The actual fiercer competitiveness from the The item field causes it to become harder for our own The item staff to get satisfactory jobs. CompTIA can be a tool that should be certain a gradual task. CompTIA Documentation CAS-002 Audit happens to be an key assessment from the CAS-002 Hardcopy. If only you began to get ready to your CompTIA exam, have youI recognise the particular complicated its. Currently, the research things for doing this checkups are way too many seem to select. Itll cost you time and effort when choosing the correct things. Because of this, candidates got sacrificed discovering an excellent one particular. As there are too many CompTIA materials at present, it is increasingly difficult for candidates to select the suitable one particular.

2016 Nov comptia casp cas-002 pdf:

Q341. - (Topic 2) 

A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be introduced into hospitals within the next 12 months. In order to ensure a competitor does not become aware, management at the medical device manufacturer has decided to keep it secret until formal contracts are signed. Which of the following documents is MOST likely to contain a description of the initial terms and arrangement and is not legally enforceable? 

A. OLA 

B. BPA 

C. SLA 

D. SOA 

E. MOU 

Answer:


Q342. - (Topic 1) 

A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO). 

A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit. 

B. A DLP gateway should be installed at the company border. 

C. Strong authentication should be implemented via external biometric devices. 

D. Full-tunnel VPN should be required for all network communication. 

E. Full-drive file hashing should be implemented with hashes stored on separate storage. 

F. Split-tunnel VPN should be enforced when transferring sensitive data. 

Answer: B,D 


Q343. - (Topic 1) 

An application present on the majority of an organization’s 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue? 

A. Deploy custom HIPS signatures to detect and block the attacks. 

B. Validate and deploy the appropriate patch. 

C. Run the application in terminal services to reduce the threat landscape. 

D. Deploy custom NIPS signatures to detect and block the attacks. 

Answer:


Q344. DRAG DROP - (Topic 3) 

Drag and Drop the following information types on to the appropriate CIA category 

Answer: 


Q345. - (Topic 3) 

A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack? 

A. Deploy the following ACL to the HIPS: DENY - TCP - ANY - ANY – 445. 

B. Run a TCP 445 port scan across the organization and patch hosts with open ports. 

C. Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445. 

D. Force a signature update and full system scan from the enterprise anti-virus solution. 

Answer:


Up to date certainteed cas-002:

Q346. - (Topic 4) 

A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information? 

A. Require all development to follow secure coding practices. 

B. Require client-side input filtering on all modifiable fields. 

C. Escape character sequences at the application tier. 

D. Deploy a WAF with application specific signatures. 

Answer:


Q347. - (Topic 1) 

An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence? 

A. Review switch and router configurations 

B. Review the security policies and standards 

C. Perform a network penetration test 

D. Review the firewall rule set and IPS logs 

Answer:


Q348. - (Topic 2) 

A network engineer wants to deploy user-based authentication across the company’s wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each user’s network access be controlled based on the user’s role within the company. Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO). 

A. SAML 

B. WAYF 

C. LDAP 

D. RADIUS 

E. Shibboleth 

F. PKI 

Answer: C,D 


Q349. CORRECT TEXT - (Topic 2) 

Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range. 

Instructions: Click on the simulation button to refer to the Network Diagram for Company A. 

Click on Router 1, Router 2, and the Firewall to evaluate and configure each device. 

Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces. 

Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network. 

Answer: Please check the explanation part for the solution. 


Q350. - (Topic 2) 

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE? 

A. $6,000 

B. $24,000 

C. $30,000 

D. $96,000 

Answer: