Latest Certified Success Dumps Download

CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 91-100

September 15, 2017

2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 91 – (Topic 1)

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

  1. The user’s certificate private key must be installed on the VPN concentrator.

  2. The CA’s certificate private key must be installed on the VPN concentrator.

  3. The user certificate private key must be signed by the CA.

  4. The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator.

  5. The VPN concentrator’s certificate private key must be installed on the VPN concentrator.

  6. The CA’s certificate public key must be installed on the VPN concentrator.

Answer: E,F

Question No: 92 – (Topic 1)

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO).

  1. Retrieve source system image from backup and run file comparison analysis on the two images.

  2. Parse all images to determine if extra data is hidden using steganography.

  3. Calculate a new hash and compare it with the previously captured image hash.

  4. Ask desktop support if any changes to the images were made.

  5. Check key system files to see if date/time stamp is in the past six months.

Answer: A,C

Question No: 93 – (Topic 1)

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step that the security team should take?

  1. Purchase new hardware to keep the malware isolated.

  2. Develop a policy to outline what will be required in the secure lab.

  3. Construct a series of VMs to host the malware environment.

  4. Create a proposal and present it to management for approval.

Answer: D

Question No: 94 – (Topic 1)

A company is deploying a new iSCSI-based SAN. The requirements are as follows: Which of the following design specifications meet all the requirements? (Select TWO).

  1. Targets use CHAP authentication

  2. IPSec using AH with PKI certificates for authentication

  3. Fiber channel should be used with AES

  4. Initiators and targets use CHAP authentication

  5. Fiber channel over Ethernet should be used

  6. IPSec using AH with PSK authentication and 3DES

  7. Targets have SCSI IDs for authentication

Answer: B,D

Question No: 95 – (Topic 1)

A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM.

Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.

Requirement 3: The system shall implement a file-level encryption scheme. Requirement 4: The system shall provide integrity for all data at rest.

Requirement 5: The system shall perform CRC checks on all files.

  1. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5

  2. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4

  3. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2

  4. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5

Answer: B

Question No: 96 – (Topic 1)

Three companies want to allow their employees to seamlessly connect to each other’s wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companies’ wireless network. All three companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?

  1. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.

  2. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.

  3. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.

  4. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.

Answer: A

Question No: 97 – (Topic 1)

The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?

  1. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.

  2. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.

  3. A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the change control team.

  4. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware.

Answer: A

Question No: 98 – (Topic 1)

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).

  1. LDAP/S

  2. SAML

  3. NTLM

  4. OAUTH

  5. Kerberos

Answer: B,E

Question No: 99 – (Topic 1)

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

  1. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs

  2. Interview employees and managers to discover the industry hot topics and trends

  3. Attend meetings with staff, internal training, and become certified in software management

  4. Attend conferences, webinars, and training to remain current with the industry and job requirements

Answer: D

Question No: 100 – (Topic 1)

A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm’s expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

  1. Code review

  2. Penetration testing

  3. Grey box testing

  4. Code signing

  5. White box testing

Answer: A,E

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE