CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 321:

  A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The current location has video surveillance throughout the building

  and entryways.

  The following requirements must be met:

  Able to log entry of all employees in and out of specific areas

  

  Access control into and out of all sensitive areas

  

  Tailgating prevention

  

  Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

  A. Discretionary Access control
  B. Man trap
  C. Visitor logs
  D. Proximity readers
  E. Motion detection sensors
  B. Man trap
  D. Proximity readers

• Question 322:

  The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

  A. Business or technical justification for not implementing the requirements.
  B. Risks associated with the inability to implement the requirements.
  C. Industry best practices with respect to the technical implementation of the current controls.
  D. All sections of the policy that may justify non-implementation of the requirements.
  E. A revised DRP and COOP plan to the exception form.
  F. Internal procedures that may justify a budget submission to implement the new requirement.
  G. Current and planned controls to mitigate the risks.
  A. Business or technical justification for not implementing the requirements.
  B. Risks associated with the inability to implement the requirements.
  G. Current and planned controls to mitigate the risks.

• Question 323:

  Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ's hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?

  A. Most of company XYZ's customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.
  B. The availability requirements in SLAs with each hosted customer would have to be re- written to account for the transfer of virtual machines between physical platforms for regular maintenance.
  C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
  D. Not all of company XYZ's customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.
  C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.

• Question 324:

  Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process?

  A. Collection, Identification, Preservation, Examination, Analysis, Presentation.
  B. Identification, Preservation, Collection, Examination, Analysis, Presentation.
  C. Collection, Preservation, Examination, Identification, Analysis, Presentation.
  D. Identification, Examination, Preservation, Collection, Analysis, Presentation.
  B. Identification, Preservation, Collection, Examination, Analysis, Presentation.

• Question 325:

  A corporation has expanded for the first time by integrating several newly acquired businesses. Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).

  A. Remove acquired companies Internet access.
  B. Federate identity management systems.
  C. Install firewalls between the businesses.
  D. Re-image all end user computers to a standard image.
  E. Develop interconnection policy.
  F. Conduct a risk analysis of each acquired company's networks.
  E. Develop interconnection policy.
  F. Conduct a risk analysis of each acquired company's networks.

• Question 326:

  Company XYZ is building a new customer facing website which must access some corporate resources. The company already has an internal facing web server and a separate server supporting an extranet to which suppliers have access. The extranet web server is located in a network DMZ. The internal website is hosted on a laptop on the internal corporate network. The internal network does not restrict traffic between any internal hosts. Which of the following locations will BEST secure both the intranet and the customer facing website?

  A. The existing internal network segment
  B. Dedicated DMZ network segments
  C. The existing extranet network segment
  D. A third-party web hosting company
  B. Dedicated DMZ network segments

• Question 327:

  A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO's requirements?

  A. Use the security assurance team and development team to perform Grey box testing.
  B. Sign a NDA with a large consulting firm and use the firm to perform Black box testing.
  C. Use the security assurance team and development team to perform Black box testing.
  D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.
  D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

• Question 328:

  A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, total uniformity presents other problems. Which of the following presents the GREATEST risk when consolidating to a single vendor or design solution?

  A. Competitors gain an advantage by increasing their service offerings.
  B. Vendor lock in may prevent negotiation of lower rates or prices.
  C. Design constraints violate the principle of open design.
  D. Lack of diversity increases the impact of specific events or attacks.
  D. Lack of diversity increases the impact of specific events or attacks.

• Question 329:

  An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and configuration parameters that technicians could follow during the deployment process?

  A. Automated workflow
  B. Procedure
  C. Corporate standard
  D. Guideline
  E. Policy
  D. Guideline

• Question 330:

  A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

  A. Survey threat feeds from services inside the same industry.
  B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
  C. Conduct an internal audit against industry best practices to perform a qualitative analysis.
  D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
  A. Survey threat feeds from services inside the same industry.