[Free] 2018(June) Dumps4cert CompTIA CAS-002 Dumps with VCE and PDF Download 141-150

By | June 14, 2018

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 141 – (Topic 2)

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?

  1. Require each Company XYZ employee to use an IPSec connection to the required systems

  2. Require Company XYZ employees to establish an encrypted VDI session to the required systems

  3. Require Company ABC employees to use two-factor authentication on the required systems

  4. Require a site-to-site VPN for intercompany communications

Answer: B

Question No: 142 – (Topic 2)

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank’s other systems through dedicated encrypted links. Which of the following is critical to ensure the successful management of system security concerns between the two organizations?

  1. ISA

  2. BIA

  3. MOU

  4. SOA

  5. BPA

Answer: A

Question No: 143 – (Topic 2)

A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?

  1. Generate a one-time key as part of the device registration process.

  2. Require SSL between the mobile application and the web services gateway.

  3. The jsession cookie should be stored securely after authentication.

  4. Authentication assertion should be stored securely on the client.

Answer: D

Question No: 144 – (Topic 2)

After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of the following is the MOST likely cause of the problem?

  1. The binary files used by the application have been modified by malware.

  2. The application is unable to perform remote attestation due to blocked ports.

  3. The restored image backup was encrypted with the wrong key.

  4. The hash key summary of hardware and installed software no longer match.

Answer: D

Question No: 145 – (Topic 2)

A finance manager says that the company needs to ensure that the new system can “replay” data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the company’s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manager’s needs?

  1. Compliance standards

  2. User requirements

  3. Data elements

  4. Data storage

  5. Acceptance testing

  6. Information digest

  7. System requirements

Answer: B

Question No: 146 – (Topic 2)

An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?

  1. Back office database

  2. Asset tracking

  3. Geo-fencing

  4. Barcode scanner

Answer: C

Question No: 147 – (Topic 2)

A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).

  1. NIPS

  2. HSM

  3. HIPS

  4. NIDS

  5. WAF

Answer: C,E

Question No: 148 – (Topic 2)

During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company’s database server. Which of the following is the correct order in which the forensics team should engage?

  1. Notify senior management, secure the scene, capture volatile storage, capture non- volatile storage, implement chain of custody, and analyze original media.

  2. Take inventory, secure the scene, capture RAM, capture had drive, implement chain of

    custody, document, and analyze the data.

  3. Implement chain of custody, take inventory, secure the scene, capture volatile and non- volatile storage, and document the findings.

  4. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

Answer: D

Question No: 149 – (Topic 2)

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).

  1. Jailbroken mobile device

  2. Reconnaissance tools

  3. Network enumerator

  4. HTTP interceptor

  5. Vulnerability scanner

  6. Password cracker

Answer: D,E

Question No: 150 – (Topic 2)

An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement?

  1. Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development.

  2. Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.

  3. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.

  4. Agile development has different phases and timings compared to Waterfall. Security

activities need to be adapted and performed within relevant Agile phases.

Answer: D

100% Dumps4cert Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Dumps4cert Pass Guaranteed!
CAS-002 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.