Pass4sure CAS-002 Training retains its uniqueness as you become more than just the cell phone working experience, instead from the world wide area you will get possibility to apply it many ways. CompTIA CAS-002 the answers with Pass4sure save your valuable standard classrooms schooling needs. You dont have to burrow to get CompTIA Official certifications CAS-002 Braindumps also. Break out of scheduled schooling timings in addition to sway on the new trend of Pass4sure CAS-002 in addition to CAS-002 Perform Checks at the private swiftness.

2021 Apr CAS-002 test question

Q221. - (Topic 1) 

A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue? 

A. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption. 

B. Require each user to log passwords used for file encryption to a decentralized repository. 

C. Permit users to only encrypt individual files using their domain password and archive all old user passwords. 

D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI. 

Answer:


Q222. - (Topic 4) 

A large bank deployed a DLP solution to detect and block customer and credit card data from leaving the organization via email. A disgruntled employee was able to successfully exfiltrate data through the corporate email gateway by embedding a word processing document containing sensitive data as an object in a CAD file. Which of the following BEST explains why it was not detected and blocked by the DLP solution? (Select TWO). 

A. The product does not understand how to decode embedded objects. 

B. The embedding of objects in other documents enables document encryption by default. 

C. The process of embedding an object obfuscates the data. 

D. The mail client used to send the email is not compatible with the DLP product. 

E. The DLP product cannot scan multiple email attachments at the same time. 

Answer: A,C 


Q223. - (Topic 2) 

An employee is performing a review of the organization’s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams? 

A. BPA 

B. BIA 

C. MOU 

D. OLA 

Answer:


Q224. - (Topic 5) 

A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input? 

A. Client side input validation 

B. Stored procedure 

C. Encrypting credit card details 

D. Regular expression matching 

Answer:


Q225. - (Topic 2) 

An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability? 

A. Source code vulnerability scanning 

B. Time-based access control lists 

C. ISP to ISP network jitter 

D. File-size validation 

E. End to end network encryption 

Answer:


Regenerate CAS-002 braindumps:

Q226. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 

Answer:


Q227. - (Topic 4) 

Which of the following are components defined within an Enterprise Security Architecture Framework? (Select THREE). 

A. Implementation run-sheets 

B. Solution designs 

C. Business capabilities 

D. Solution architectures 

E. Business requirements documents 

F. Reference models 

G. Business cases 

H. Business vision and drivers 

Answer: C,F,H 


Q228. - (Topic 1) 

An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems? 

A. Use the pass the hash technique 

B. Use rainbow tables to crack the passwords 

C. Use the existing access to change the password 

D. Use social engineering to obtain the actual password 

Answer:


Q229. - (Topic 2) 

A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this? 

A. Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables. 

B. Allow the security engineering team to do application development so they understand why it takes so long. 

C. Allow the application developers to attend a sales conference so they understand how business is done. 

D. Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle. 

Answer:


Q230. - (Topic 4) 

In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO). 

A. Provide free email software for personal devices. 

B. Encrypt data in transit for remote access. 

C. Require smart card authentication for all devices 

D. Implement NAC to limit insecure devices access. 

E. Enable time of day restrictions for personal devices. 

Answer: B,D