The Secret of CompTIA CAS-002 dumps

Q1. An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?

A. Back office database

B. Asset tracking

C. Geo-fencing

D. Barcode scanner

View Answer

Q2. A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?

A. A physically isolated network that allows for secure metric collection.

A. B. A physically isolated network with inband management that uses two factor authentication.

C. A logically isolated network with inband management that uses secure two factor authentication.

D. An isolated network that provides secure out-of-band remote management.

View Answer

Q3. New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

A. Establish an emergency response call tree.

B. Create an inventory of applications.

C. Backup the router and firewall configurations.

D. Maintain a list of critical systems.

E. Update all network diagrams.

View Answer

Q4. A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been received:

Bundled offering expected to be $100,000 per year.

Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.

Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following

options is MOST accurate?

A. Based on cost alone, having an outsourced solution appears cheaper.

B. Based on cost alone, having an outsourced solution appears to be more expensive.

C. Based on cost alone, both outsourced an in-sourced solutions appear to be the same.

D. Based on cost alone, having a purchased product solution appears cheaper.

View Answer

Q5. A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?

A. Ensure the process functions in a secure manner from customer input to audit review.

B. Security solutions result in zero additional processing latency.

C. Ensure the process of storing audit records is in compliance with applicable laws.

D. Web transactions are conducted in a secure network channel.

View Answer

Q6. -- Exhibit u2013

-- Exhibit --

Company management has indicated that instant messengers (IM) add to employee productivity. Management would like to implement an IM solution, but does not have a budget for the project. The security engineer creates a feature matrix to help decide the most secure product. Click on the Exhibit button.

Which of the following would the security engineer MOST likely recommend based on the table?

A. Product A

B. Product B

C. Product C

D. Product D

View Answer

Q7. A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur?

A. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request.

B. Inform the litigators that the CIOs information has been deleted as per corporate policy.

C. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation.

D. Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.

View Answer

Q8. A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.

Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.

Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?

A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.

B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts.

A. C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.

D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.

View Answer

Q9. Company A has a remote work force that often includes independent contractors and out of state full time employees.

Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals:

Which of the following solutions should the security engineer recommend to meet the MOST goals?

A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.

B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.

C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.

D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server

A. Gateway, use remote installation services to standardize application on useru2021s laptops.

View Answer

Q10. The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organizationu2021s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?

A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.

B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.

C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.

D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.

View Answer