Top Quality of CAS-002 test engine materials and testing material for CompTIA certification for customers, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!

P.S. Top Quality CAS-002 testing material are available on Google Drive, GET MORE: https://drive.google.com/open?id=1ddthACQd1JGf0imm89GpLL8acwMLf-_e


New CompTIA CAS-002 Exam Dumps Collection (Question 12 - Question 21)

Q12. After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation:

Once at the command prompt, the administrator issues the below commanD. Which of the following is true about the above situation?

A. The administrator must use the sudo command in order to restart the service.

B. The administrator used the wrong SSH port to restart the DNS server.

C. The service was restarted correctly, but it failed to bind to the network interface.

D. The service did not restart because the bind command is privileged.

Answer: A


Q13. A companyu2019s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?

A. Require all development to follow secure coding practices.

B. Require client-side input filtering on all modifiable fields.

C. Escape character sequences at the application tier.

D. Deploy a WAF with application specific signatures.

Answer: A


Q14. An administrator is reviewing logs and sees the following entry:

Message: Access denied with code 403 (phase 2). Pattern match "\\bunion\\b.{1,100}?\\bselect\\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag

"OWASP_AppSensor/CIE1"]

Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?

A. Session hijacking

B. Cross-site script

C. SQL injection

D. Buffer overflow

Answer: C


Q15. A finance manager says that the company needs to ensure that the new system can u201creplayu201d data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the companyu2019s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manageru2019s needs?

A. Compliance standards

B. User requirements

C. Data elements

D. Data storage

E. Acceptance testing

F. Information digest

G. System requirements

Answer: B


Q16. Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).

A. Passive banner grabbing

B. Password cracker

C.

http://www.company.org/documents_private/index.php?search=string#&topic=windows&tcp

=packet%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4

D. 443/tcp open http

E. dig host.company.com

F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0

G. Nmap

Answer: A,F,G


Q17. CORRECT TEXTAn administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission

Answer: You need to check the hash value of download software with md5 utility.


Q18. A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?

A. Ensure the process functions in a secure manner from customer input to audit review.

B. Security solutions result in zero additional processing latency.

C. Ensure the process of storing audit records is in compliance with applicable laws.

D. Web transactions are conducted in a secure network channel.

Answer: A


Q19. The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?

A. One of the companies may use an outdated VDI.

A. B. Corporate websites may be optimized for different web browsers.

C. Industry security standards and regulations may be in conflict.

D. Data loss prevention standards in one company may be less stringent.

Answer: C


Q20. About twice a year a switch fails in a company's network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year.

Which of the following is true in this scenario?

A. It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure.

B. It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract.

C. It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage.

D. It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract.

Answer: D


Q21. An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?

A. Increase the virtual RAM allocation to high I/O servers.

B. Install a management NIC and dedicated virtual switch.

C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.

D. Move the guest web server to another dedicated host.

Answer: B


100% Rebirth CompTIA CAS-002 Questions & Answers shared by Certleader, Get HERE: https://www.certleader.com/CAS-002-dumps.html (New 450 Q&As)