[Free] 2018(Mar) EnsurePass Testinsides CompTIA CAS-002 Dumps with VCE and PDF 51-60
Ensurepass.com : Ensure you pass the IT Exams
2018 Mar CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/CAS-002.html
CompTIA Advanced Security Practitioner (CASP)
Question No: 51 – (Topic 1)
News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?
-
Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
-
Implement an application whitelist at all levels of the organization.
-
Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
-
Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
Answer: B
Question No: 52 – (Topic 1)
An application present on the majority of an organization’s 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?
-
Deploy custom HIPS signatures to detect and block the attacks.
-
Validate and deploy the appropriate patch.
-
Run the application in terminal services to reduce the threat landscape.
-
Deploy custom NIPS signatures to detect and block the attacks.
Answer: B
Question No: 53 – (Topic 1)
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?
-
The company should mitigate the risk.
-
The company should transfer the risk.
-
The company should avoid the risk.
-
The company should accept the risk.
Answer: B
Question No: 54 – (Topic 1)
A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?
-
Agile
-
Waterfall
-
Scrum
-
Spiral
Answer: B
Question No: 55 – (Topic 1)
A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, “BYOD clients must meet the company’s infrastructure requirements to permit a connection.” The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?
-
Asset management
-
IT governance
-
Change management
-
Transference of risk
Answer: B
Question No: 56 – (Topic 1)
Which of the following provides the BEST risk calculation methodology?
-
Annual Loss Expectancy (ALE) x Value of Asset
-
Potential Loss x Event Probability x Control Failure Probability
-
Impact x Threat x Vulnerability
-
Risk Likelihood x Annual Loss Expectancy (ALE)
Answer: B
Question No: 57 – (Topic 1)
An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?
-
Guest users could present a risk to the integrity of the company’s information
-
Authenticated users could sponsor guest access that was previously approved by management
-
Unauthenticated users could present a risk to the confidentiality of the company’s information
-
Meeting owners could sponsor guest access if they have passed a background check
Answer: C
Question No: 58 – (Topic 1)
A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company’s online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?
A. $60,000 B. $100,000 C. $140,000 D. $200,000
Answer: A
Question No: 59 – (Topic 1)
A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider?
-
Offload some data processing to a public cloud
-
Aligning their client intake with the resources available
-
Using a community cloud with adequate controls
-
Outsourcing the service to a third party cloud provider
Answer: C
Question No: 60 – (Topic 1)
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?
-
vTPM
-
HSM
-
TPM
-
INE
Answer: A
100% Ensurepass Free Download!
–Download Free Demo:CAS-002 Demo PDF
100% Ensurepass Free Guaranteed!
–CAS-002 Dumps
| EnsurePass | ExamCollection | Testking | |
|---|---|---|---|
| Lowest Price Guarantee | Yes | No | No |
| Up-to-Dated | Yes | No | No |
| Real Questions | Yes | No | No |
| Explanation | Yes | No | No |
| PDF VCE | Yes | No | No |
| Free VCE Simulator | Yes | No | No |
| Instant Download | Yes | No | No |
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF