★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/CAS-002-dumps.html
Examcollection provides several different kinds of the actual CompTIA Transcenders. CompTIA CAS-002 test thoughts deal with the exam completely as well as these power tools supply you detail reasons and explanation on the CompTIA Qualification thoughts. Thru the following satisfying approach you might have superior possibility for discover more about IT engineering. All these CompTIA assessments call for certain methods and better comprehension to feed these folks. The CompTIA CAS-002 materials provide you with the correct and then to the experience on your greatest comprehension. Different ideas tend to be outlined in the straightforward design, outlined using proper suggestions and the shots describes the topic properly. The CompTIA CAS-002 official certifications coaching in addition to CAS-002 provides you a wonderful experience for the guaranteed achievement in test. All of this things provides you a whole policy on the test. You will probably find the tag over Ninety days from the CAS-002 official certifications test.
2021 Oct comptia casp cas-002 pdf:
Q161. - (Topic 5)
An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future?
A. Use PAP for secondary authentication on each RADIUS server
B. Disable unused EAP methods on each RADIUS server
C. Enforce TLS connections between RADIUS servers
D. Use a shared secret for each pair of RADIUS servers
Answer: C
Q162. - (Topic 2)
An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?
A. Back office database
B. Asset tracking
C. Geo-fencing
D. Barcode scanner
Answer: C
Q163. - (Topic 5)
A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 2048-bit PKI certificates so that the entire company will be interoperable with its vendors when the project is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-bit certificates. The provisioning of network based accounts has not occurred yet due to other project delays. The project is now expected to be over budget and behind its original schedule. Termination of the existing project and beginning a new project is a consideration because of the change in scope. Which of the following is the security engineer’s MOST serious concern with implementing this solution?
A. Succession planning
B. Performance
C. Maintainability
D. Availability
Answer: C
Q164. - (Topic 1)
A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?
A. The malware file’s modify, access, change time properties.
B. The timeline analysis of the file system.
C. The time stamp of the malware in the swap file.
D. The date/time stamp of the malware detection in the antivirus logs.
Answer: B
Q165. - (Topic 4)
A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions.
DATE/TIMEPIDCOMMAND%CPUMEM
031020141030002055com.proc10.2920K
031020141100002055com.proc12.35.2M 031020141230002055com.proc22.022M 031020141300002055com.proc33.01.6G 031020141330002055com.proc30.28.0G
Which of the following is the MOST likely cause for the DoS?
A. The system does not implement proper garbage collection.
B. The system is susceptible to integer overflow.
C. The system does not implement input validation.
D. The system does not protect against buffer overflows properly.
Answer: A
Improve comptia casp cas-002 pdf:
Q166. - (Topic 4)
Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?
A. Single sign-on
B. Identity propagation
C. Remote attestation
D. Secure code review
Answer: C
Q167. - (Topic 4)
A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life.
The two initial migrations include:
Which of the following should the security consultant recommend based on best practices?
A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.
B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.
C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.
D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.
Answer: C
Q168. - (Topic 4)
A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring.
The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.
The business has specified that the solution needs to be enterprise grade and meet the following requirements:
In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).
A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
F. Ensure appropriate auditing is enabled to capture the required information.
G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.
Answer: B,C,F
Q169. - (Topic 5)
An organization is finalizing a contract with a managed security services provider (MSSP) that is responsible for primary support of all security technologies. Which of the following should the organization require as part of the contract to ensure the protection of the organization’s technology?
A. An operational level agreement
B. An interconnection security agreement
C. A non-disclosure agreement
D. A service level agreement
Answer: B
Q170. - (Topic 2)
An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).
A. /etc/passwd
B. /etc/shadow
C. /etc/security
D. /etc/password
E. /sbin/logon
F. /bin/bash
Answer: A,B