Aug 2017 updated: Exambible CompTIA CAS-002 test preparation 251-260

We provide real CAS-002 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA CAS-002 Exam quickly & easily. The CAS-002 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA CAS-002 dumps pdf and vce product and material, you can easily pass the CAS-002 exam.


Free VCE & PDF File for CompTIA CAS-002 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:

Q251. – (Topic 3) 

The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC? 

A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset. 

B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset. 

C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal. 

D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal. 


Q252. – (Topic 4) 

Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test? 

A. Test password complexity of all login fields and input validation of form fields 

B. Reverse engineering any thick client software that has been provided for the test 

C. Undertaking network-based denial of service attacks in production environment 

D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks 

E. Running a vulnerability scanning tool to assess network and host weaknesses 


Q253. – (Topic 5) 

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). 

A. Block traffic from the ISP’s networks destined for blacklisted IPs. 

B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP. 

C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network. 

D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner. 

E. Notify customers when services they run are involved in an attack. 

Answer: C,E 

Q254. – (Topic 1) 

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations? 

A. vTPM 





Q255. – (Topic 3) 

Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE). 

A. File level transfer of data 

B. Zoning and LUN security 

C. Block level transfer of data 

D. Multipath 

E. Broadcast storms 

F. File level encryption 

G. Latency 

Answer: A,E,G 

Q256. – (Topic 3) 

A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide? 

A. 1 

B. 2 

C. 3 

D. 5 Answer: D 

Q257. – (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 


Q258. – (Topic 5) 

A Chief Information Security Officer (CISO) is approached by a business unit manager who heard a report on the radio this morning about an employee at a competing firm who shipped a VPN token overseas so a fake employee could log into the corporate VPN. The CISO asks what can be done to mitigate the risk of such an incident occurring within the organization. Which of the following is the MOST cost effective way to mitigate such a risk? 

A. Require hardware tokens to be replaced on a yearly basis. 

B. Implement a biometric factor into the token response process. 

C. Force passwords to be changed every 90 days. 

D. Use PKI certificates as part of the VPN authentication process. 


Q259. – (Topic 5) 

As a cost saving measure, a company has instructed the security engineering team to allow all consumer devices to be able to access the network. They have asked for recommendations on what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling applications, and stolen devices. Which of the following is BEST suited for the requirements? 

A. MEAP with Enterprise Appstore 

B. Enterprise Appstore with client-side VPN software 

C. MEAP with TLS 

D. MEAP with MDM 


Q260. – (Topic 2) 

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range. 

Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred? 

A. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Improper error handling prevented the application from recovering. 

B. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering. 

C. Computers are able to store numbers well above “billions” in size. Therefore, the website issues are not related to the large number being input. 

D. The application has crashed because a very large integer has lead to a “divide by zero”. Improper error handling prevented the application from recovering.