Want to Pass CAS-002 Exam In Next HOURS? Download Now →
January 8, 2019

Up to the minute CAS-002 Exam Study Guides With New Update Exam Questions


Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certshared.com/exam/CAS-002/


P.S. Actual CAS-002 resource are available on Google Drive, GET MORE: https://drive.google.com/open?id=1MWxVvRqKw5P-3mL6Zi7QlXk_26ObOJ_y


New CompTIA CAS-002 Exam Dumps Collection (Question 7 - Question 16)

New Questions 7

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

A. An administrative control

B. Dual control

C. Separation of duties

D. Least privilege

E. Collusion

Answer: C


New Questions 8

Which of the following does SAML uses to prevent government auditors or law enforcement from identifying specific entities as having already connected to a service provider through an SSO operation?

A. Transient identifiers

B. Directory services

C. Restful interfaces

D. Security bindings

Answer: : A


New Questions 9

The organization has an IT driver on cloud computing to improve delivery times for IT solution provisioning. Separate to this initiative, a business case has been approved for replacing the existing banking platform for credit card processing with a newer offering. It is the security practitioneru2019s responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing?

A. A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure.

B. Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organizationu2019s strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the companyu2019s internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform.

C. There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward.

D. Cloud computing should rarely be considered an option for any processes that need to be significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure.

Answer: : C


New Questions 10

A company uses a custom Line of Business (LOB) application to facilitate all back-end manufacturing control. Upon investigation, it has been determined that the database used by the LOB application uses a proprietary data format. The risk management group has flagged this as a potential weakness in the companyu2019s operational robustness. Which of the following would be the GREATEST concern when analyzing the manufacturing control application?

A. Difficulty backing up the custom database

B. Difficulty migrating to new hardware

C. Difficulty training new admin personnel

D. Difficulty extracting data from the database

Answer: D


New Questions 11

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).

A. Implement hashing of data in transit

B. Session recording and capture

C. Disable cross session cut and paste

D. Monitor approved credit accounts

E. User access audit reviews

F. Source IP whitelisting

Answer: C,E,F


New Questions 12

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

A. Facilities management

B. Human resources

C. Research and development

D. Programming

E. Data center operations

F. Marketing

G. Information technology

Answer: A,E,G


New Questions 13

A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

A. Client side input validation

B. Stored procedure

C. Encrypting credit card details

D. Regular expression matching

Answer: D


New Questions 14

Which of the following protocols only facilitates access control?

A. XACML

B. Kerberos

C. SPML

D. SAML

Answer: A


New Questions 15

A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The sales team is continuously contacting the security administrator to answer security questions posed by potential customers/clients. Which of the following is the BEST strategy to minimize the frequency of these requests?

A. Request the major stakeholder hire a security liaison to assist the sales team with security-related questions.

B. Train the sales team about basic security, and make them aware of the security policies and procedures of the company.

C. The job description of the security administrator is to assist the sales team; thus the process should not be changed.

D. Compile a list of the questions, develop an FAQ on the website, and train the sales team about basic security concepts.

Answer: D


New Questions 16

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).

A. LDAP/S

B. SAML

C. NTLM

D. OAUTH

E. Kerberos

Answer: B,E


Recommend!! Get the Actual CAS-002 dumps in VCE and PDF From Examcollection, Welcome to download: http://www.examcollectionuk.com/CAS-002-vce-download.html (New 450 Q&As Version)