[Free] 2018(Jan) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 31-40

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 31 – (Topic 1)

A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase.

Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).

  1. Perform unit testing of the binary code

  2. Perform code review over a sampling of the front end source code

  3. Perform black box penetration testing over the solution

  4. Perform grey box penetration testing over the solution

  5. Perform static code review over the front end source code

Answer: D,E

Question No: 32 – (Topic 1)

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news?

  1. Update company policies and procedures

  2. Subscribe to security mailing lists

  3. Implement security awareness training

  4. Ensure that the organization vulnerability management plan is up-to-date

Answer: B

Question No: 33 – (Topic 1)

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

  1. Web cameras

  2. Email

  3. Instant messaging

  4. BYOD

  5. Desktop sharing

  6. Presence

Answer: C,E

Question No: 34 – (Topic 1)

An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

  1. The company’s IDS signatures were not updated.

  2. The company’s custom code was not patched.

  3. The patch caused the system to revert to http.

  4. The software patch was not cryptographically signed.

  5. The wrong version of the patch was used.

  6. Third-party plug-ins were not patched.

Answer: B,F

Question No: 35 – (Topic 1)

A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration?

  1. Virtualize the web servers locally to add capacity during registration.

  2. Move the database servers to an elastic private cloud while keeping the web servers local.

  3. Move the database servers and web servers to an elastic private cloud.

  4. Move the web servers to an elastic public cloud while keeping the database servers local.

Answer: D

Question No: 36 – (Topic 1)

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

  1. Ensure the SaaS provider supports dual factor authentication.

  2. Ensure the SaaS provider supports encrypted password transmission and storage.

  3. Ensure the SaaS provider supports secure hash file exchange.

  4. Ensure the SaaS provider supports role-based access control.

  5. Ensure the SaaS provider supports directory services federation.

Answer: E

Question No: 37 – (Topic 1)

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

  1. During the Identification Phase

  2. During the Lessons Learned phase

  3. During the Containment Phase

  4. During the Preparation Phase

Answer: B

Question No: 38 – (Topic 1)

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?

  1. Implement an IPS to block the application on the network

  2. Implement the remote application out to the rest of the servers

  3. Implement SSL VPN with SAML standards for federation

  4. Implement an ACL on the firewall with NAT for remote access

Answer: C

Question No: 39 – (Topic 1)

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.


The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?

  1. Input validation

  2. SQL injection


  4. Session hijacking

Answer: C

Question No: 40 – (Topic 1)

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?

  1. Deploy new perimeter firewalls at all stores with UTM functionality.

  2. Change antivirus vendors at the store and the corporate office.

  3. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.

  4. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.

Answer: A

100% Ensurepass Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Ensurepass Free Guaranteed!
CAS-002 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.