When you visit Ucertify.org, please stop at our home page and possess a search carefully. You can find all the crucial contents which may appear in the genuine CompTIA CAS-002 exam. And if you do not know how to prepare to the CAS-002 exam, our specialists will help you, or even you can find out form our own CompTIA CAS-002 study manual. Ucertify is the just one web site that gives with every one of the CompTIA CompTIA preparation materials. If you are a busy worker, youd far better take part in our CompTIA CAS-002 education course. It is just a quickest and sound way to suit your needs to get the actual CompTIA CAS-002 certification.
2021 Nov CAS-002 real exam
Q1. - (Topic 3)
When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conference’s resources?
A. Wireless network security may need to be increased to decrease access of mobile devices.
B. Physical security may need to be increased to deter or prevent theft of mobile devices.
C. Network security may need to be increased by reducing the number of available physical network jacks.
D. Wireless network security may need to be decreased to allow for increased access of mobile devices.
Answer: C
Q2. - (Topic 5)
A company has migrated its data and application hosting to a cloud service provider (CSP).
To meet its future needs, the company considers an IdP. Why might the company want to select an IdP that is separate from its CSP? (Select TWO).
A. A circle of trust can be formed with all domains authorized to delegate trust to an IdP
B. Identity verification can occur outside the circle of trust if specified or delegated
C. Replication of data occurs between the CSP and IdP before a verification occurs
D. Greater security can be provided if the circle of trust is formed within multiple CSP domains
E. Faster connections can occur between the CSP and IdP without the use of SAML
Answer: A,D
Q3. - (Topic 3)
A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve?
A. Increased customer data availability
B. Increased customer data confidentiality
C. Increased security through provisioning
D. Increased security through data integrity
Answer: A
Q4. - (Topic 2)
Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?
A. Require each Company XYZ employee to use an IPSec connection to the required systems
B. Require Company XYZ employees to establish an encrypted VDI session to the required systems
C. Require Company ABC employees to use two-factor authentication on the required systems
D. Require a site-to-site VPN for intercompany communications
Answer: B
Q5. - (Topic 1)
The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?
A. The corporate network is the only network that is audited by regulators and customers.
B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
C. Home networks are unknown to attackers and less likely to be targeted directly.
D. Employees are more likely to be using personal computers for general web browsing when they are at home.
Answer: B
Up to the minute CAS-002 exam topics:
Q6. - (Topic 2)
A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).
A. NIPS
B. HSM
C. HIPS
D. NIDS
E. WAF
Answer: C,E
Q7. - (Topic 3)
A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?
A. Point to point VPNs for all corporate intranet users.
B. Cryptographic hashes of all data transferred between services.
C. Service to service authentication for all workflows.
D. Two-factor authentication and signed code
Answer: C
Q8. - (Topic 4)
Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption, while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?
A. Company A must install an SSL tunneling service on the financial system.
B. Company A’s security administrator should use an HTTPS capable browser to transfer the data.
C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.
Answer: A
Q9. - (Topic 5)
A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contract’s SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment. Which of the following approaches presents the MOST risk to the security assessment?
A. The security manager reviews the system description for the previous accreditation, but does not review application change records.
B. The security manager decides to use the previous SRTM without reviewing the system description.
C. The security manager hires an administrator from the previous contract to complete the assessment.
D. The security manager does not interview the vendor to determine if the system description is accurate.
Answer: B
Q10. - (Topic 2)
An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements?
A. Implementing federated network access with the third party.
B. Using a HSM at the network perimeter to handle network device access.
C. Using a VPN concentrator which supports dual factor via hardware tokens.
D. Implementing 802.1x with EAP-TTLS across the infrastructure.
Answer: D