Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 81-90

September 15, 2017

EnsurePass
2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/CAS-002.html

CompTIA Advanced Security Practitioner (CASP)

Question No: 81 – (Topic 1)

The Information Security Officer (ISO) is reviewing new policies that have been recently

made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

  1. Business or technical justification for not implementing the requirements.

  2. Risks associated with the inability to implement the requirements.

  3. Industry best practices with respect to the technical implementation of the current controls.

  4. All sections of the policy that may justify non-implementation of the requirements.

  5. A revised DRP and COOP plan to the exception form.

  6. Internal procedures that may justify a budget submission to implement the new requirement.

  7. Current and planned controls to mitigate the risks.

Answer: A,B,G

Question No: 82 – (Topic 1)

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers.

Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).

  1. Managed security service

  2. Memorandum of understanding

  3. Quality of service

  4. Network service provider

  5. Operating level agreement

Answer: B,E

Question No: 83 – (Topic 1)

Which of the following describes a risk and mitigation associated with cloud data storage?

  1. Risk: Shared hardware caused data leakageMitigation: Strong encryption at rest

  2. Risk: Offsite replicationMitigation: Multi-site backups

  3. Risk: Data loss from de-duplicationMitigation: Dynamic host bus addressing

  4. Risk: Combined data archivingMitigation: Two-factor administrator authentication

Answer: A

Question No: 84 – (Topic 1)

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.

The information security team has been a part of the department meetings and come away with the following notes:

-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.

-Sales is asking for easy order tracking to facilitate feedback to customers.

-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.

-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.

-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.

The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and data encryption.

Which of the following departments’ request is in contrast to the favored solution?

  1. Manufacturing

  2. Legal

  3. Sales

  4. Quality assurance

  5. Human resources

Answer: E

Question No: 85 – (Topic 1)

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?

  1. Access control lists

  2. SELinux

  3. IPtables firewall

  4. HIPS

Answer: B

Question No: 86 – (Topic 1)

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).

  1. Implement hashing of data in transit

  2. Session recording and capture

  3. Disable cross session cut and paste

  4. Monitor approved credit accounts

  5. User access audit reviews

  6. Source IP whitelisting

Answer: C,E,F

Question No: 87 – (Topic 1)

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?

  1. What are the protections against MITM?

  2. What accountability is built into the remote support application?

  3. What encryption standards are used in tracking database?

  4. What snapshot or “undo” features are present in the application?

  5. What encryption standards are used in remote desktop and file transfer functionality?

Answer: B

Question No: 88 – (Topic 1)

A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?

  1. Spiral model

  2. Incremental model

  3. Waterfall model

  4. Agile model

Answer: C

Question No: 89 – (Topic 1)

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).

  1. Availability

  2. Authentication

  3. Integrity

  4. Confidentiality

  5. Encryption

Answer: B,C

Question No: 90 – (Topic 1)

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

  1. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options.

  2. Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward recommendations for mitigation.

  3. Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.

  4. Notify all customers about the threat to their hosted data. Bring the web servers down into “maintenance mode” until the vulnerability can be reliably mitigated through a vendor patch.

Answer: A

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE