Want to Pass CAS-002 Exam In Next HOURS? Download Now →
September 9, 2018

What Does CAS-002 torrent Mean?

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certshared.com/exam/CAS-002/

P.S. Approved CAS-002 software are available on Google Drive, GET MORE: https://drive.google.com/open?id=1pX9Yg2aTb9vNu1CE0teKLNqAkStO5U85

New CompTIA CAS-002 Exam Dumps Collection (Question 5 - Question 14)

Question No: 5

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organizationu2019s configuration management process using?

A. Agile


C. Waterfall

D. Joint application development

Answer: A

Question No: 6

A security manager is concerned about performance and patch management, and, as a result, wants to implement a virtualization strategy to avoid potential future OS vulnerabilities in the host system. The IT manager wants a strategy that would provide the hypervisor with direct communications with the underlying physical hardware allowing the hardware resources to be paravirtualized and delivered to the guest machines. Which of the following recommendations from the server administrator BEST meets the IT and security managersu2019 requirements? (Select TWO).

A. Nested virtualized hypervisors

B. Type 1 hypervisor

C. Hosted hypervisor with a three layer software stack

D. Type 2 hypervisor

E. Bare metal hypervisor with a software stack of two layers

Answer: B,E

Question No: 7

A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies involves daily stand-ups designed to improve communication?

A. Spiral

B. Agile

C. Waterfall

D. Rapid

Answer: B

Question No: 8

An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server.

Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline

Archived Financial Data = No need for the database to be online. Low damage for integrity loss

Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted

Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server?

A. Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)}

B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)}

C. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)}

D. Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)}

Answer: B

Question No: 9

A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger computational overheads. Browser compatibility is not a concern; however system performance is. Which of the following, when implemented, would BEST meet the engineeru2019s requirements?





Answer: B

Question No: 10

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage; and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

A. Avoid

B. Accept

C. Mitigate

D. Transfer

Answer: C

Question No: 11

An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:

1. Selective sandboxing of suspicious code to determine malicious intent.

2. VoIP handling for SIP and H.323 connections.

3. Block potentially unwanted applications.

1. Which of the following devices would BEST meet all of these requirements?






Answer: A

Question No: 12

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame as to whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

A. During the Identification Phase

B. During the Lessons Learned phase

C. During the Containment Phase

D. During the Preparation Phase

Answer: B

Question No: 13

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

A. Agile

B. Waterfall

C. Scrum

D. Spiral

Answer: B

Question No: 14

A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contractu2019s SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment. Which of the following approaches presents the MOST risk to the security assessment?

A. The security manager reviews the system description for the previous accreditation, but does not review application change records.

B. The security manager decides to use the previous SRTM without reviewing the system description.

C. The security manager hires an administrator from the previous contract to complete the assessment.

D. The security manager does not interview the vendor to determine if the system description is accurate.

Answer: B

Recommend!! Get the Approved CAS-002 dumps in VCE and PDF From Allfreedumps, Welcome to download: https://www.allfreedumps.com/CAS-002-dumps.html (New 532 Q&As Version)