Downloadable of CAS-002 study guide materials and ebook for CompTIA certification for IT engineers, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!
2016 Jun CAS-002 Study Guide Questions:
Q231. – (Topic 2)
A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?
A. Subjective and based on an individual's experience.
B. Requires a high degree of upfront work to gather environment details.
C. Difficult to differentiate between high, medium, and low risks.
D. Allows for cost and benefit analysis.
E. Calculations can be extremely complex to manage.
Q232. – (Topic 2)
A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?
A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.
B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.
Q233. – (Topic 5)
A company uses a custom Line of Business (LOB) application to facilitate all back-end manufacturing control. Upon investigation, it has been determined that the database used by the LOB application uses a proprietary data format. The risk management group has flagged this as a potential weakness in the company’s operational robustness. Which of the following would be the GREATEST concern when analyzing the manufacturing control application?
A. Difficulty backing up the custom database
B. Difficulty migrating to new hardware
C. Difficulty training new admin personnel
D. Difficulty extracting data from the database
Latest comptia casp cas-002 pdf:
Q234. – (Topic 4)
A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following requirements:
In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
F. Ensure appropriate auditing is enabled to capture the required information.
G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.
Q235. – (Topic 4)
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).
A. Code review
C. Local proxy
E. Web vulnerability scanner
Q236. – (Topic 2)
An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?
A. Meet the two key VPs and request a signature on the original assessment.
B. Include specific case studies from other organizations in an updated report.
C. Schedule a meeting with key human resource application stakeholders.
D. Craft an RFP to begin finding a new human resource application.
High quality comptia casp cas-002 pdf:
Q237. – (Topic 2)
A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company’s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity?
A. RDP server
B. Client-based VPN
D. Jump box
E. SSL VPN
Q238. – (Topic 2)
A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?
A. Insider threat
B. Network reconnaissance
C. Physical security
D. Industrial espionage
Q239. – (Topic 5)
The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST address these issues?
A. Set up a weekly review for relevant teams to discuss upcoming changes likely to have a broad impact.
B. Update the change request form so that requesting teams can provide additional details about the requested changes.
C. Require every new firewall rule go through a secondary firewall administrator for review before pushing the firewall policy.
D. Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.
Q240. – (Topic 3)
A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?
A. Notify the transaction system vendor of the security vulnerability that was discovered.
B. Use a protocol analyzer to reverse engineer the transaction system’s protocol.
C. Contact the computer science students and threaten disciplinary action if they continue their actions.
D. Install a NIDS in front of all the transaction system terminals.