2018 June New CompTIA CAS-002 Exam Dumps with PDF and VCE Just Updated Today! Following are some new CAS-002 Real Exam Questions:
1.|2018 Latest CAS-002 Exam Dumps (PDF & VCE) 900Q&As Download:
2.|2018 Latest CAS-002 Exam Questions & Answers Download:
A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol.
Which of the following should be used to mitigate the security risks of this system?
A. Migrate the system to IPv6.
B. Migrate the system to RSH.
C. Move the system to a secure VLAN.
D. Use LDAPs for authentication.
A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security.
It is the consultant’s first day on the job.
Which of the following network design considerations should the consultant consider? (Select THREE).
A. What hardware and software would work best for securing the network?
B. What corporate assets need to be protected?
C. What are the business needs of the organization?
D. What outside threats are most likely to compromise network security?
E. What is the budget for this project?
F. What time and resources are needed to carry out the security plan?
The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks specifically deploying third party patches to vulnerable software.
Two months prior, the majority of the company systems were compromised because of a zero day exploit.
Due to budget constraints the company only has operational systems.
The CIO wants the Security Manager to research the use of these patches.
Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?
A. The company does not have an adequate test environment to validate the impact of the
third party patch, introducing unknown risks.
B. The third party patch may introduce additional unforeseen risks and void the software
licenses for the patched applications.
C. The company’s patch management solution only supports patches and updates released
directly by the vendor.
D. Another period of vulnerability will be introduced because of the need to remove the third
party patch prior to installing any vendor patch.
The security administrator at `company.com’ is reviewing the network logs and notices a new UDP port pattern where the amount of UDP port 123 packets has increased by 20% above the baseline.
The administrator runs a packet capturing tool from a server attached to a SPAN port and notices the following.
UDP 192.168.0.1:123 -> 126.96.36.199:123
UDP 192.168.0.36:123 -> time.company.com
UDP 192.168.0.112:123 -> 188.8.131.52:123
UDP 192.168.0.91:123 -> time.company.com
UDP 192.168.0.211:123 -> 184.108.40.206:123
UDP 192.168.0.237:123 -> time.company.com
UDP 192.168.0.78:123 -> 220.127.116.11:123
The corporate HIPS console reports an MD5 hash mismatch on the svchost.exe file of the following computers:
Which of the following should the security administrator report to upper management based on the above output?
A. An NTP client side attack successfully exploited some hosts.
B. A DNS cache poisoning successfully exploited some hosts.
C. An NTP server side attack successfully exploited some hosts.
D. A DNS server side attack successfully exploited some hosts.
In order to reduce cost and improve employee satisfaction, a large corporation has decided to allow personal communication devices to access email and to remotely connect to the corporate network.
Which of the following security measures should the IT organization implement? (Select TWO).
A. A device lockdown according to policies
B. An IDS on the internal networks
C. A data disclosure policy
E. Encrypt data in transit for remote access
The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet.
The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller.
Defending against which of the following attacks should form the basis of the incident mitigation plan?
B. SYN flood
C. Buffer overflow
D. Privilege escalation
A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferences to protect confidentiality.
Which of the following should the security engineer recommend?
A. Implement H.235 extensions with DES to secure the audio and video transport.
B. Recommend moving to SIP and RTP as those protocols are inherently secure.
C. Recommend implementing G.711 for the audio channel and H.264 for the video.
D. Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.
A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling.
The company is implementing remote access for company laptops.
Which of the following security systems should be implemented for remote access? (Select TWO).
A. Virtual Private Network
B. Secure Sockets Layer for web servers
C. Network monitoring
D. Multifactor authentication for users
E. Full disk encryption
F. Intrusion detection systems
An administrator would like to connect a server to a SAN.
Which of the following processes would BEST allow for availability and access control?
A. Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication
and data snapshots.
B. Install a multipath LUN on the server with deduplication, and enable LUN masking on the
C. Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.
D. Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking
Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?
A. Secure Software Requirements
B. Secure Software Implementation
C. Secure Software Design
D. Software Acceptance
A security engineer at a major financial institution is prototyping multiple secure network configurations.
The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network.
All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions.
Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?
A. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable
regulations and laws.
B. Interoperability with the Security Administration Remote Access protocol, integrity of the data
at rest, overall network availability, and compliance with corporate and government
regulations and policies.
C. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all
data in transit, security of change management processes and procedures, and resilience of
the firewalls to power fluctuations.
D. Decommissioning plan for the new network, proper disposal protocols for the existing
network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.
E. Ensuring smooth transition of maintenance resources to support the new network, updating
all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.
1.|2018 Latest CAS-002 Exam Dumps (PDF & VCE) 900Q&As Download:
2.|2018 Latest CAS-002 Study Guide Video: