★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CAS-002-dumps.html


Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Up to the immediate present CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

2021 Apr CAS-002 free practice questions

Q261. - (Topic 2) 

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). 

A. Establish a list of users that must work with each regulation 

B. Establish a list of devices that must meet each regulation 

C. Centralize management of all devices on the network 

D. Compartmentalize the network 

E. Establish a company framework 

F. Apply technical controls to meet compliance with the regulation 

Answer: B,D,F 


Q262. - (Topic 5) 

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete? 

A. They should logon to the system using the username concatenated with the 6-digit code and their original password. 

B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code. 

C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed. 

D. They should use the username format: first.lastname@company.com, together with a password and their 6-digit code. 

Answer:


Q263. - (Topic 4) 

An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms? 

A. Benchmark each possible solution with the integrators existing client deployments. 

B. Develop testing criteria and evaluate each environment in-house. 

C. Run virtual test scenarios to validate the potential solutions. 

D. Use results from each vendor’s test labs to determine adherence to project requirements. 

Answer:


Q264. - (Topic 4) 

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN? 

A. Enable multipath to increase availability 

B. Enable deduplication on the storage pools 

C. Implement snapshots to reduce virtual disk size 

D. Implement replication to offsite datacenter 

Answer:


Q265. - (Topic 3) 

The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent? 

A. Identity proofing 

B. Non-repudiation 

C. Key escrow 

D. Digital rights management 

Answer:


Up to the immediate present CAS-002 rapidshare:

Q266. - (Topic 3) 

A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA? 

A. Point to point VPNs for all corporate intranet users. 

B. Cryptographic hashes of all data transferred between services. 

C. Service to service authentication for all workflows. 

D. Two-factor authentication and signed code 

Answer:


Q267. - (Topic 1) 

A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration? 

A. Virtualize the web servers locally to add capacity during registration. 

B. Move the database servers to an elastic private cloud while keeping the web servers local. 

C. Move the database servers and web servers to an elastic private cloud. 

D. Move the web servers to an elastic public cloud while keeping the database servers local. 

Answer:


Q268. - (Topic 3) 

A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value-added service by the hosting company. Which of the following BEST meets these requirements? 

A. The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis. 

B. The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall. 

C. Customers should purchase physical firewalls to protect their guest hosts and have the hosting company manage these if requested. 

D. The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested. 

Answer:


Q269. - (Topic 4) 

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times? 

A. Increase the virtual RAM allocation to high I/O servers. 

B. Install a management NIC and dedicated virtual switch. 

C. Configure the high I/O virtual servers to use FCoE rather than iSCSI. 

D. Move the guest web server to another dedicated host. 

Answer:


Q270. - (Topic 3) 

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives? 

A. Construct a library of re-usable security patterns 

B. Construct a security control library 

C. Introduce an ESA framework 

D. Include SRTM in the SDLC 

Answer: