★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CAS-002-dumps.html


Q201. - (Topic 4) 

A company has implemented data retention policies and storage quotas in response to their legal department's requests and the SAN administrator's recommendation. The retention policy states all email data older than 90 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of email storage. After being presented with an e-discovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council? 

A. Delete files and email exceeding policy thresholds and turn over the remaining files and email. 

B. Delete email over the policy threshold and hand over the remaining emails and all of the files. 

C. Provide the 1Tb of files on the network and the 300Mb of email files regardless of age. 

D. Provide the first 200Mb of e-mail and the first 500Mb of files as per policy. 

Answer:


Q202. - (Topic 3) 

A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment? 

A. Create an IP camera network and deploy NIPS to prevent unauthorized access. 

B. Create an IP camera network and only allow SSL access to the cameras. 

C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras. 

D. Create an IP camera network and restrict access to cameras from a single management host. 

Answer:


Q203. - (Topic 3) 

A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to: 

A. CISO immediately in an exception report. 

B. Users of the new web application system. 

C. The vendor who supplied the web application system. 

D. Team lead in a weekly report. 

Answer:


Q204. - (Topic 2) 

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE? 

A. $6,000 

B. $24,000 

C. $30,000 

D. $96,000 

Answer:


Q205. - (Topic 1) 

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: 

10.235.62.11 – - [02/Mar/2014:06:13:04] “GET /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724 

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer? 

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters. 

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side. 

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation. 

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced. 

Answer:


Q206. - (Topic 5) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies involves daily stand-ups designed to improve communication? 

A. Spiral 

B. Agile 

C. Waterfall 

D. Rapid 

Answer:


Q207. - (Topic 1) 

Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back to the home school for authentication via the Internet. 

The requirements are: 

The following design was implemented: WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority 

A strong shared secret will be used for RADIUS server authentication 

Which of the following security considerations should be added to the design? 

A. The transport layer between the RADIUS servers should be secured 

B. WPA Enterprise should be used to decrease the network overhead 

C. The RADIUS servers should have local accounts for the visiting students 

D. Students should be given certificates to use for authentication to the network 

Answer:


Q208. - (Topic 5) 

An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO). 

A. The company’s IDS signatures were not updated. 

B. The company’s custom code was not patched. 

C. The patch caused the system to revert to http. 

D. The software patch was not cryptographically signed. 

E. The wrong version of the patch was used. 

F. Third-party plug-ins were not patched. 

Answer: B,F 


Q209. - (Topic 4) 

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19: 

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? 

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets. 

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication. 

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks. 

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic. 

Answer:


Q210. - (Topic 5) 

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO). 

A. LDAP/S 

B. SAML 

C. NTLM 

D. OAUTH 

E. Kerberos 

Answer: B,E