[Free] 2018(Mar) EnsurePass Testking CompTIA CAS-002 Dumps with VCE and PDF 51-60

Ensurepass.com : Ensure you pass the IT Exams
2018 Mar CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 51 – (Topic 1)

News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?

  1. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.

  2. Implement an application whitelist at all levels of the organization.

  3. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.

  4. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.

Answer: B

Question No: 52 – (Topic 1)

An application present on the majority of an organization’s 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?

  1. Deploy custom HIPS signatures to detect and block the attacks.

  2. Validate and deploy the appropriate patch.

  3. Run the application in terminal services to reduce the threat landscape.

  4. Deploy custom NIPS signatures to detect and block the attacks.

Answer: B

Question No: 53 – (Topic 1)

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?

  1. The company should mitigate the risk.

  2. The company should transfer the risk.

  3. The company should avoid the risk.

  4. The company should accept the risk.

Answer: B

Question No: 54 – (Topic 1)

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

  1. Agile

  2. Waterfall

  3. Scrum

  4. Spiral

Answer: B

Question No: 55 – (Topic 1)

A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, “BYOD clients must meet the company’s infrastructure requirements to permit a connection.” The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?

  1. Asset management

  2. IT governance

  3. Change management

  4. Transference of risk

Answer: B

Question No: 56 – (Topic 1)

Which of the following provides the BEST risk calculation methodology?

  1. Annual Loss Expectancy (ALE) x Value of Asset

  2. Potential Loss x Event Probability x Control Failure Probability

  3. Impact x Threat x Vulnerability

  4. Risk Likelihood x Annual Loss Expectancy (ALE)

Answer: B

Question No: 57 – (Topic 1)

An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?

  1. Guest users could present a risk to the integrity of the company’s information

  2. Authenticated users could sponsor guest access that was previously approved by management

  3. Unauthenticated users could present a risk to the confidentiality of the company’s information

  4. Meeting owners could sponsor guest access if they have passed a background check

Answer: C

Question No: 58 – (Topic 1)

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company’s online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?

A. $60,000 B. $100,000 C. $140,000 D. $200,000

Answer: A

Question No: 59 – (Topic 1)

A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider?

  1. Offload some data processing to a public cloud

  2. Aligning their client intake with the resources available

  3. Using a community cloud with adequate controls

  4. Outsourcing the service to a third party cloud provider

Answer: C

Question No: 60 – (Topic 1)

A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?

  1. vTPM

  2. HSM

  3. TPM

  4. INE

Answer: A

100% Ensurepass Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Ensurepass Free Guaranteed!
CAS-002 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com