Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. Guaranteed CAS-002 preparation exams are available on Google Drive, GET MORE: https://drive.google.com/open?id=1i-DSDDbU7Ij9pDq-9iid94VozRUrxe72
Question No: 3
The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).
A. SIMu2021s PIN
B. Remote wiping
C. Chargeback system
D. MDM software
E. Presence software
F. Email profiles
A. G. Identity attestation
H. GPS tracking
Answer: B,D,G
Question No: 4
A security tester is testing a website and performs the following manual query: https://www.comptia.com/cookies.jsp?products=5%20and%201=1
The following response is received in the payload: u201cORA-000001: SQL command not properly endedu201d
Which of the following is the response an example of?
A. Fingerprinting
B. Cross-site scripting
C. SQL injection
D. Privilege escalation
Answer: A
Question No: 5
An application present on the majority of an organizationu2021s 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?
A. Deploy custom HIPS signatures to detect and block the attacks.
B. Validate and deploy the appropriate patch.
C. Run the application in terminal services to reduce the threat landscape.
D. Deploy custom NIPS signatures to detect and block the attacks.
Answer: B
Question No: 6
A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firmu2021s expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).
A. Code review
B. Penetration testing
C. Grey box testing
D. Code signing
E. White box testing
Answer: A,E
Question No: 7
Using SSL, an administrator wishes to secure public facing server farms in three subdomains: dc1.east.company.com, dc2.central.company.com, and dc3.west.company.com. Which of the following is the number of wildcard SSL certificates that should be purchased?
A. 0
B. 1
A. C. 3
D. 6
Answer: C
Question No: 8
A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the banku2021s other systems through dedicated encrypted links. Which of the following is critical to ensure the successful management of system security concerns between the two organizations?
A. ISA
B. BIA
C. MOU
D. SOA
E. BPA
Answer: A
Question No: 9
A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?
A. SSL certificate revocation
B. SSL certificate pinning
C. Mobile device root-kit detection
D. Extended Validation certificates
Answer: B
Question No: 10
ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE).
A. Establish a list of users that must work with each regulation
B. Establish a list of devices that must meet each regulation
C. Centralize management of all devices on the network
D. Compartmentalize the network
E. Establish a company framework
F. Apply technical controls to meet compliance with the regulation
Answer: B,D,F
Question No: 11
A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?
A. Agile
B. Waterfall
C. Scrum
D. Spiral
Answer: : B
Question No: 12
A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?
A. Ensure web services hosting the event use TCP cookies and deny_hosts.
B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
C. Contract and configure scrubbing services with third-party DDoS mitigation providers.
D. Purchase additional bandwidth from the companyu2021s Internet service provider.
Answer: C
100% Up to the immediate present CompTIA CAS-002 Questions & Answers shared by Examcollection, Get HERE: http://www.examcollectionuk.com/CAS-002-vce-download.html (New 450 Q&As)