We provide real CAS-002 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA CAS-002 Exam quickly & easily. The CAS-002 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA CAS-002 dumps pdf and vce product and material, you can easily pass the CAS-002 exam.

Q71. - (Topic 2) 

Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem? 

A. Implement change control practices at the organization level. 

B. Adjust the firewall ACL to prohibit development from directly accessing the production server farm. 

C. Update the vulnerability management plan to address data discrepancy issues. 

D. Change development methodology from strict waterfall to agile. 

Answer:


Q72. - (Topic 3) 

A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to: 

A. CISO immediately in an exception report. 

B. Users of the new web application system. 

C. The vendor who supplied the web application system. 

D. Team lead in a weekly report. 

Answer:


Q73. - (Topic 1) 

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. 

Which of the following would be the advantage of conducting this kind of penetration test? 

A. The risk of unplanned server outages is reduced. 

B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on. 

C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness. 

D. The results should reflect what attackers may be able to learn about the company. 

Answer:


Q74. - (Topic 1) 

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). 

A. Block traffic from the ISP’s networks destined for blacklisted IPs. 

B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP. 

C. Scan the ISP’s customer networks using an up-to-date vulnerability scanner. 

D. Notify customers when services they run are involved in an attack. 

E. Block traffic with an IP source not allocated to customers from exiting the ISP's network. 

Answer: D,E 


Q75. - (Topic 5) 

A security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher and algorithm in use. The security architect advocates for the use of well-randomized keys as a mitigation to brute force and rainbow attacks. Which of the following is the security architect trying to increase in the design? 

A. Key stretching 

B. Availability 

C. Entropy 

D. Root of trust 

E. Integrity 

Answer:


Q76. - (Topic 3) 

A database administrator comes across the below records in one of the databases during an internal audit of the payment system: 

UserIDAddressCredit Card No.Password 

jsmith123 fake street55XX-XXX-XXXX-1397Password100 

jqdoe234 fake street42XX-XXX-XXXX-202717DEC12 

From a security perspective, which of the following should be the administrator’s GREATEST concern, and what will correct the concern? 

A. Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password. 

B. Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive account information. Correction: Require user IDs to be more complex by using alphanumeric characters and hash the UserIDs. 

C. Concern: User IDs are confidential private information. Correction: Require encryption of user IDs. 

D. Concern: More than four digits within a credit card number are stored. Correction: Only store the last four digits of a credit card to protect sensitive financial information. 

Answer:


Q77. - (Topic 1) 

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO). 

A. Retrieve source system image from backup and run file comparison analysis on the two images. 

B. Parse all images to determine if extra data is hidden using steganography. 

C. Calculate a new hash and compare it with the previously captured image hash. 

D. Ask desktop support if any changes to the images were made. 

E. Check key system files to see if date/time stamp is in the past six months. 

Answer: A,C 


Q78. - (Topic 3) 

Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ. 

Which of the following is the MOST important to be considered before going ahead with the service? 

A. Internal auditors have approved the outsourcing arrangement. 

B. Penetration testing can be performed on the externally facing web system. 

C. Ensure there are security controls within the contract and the right to audit. 

D. A physical site audit is performed on Company XYZ’s management / operation. 

Answer:


Q79. - (Topic 1) 

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO). 

A. LDAP/S 

B. SAML 

C. NTLM 

D. OAUTH 

E. Kerberos 

Answer: B,E 


Q80. - (Topic 4) 

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented? 

A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues 

B. Improper handling of client data, interoperability agreement issues and regulatory issues 

C. Cultural differences, increased cost of doing business and divestiture issues 

D. Improper handling of customer data, loss of intellectual property and reputation damage 

Answer: