★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CAS-002-dumps.html


CompTIA CAS-002 exam is a great CompTIA certification exam which aims for you to test any candidate?¡¥s knowledge along with skills throughout practical work. If you are one of the The idea aspirants but together with no CompTIA CompTIA certification, Testking will be your excellent help. Testking.org is a web site which supplies with students all the accurate along with reliable CompTIA CAS-002 practice resources. Try our own CAS-002 exam dumps, and you will pass the real exam quickly and confidently.

2021 Nov comptia casp cas-002 pdf:

Q151. - (Topic 3) 

An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work? 

A. Interconnection Security Agreement 

B. Memorandum of Understanding 

C. Business Partnership Agreement 

D. Non-Disclosure Agreement 

Answer:


Q152. - (Topic 4) 

A company has implemented data retention policies and storage quotas in response to their legal department's requests and the SAN administrator's recommendation. The retention policy states all email data older than 90 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of email storage. After being presented with an e-discovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council? 

A. Delete files and email exceeding policy thresholds and turn over the remaining files and email. 

B. Delete email over the policy threshold and hand over the remaining emails and all of the files. 

C. Provide the 1Tb of files on the network and the 300Mb of email files regardless of age. 

D. Provide the first 200Mb of e-mail and the first 500Mb of files as per policy. 

Answer:


Q153. - (Topic 1) 

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: 

10.235.62.11 – - [02/Mar/2014:06:13:04] “GET /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724 

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer? 

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters. 

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side. 

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation. 

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced. 

Answer:


Q154. - (Topic 3) 

A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution? 

A. Application firewall and NIPS 

B. Edge firewall and HIDS 

C. ACLs and anti-virus 

D. Host firewall and WAF 

Answer:


Q155. - (Topic 5) 

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO). 

A. Availability 

B. Authentication 

C. Integrity 

D. Confidentiality 

E. Encryption 

Answer: B,C 


Improved comptia casp cas-002 pdf:

Q156. - (Topic 2) 

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request: 

POST http://www.example.com/resources/NewBankAccount HTTP/1.1 

Content-type: application/json 

“account”: 

{ “creditAccount”:”Credit Card Rewards account”} { 

 “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”} 

], 

“customer”: 

{ “name”:”Joe Citizen”} { “custRef”:”3153151”} 

The banking website responds with: 

HTTP/1.1 200 OK 

“newAccountDetails”: 

{ “cardNumber”:”1234123412341234”} { “cardExpiry”:”2021-12-31”} 

{ “cardCVV”:”909”} 

], 

“marketingCookieTracker”:“JSESSIONID=000000001” 

“returnCode”:“Account added successfully” 

Which of the following are security weaknesses in this example? (Select TWO). 

A. Missing input validation on some fields 

B. Vulnerable to SQL injection 

C. Sensitive details communicated in clear-text 

D. Vulnerable to XSS 

E. Vulnerable to malware file uploads 

F. JSON/REST is not as secure as XML 

Answer: A,C 


Q157. - (Topic 4) 

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO). 

A. Code review 

B. Sandbox 

C. Local proxy 

D. Fuzzer 

E. Web vulnerability scanner 

Answer: C,D 


Q158. - (Topic 1) 

A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond? 

A. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options. 

B. Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any ‘high’ or ‘critical’ penetration test findings and put forward recommendations for mitigation. 

C. Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software. 

D. Notify all customers about the threat to their hosted data. Bring the web servers down into “maintenance mode” until the vulnerability can be reliably mitigated through a vendor patch. 

Answer:


Q159. - (Topic 3) 

Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management? 

A. The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch. 

B. Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third party’s responsibility. 

C. The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues. 

D. If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation. 

Answer:


Q160. - (Topic 5) 

An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements: 

1. Selective sandboxing of suspicious code to determine malicious intent. 

2. VoIP handling for SIP and H.323 connections. 

3. Block potentially unwanted applications. 

Which of the following devices would BEST meet all of these requirements? 

A. UTM 

B. HIDS 

C. NIDS 

D. WAF 

E. HSM 

Answer: