Want to Pass CAS-002 Exam In Next HOURS? Get it now →
January 8, 2019

Top Far out CAS-002 free question Reviews!

It is more faster and easier to pass the CompTIA CAS-002 exam by using Breathing CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Up to the minute CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

P.S. Breathing CAS-002 lab are available on Google Drive, GET MORE: https://drive.google.com/open?id=1i-DSDDbU7Ij9pDq-9iid94VozRUrxe72


New CompTIA CAS-002 Exam Dumps Collection (Question 16 - Question 22)

Q1. A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?

A. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

B. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

D. Enable ESP on the internal network, and place NIPS on both networks.

Answer: A



Q2. The security administrator is responsible for the confidentiality of all corporate data. The companyu2019s servers are located in a datacenter run by a different vendor. The vendor datacenter hosts servers for many different clients, all of whom have access to the datacenter. None of the racks are physically secured. Recently, the company has been the victim of several attacks involving data injection and exfiltatration. The security administrator suspects these attacks are due to several new network based attacks facilitated by having physical access to a system. Which of the following BEST describes how to adapt to the threat?

A. Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.

B. Apply two factor authentication, require point to point VPNs, and enable log auditing on all devices.

C. Apply port security to all routers, switch to telnet, and implement point to point VPNs on all servers.

D. Apply three factor authentication, implement IPSec, and enable SNMP.

Answer: A



Q3. A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?

A. Government regulation

B. Industry standard

C. Company guideline

D. Company policy

Answer: B



Q4. In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change.

Which of the following BEST addresses risks associated with disclosure of intellectual property?

A. Require the managed service provider to implement additional data separation.

B. Require encrypted communications when accessing email.

C. Enable data loss protection to minimize emailing PII and confidential data.

D. Establish an acceptable use policy and incident response policy.

Answer: C



Q5. A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the companyu2019s security standard?

A. Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.

B. Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.

C. Conduct a risk analysis on all current controls, and recommend appropriate mechanisms to increase overall security.

D. Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.

Answer: B



Q6. Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?

A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.

B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.

C. Provide sales staff with a separate laptop with no administrator access just for sales visits.

D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

Answer: A



Q7. An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same certificate. Which of the following would allow the administrator to secure those domains with a single issued certificate?

A. Intermediate Root Certificate

B. Wildcard Certificate

C. EV x509 Certificate

D. Subject Alternative Names Certificate

Answer: D




see more free CAS-002 exam dumps

100% Up to the minute CompTIA CAS-002 Questions & Answers shared by Thedumpscentre, Get HERE: http://www.thedumpscentre.com/CAS-002-dumps/ (New 450 Q&As)