Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. High value CAS-002 class are available on Google Drive, GET MORE: https://drive.google.com/open?id=1J1BBpAPWFcvqB6OREC6YP3KoGX0G5jQM
New Questions 8
A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.
Which of the following is the solutions architect MOST likely trying to implement?
A. One time pads
B. PKI
C. Quantum cryptography
D. Digital rights management
Answer: A
New Questions 9
A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospitalu2021s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospitalu2021s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
Answer: A,D
New Questions 10
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZu2021s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory
requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?
A. Most of company XYZu2021s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.
B. The availability requirements in SLAs with each hosted customer would have to be re- written to account for the transfer of virtual machines between physical platforms for regular maintenance.
C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
D. Not all of company XYZu2021s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.
Answer: C
New Questions 11
A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the systemu2021s SLE?
A. $2,000 B. $8,000 C. $12,000 D. $32,000
Answer: B
New Questions 12
Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?
A. Deduplication
A. B. Data snapshots
C. LUN masking
D. Storage multipaths
Answer: C
New Questions 13
A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).
A. NIPS
B. HSM
C. HIPS
D. NIDS
E. WAF
Answer: C,E
New Questions 14
A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?
A. Update company policies and procedures
B. Subscribe to security mailing lists
C. Implement security awareness training
A. D. Ensure that the organization vulnerability management plan is up-to-date
Answer: B
New Questions 15
A company sales manager received a memo from the companyu2021s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial departmentu2021s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?
A. Discuss the issue with the software product's user groups
B. Consult the companyu2021s legal department on practices and law
C. Contact senior finance management and provide background information
D. Seek industry outreach for software practices and law
Answer: B
New Questions 16
Two universities are making their 802.11n wireless networks available to the other universityu2021s students. The infrastructure will pass the studentu2021s credentials back to the home school for authentication via the Internet.
The requirements are:
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A. The transport layer between the RADIUS servers should be secured
B. WPA Enterprise should be used to decrease the network overhead
C. The RADIUS servers should have local accounts for the visiting students
D. Students should be given certificates to use for authentication to the network
Answer: A
New Questions 17
An employee is performing a review of the organizationu2021s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams?
A. BPA
B. BIA
C. MOU
D. OLA
Answer: C
Recommend!! Get the High value CAS-002 dumps in VCE and PDF From Certleader, Welcome to download: https://www.certleader.com/CAS-002-dumps.html (New 532 Q&As Version)