physical control of the servers

  2. Distribution of the job to multiple data centers

  3. Network transmission of cryptographic keys

  4. Data scraped from the hardware platforms

Answer: D

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE