Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Updated CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.
2017 NEW RECOMMEND
Free VCE & PDF File for CompTIA CAS-002 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q271. – (Topic 3)
A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:
1 – If VIDEO input exists, use video data for entropy 2 – If AUDIO input exists, use audio data for entropy 3 – If MOUSE input exists, use mouse data for entropy 4 – IF KEYBOARD input exists, use keyboard data for entropy 5 – IF IDE input exists, use IDE data for entropy 6 – IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?
A. 2 and 1
B. 3 and 5
C. 5 and 2
D. 6 and 4
Q272. – (Topic 3)
A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?
A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the userâs credentials. Require each user to install the public key on their computer.
B. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
C. Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
D. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.
Q273. – (Topic 4)
The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the companyâs wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).
A. Business or technical justification for not implementing the requirements.
B. Risks associated with the inability to implement the requirements.
C. Industry best practices with respect to the technical implementation of the current controls.
D. All section of the policy that may justify non-implementation of the requirements.
E. A revised DRP and COOP plan to the exception form.
F. Internal procedures that may justify a budget submission to implement the new requirement.
G. Current and planned controls to mitigate the risks.
Q274. – (Topic 5)
A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance?
A. Tape backup policies
B. Offsite backup policies
C. Data retention policies
D. Data loss prevention policies
Q275. – (Topic 4)
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZâs hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?
A. Most of company XYZâs customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.
B. The availability requirements in SLAs with each hosted customer would have to be re-written to account for the transfer of virtual machines between physical platforms for regular maintenance.
C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
D. Not all of company XYZâs customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.
Q276. – (Topic 4)
A general insurance company wants to set up a new online business. The requirements are that the solution needs to be:
The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway.
Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).
A. Implement WS-Security for services authentication and XACML for service authorization.
B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.
D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users.
E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.
F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.
Q277. – (Topic 2)
An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?
Q278. – (Topic 1)
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
D. What snapshot or âundoâ features are present in the application?
E. What encryption standards are used in remote desktop and file transfer functionality?
Q279. – (Topic 4)
In a SPML exchange, which of the following BEST describes the three primary roles?
A. The Provisioning Service Target (PST) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the PST requests, and the Provisioning Service Target (PST) performs the provisioning.
B. The Provisioning Service Provider (PSP) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the PSP requests, and the Provisioning Service Provider (PSP) performs the provisioning.
C. The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the RA requests, and the Provisioning Service Provider (PSP) performs the provisioning.
D. The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the RA requests, and the Provisioning Service Target (PST) performs the provisioning.
Q280. – (Topic 4)
A corporation implements a mobile device policy on smartphones that utilizes a white list for allowed applications. Recently, the security administrator notices that a consumer cloud based storage application has been added to the mobile device white list. Which of the following security implications should the security administrator cite when recommending the applicationâs removal from the white list?
A. Consumer cloud storage systems retain local copies of each file on the smartphone, as well as in the cloud, causing a potential data breach if the phone is lost or stolen.
B. Smartphones can export sensitive data or import harmful data with this application causing the potential for DLP or malware issues.
C. Consumer cloud storage systems could allow users to download applications to the smartphone. Installing applications this way would circumvent the application white list.
D. Smartphones using consumer cloud storage are more likely to have sensitive data remnants on them when they are repurposed.