2018 June New CompTIA CAS-002 Exam Dumps with PDF and VCE Just Updated Today! Following are some new CAS-002 Real Exam Questions:
1.|2018 Latest CAS-002 Exam Dumps (PDF & VCE) 900Q&As Download:
2.|2018 Latest CAS-002 Exam Questions & Answers Download:
The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices.
Which of the following would the security manager MOST likely implement?
A number of security incidents have been reported involving mobile web-based code developed by a consulting company.
Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user.
After repeating the process several times, the security administrator is able to execute unintentional instructions through this method.
Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?
A. Problem: Cross-site scripting Mitigation Technique.
Input validation Security Concern: Decreases the company’s profits and cross-site scripting
can enable malicious actors to compromise the confidentiality of network connections or
interrupt the availability of the network.
B. Problem: Buffer overflow Mitigation Technique: Secure coding standards
Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.
C. Problem: SQL injection Mitigation Technique: Secure coding standards
Security Concern: Exposes the company to liability SQL injection and can enable malicious
actors to compromise the confidentiality of data or interrupt the availability of a system.
D. Problem: Buffer overflow Mitigation Technique: Output validation
Security Concern: Exposing the company to public scrutiny buffer overflows can enable
malicious actors to interrupt the availability of a system.
A security architect is assigned to a major software development project.
The software development team has a history of writing bug prone, inefficient code, with multiple security flaws in every release.
The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for:
A. error handling, input validation, memory use and reuse, race condition handling,
commenting, and preventing typical security problems.
B. error prevention, requirements validation, memory use and reuse, commenting typical
security problems, and testing code standards.
C. error elimination, trash collection, documenting race conditions, peer review, and typical
D. error handling, input validation, commenting, preventing typical security problems,
managing customers, and documenting extra requirements.
The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity.
This includes the development of a new product tracking application that works with the new platform.
The security manager attempted to stop the deployment because the equipment and application are non-standard and unsupported within the organization.
However, upper management decided to continue the deployment.
Which of the following provides the BEST method for evaluating the potential threats?
A. Conduct a vulnerability assessment to determine the security posture of the new devices
and the application.
B. Benchmark other organization’s that already encountered this type of situation and apply all relevant learning’s and industry best practices.
C. Work with the business to understand and classify the risk associated with the full lifecycle
of the hardware and software deployment.
D. Develop a standard image for the new devices and migrate to a web application to eliminate locally resident data.
A security audit has uncovered a lack of security controls with respect to employees’ network account management.
Specifically, the audit reveals that employee’s network accounts are not disabled in a timely manner once an employee departs the organization.
The company policy states that the network account of an employee should be disabled within eight hours of termination.
However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs.
Furthermore, 2% of the accounts are still active.
Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?
A. Review the HR termination process and ask the software developers to review the identity management code.
B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D. Update the company policy to account for delays and unforeseen situations in account deactivation.
The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by the risk officer has indicated that core business functions are dependent on the outsourced systems.
The risk officer has requested that the IT department calculates the priority of restoration for all systems and applications under the new business model.
Which of the following is the BEST tool to achieve this?
A. Business impact analysis
B. Annualized loss expectancy analysis
C. TCO analysis
D. Residual risk and gap analysis
A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure.
The current location has video surveillance throughout the building and entryways.
The following requirements must be met:
Able to log entry of all employees in and out of specific areas Access control into and out of all sensitive areas Tailgating prevention
Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).
A. Discretionary Access control
B. Man trap
C. Visitor logs
D. Proximity readers
E. Motion detection sensors
The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network.
The CEO proceeded to download sensitive financial documents through their email.
The device was then lost in transit to a conference.
The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved.
This data breach was not properly reported due to insufficient training surrounding which of the following processes?
B. Data handling
C. Incident response
D. Data recovery and storage
The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment.
The Chief Information Security Officer (CISO) was told to research the risk involved in this environment.
Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?
A. Remind users that all emails with sensitive information need be encrypted and physically
inspect the cloud computing.
B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the
C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that
contain sensitive information.
D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive
information need be encrypted.
Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day.
The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events.
Which of the following should the company do to ensure that the chosen MSS meets expectations?
A. Develop a memorandum of understanding on what the MSS is responsible to provide.
B. Create internal metrics to track MSS performance.
C. Establish a mutually agreed upon service level agreement.
D. Issue a RFP to ensure the MSS follows guidelines.
A system administrator needs to develop a policy for when an application server is no longer needed.
Which of the following policies would need to be developed?
A. Backup policy
B. De-provisioning policy
C. Data retention policy
D. Provisioning policy
1.|2018 Latest CAS-002 Exam Dumps (PDF & VCE) 900Q&As Download:
2.|2018 Latest CAS-002 Study Guide Video: