The Update Guide To CAS-002 samples Dec 2018
P.S. Free CAS-002 bundle are available on Google Drive, GET MORE: https://drive.google.com/open?id=1D1OsvtV6EsmahSAfh5egZO5fZVoFYzmV
New CompTIA CAS-002 Exam Dumps Collection (Question 8 - Question 17)
Question No: 8
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
D. What snapshot or u201cundou201d features are present in the application?
E. What encryption standards are used in remote desktop and file transfer functionality?
Question No: 9
An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms?
A. Benchmark each possible solution with the integrators existing client deployments.
B. Develop testing criteria and evaluate each environment in-house.
C. Run virtual test scenarios to validate the potential solutions.
D. Use results from each vendoru2019s test labs to determine adherence to project requirements.
Question No: 10
The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?
A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.
B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.
C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.
D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.
Question No: 11
Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research.
The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy.
Which of the following is the BEST course of action for the security administrator to take?
A. Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and then donate the machines.
B. Delay the donation until all storage media on the computers can be sanitized.
C. Reload the machines with an open source operating system and then donate the machines.
D. Move forward with the donation, but remove all software license keys from the machines.
Question No: 12
Which of the following is the information owner responsible for?
A. Developing policies, standards, and baselines.
B. Determining the proper classification levels for data within the system.
C. Integrating security considerations into application and system purchasing decisions.
D. Implementing and evaluating security controls by validating the integrity of the data.
Question No: 13
A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides to use dedicated hardware and local network to identify the Trojanu2019s behavior and the remote DNS and IP addresses it connects to. Which of the following tools is BEST suited to identify the DNS and IP addresses the stealth Trojan communicates with after its payload is decrypted?
B. Vulnerability scanner
C. Packet analyzer
D. Firewall logs
Question No: 14
Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap u2013O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?
A. B. Windows
Question No: 15
A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities.
The reviewer has advised that future software projects utilize managed code platforms if at all possible.
Which of the following languages would suit this recommendation? (Select TWO).
Question No: 16
A security administrator needs to deploy a remote access solution for both staff and contractors. Management favors remote desktop due to ease of use. The current risk assessment suggests protecting Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should be selected?
A. Deploy a remote desktop server on your internal LAN, and require an active directory integrated SSL connection for access.
B. Change remote desktop to a non-standard port, and implement password complexity for the entire active directory domain.
C. Distribute new IPSec VPN client software to applicable parties. Virtualize remote desktop services functionality.
A. D. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.
Question No: 17
The risk manager has requested a security solution that is centrally managed, can easily
be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?
100% Abreast of the times CompTIA CAS-002 Questions & Answers shared by Examcollectionplus, Get HERE: https://www.examcollectionplus.net/vce-CAS-002/ (New 450 Q&As)