CAS-002 Latest Exam (Mar 2018)

[Free] 2018(Mar) EnsurePass Testinsides CompTIA CAS-002 Dumps with VCE and PDF 271-280

April 14, 2018 : Ensure you pass the IT Exams
2018 Mar CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 271 – (Topic 3)

A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?

  1. A physically isolated network that allows for secure metric collection.

  2. A physically isolated network with inband management that uses two factor authentication.

  3. A logically isolated network with inband management that uses secure two factor authentication.

  4. An isolated network that provides secure out-of-band remote management.

Answer: D

Question No: 272 – (Topic 3)

A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?

  1. 1

  2. 2

  3. 3

  4. 5

Answer: D

Question No: 273 – (Topic 3)

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?

  1. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

  2. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

  3. Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

  4. Enable ESP on the internal network, and place NIPS on both networks.

Answer: A

Question No: 274 – (Topic 3)

Company XYZ has transferred all of the corporate servers, including web servers, to a cloud hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider, but it is encrypted when not in use. Only the DNS server is configured to audit user and administrator actions and logging is disabled on the other virtual machines. Given this scenario, which of the following is the MOST significant risk to the system?

  1. All servers are unpatched and running old versions.

  2. Financial data is processed without being encrypted.

  3. Logging is disabled on critical servers.

  4. Server services have been virtualized and outsourced.

Answer: A

Question No: 275 – (Topic 3)

The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The ‘bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?

  1. The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.

  2. Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.

  3. The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.

  4. Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.

Answer: B

Question No: 276 – (Topic 3)

Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?

  1. The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.

  2. Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third party’s responsibility.

  3. The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues.

  4. If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation.

Answer: A

Question No: 277 – (Topic 3)

The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?

  1. Social engineering

  2. Protocol analyzer

  3. Port scanner

  4. Grey box testing

Answer: B

Question No: 278 – (Topic 3)

In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-


  1. Creation and secure destruction of mail accounts, emails, and calendar items

  2. Information classification, vendor selection, and the RFP process

  3. Data provisioning, processing, in transit, at rest, and de-provisioning

  4. Securing virtual environments, appliances, and equipment that handle email

Answer: C

Question No: 279 – (Topic 3)

In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change.

Which of the following BEST addresses risks associated with disclosure of intellectual property?

  1. Require the managed service provider to implement additional data separation.

  2. Require encrypted communications when accessing email.

  3. Enable data loss protection to minimize emailing PII and confidential data.

  4. Establish an acceptable use policy and incident response policy.

Answer: C

Question No: 280 – (Topic 3)

A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value-added service by the hosting company. Which of the following BEST meets these requirements?

  1. The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.

  2. The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall.

  3. Customers should purchase physical firewalls to protect their guest hosts and have the hosting company manage these if requested.

  4. The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.

Answer: B

100% Ensurepass Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Ensurepass Free Guaranteed!
CAS-002 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No