CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 491:

  Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international

  standards. He has recommended that the company use his cryptographic method.

  Which of the following methodologies should be adopted?

  A. The company should develop an in-house solution and keep the algorithm a secret.
  B. The company should use the CEO's encryption scheme.
  C. The company should use a mixture of both systems to meet minimum standards.
  D. The company should use the method recommended by other respected information security organizations.
  D. The company should use the method recommended by other respected information security organizations.

• Question 492:

  An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?

  A. Guest users could present a risk to the integrity of the company's information
  B. Authenticated users could sponsor guest access that was previously approved by management
  C. Unauthenticated users could present a risk to the confidentiality of the company's information
  D. Meeting owners could sponsor guest access if they have passed a background check
  C. Unauthenticated users could present a risk to the confidentiality of the company's information

• Question 493:

  Company A has a remote work force that often includes independent contractors and out of state full time employees. Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals: All communications between parties need to be encrypted in transport

  

  Users must all have the same application sets at the same version

  

  All data must remain at Company A's site

  

  All users must not access the system between 12:00 and 1:00 as that is the maintenance window

  

  Easy to maintain, patch and change application environment

  

  Which of the following solutions should the security engineer recommend to meet the MOST goals?

  A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.
  B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.
  C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.
  D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server Gateway, use remote installation services to standardize application on user's laptops.
  B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.

• Question 494:

  The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

  A. PING
  B. NESSUS
  C. NSLOOKUP
  D. NMAP
  D. NMAP

• Question 495:

  Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been

  initiated to implement a centralized security infrastructure.

  The requirements are as follows:

  Reduce costs

  

  Improve efficiencies and time to market

  

  Manageable Accurate identity information

  

  

  Standardize on authentication and authorization

  

  Ensure a reusable model with standard integration patterns

  

  Which of the following security solution options will BEST meet the above requirements? (Select THREE).

  A. Build an organization-wide fine grained access control model stored in a centralized policy data store.
  B. Implement self service provisioning of identity information, coarse grained, and fine grained access control.
  C. Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities.
  D. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.
  E. Implement automated provisioning of identity information; coarse grained, and fine grained access control.
  F. Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control.
  G. Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.
  A. Build an organization-wide fine grained access control model stored in a centralized policy data store.
  D. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.
  E. Implement automated provisioning of identity information; coarse grained, and fine grained access control.

• Question 496:

  A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).

  A. The company must dedicate specific staff to act as social media representatives of the company.
  B. All staff needs to be instructed in the proper use of social media in the work environment.
  C. Senior staff blogs should be ghost written by marketing professionals.
  D. The finance department must provide a cost benefit analysis for social media.
  E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.
  F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.
  A. The company must dedicate specific staff to act as social media representatives of the company.
  E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.

• Question 497:

  A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO's business decision?

  A. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.
  B. Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organization's flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.
  C. Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization's flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.
  D. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization's flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.
  D. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization's flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

• Question 498:

  A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).

  A. Use AES in Electronic Codebook mode
  B. Use RC4 in Cipher Block Chaining mode
  C. Use RC4 with Fixed IV generation
  D. Use AES with cipher text padding
  E. Use RC4 with a nonce generated IV
  F. Use AES in Counter mode
  E. Use RC4 with a nonce generated IV
  F. Use AES in Counter mode

• Question 499:

  During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance?

  A. The devices are being modified and settings are being overridden in production.
  B. The patch management system is causing the devices to be noncompliant after issuing the latest patches.
  C. The desktop applications were configured with the default username and password.
  D. 40 percent of the devices use full disk encryption.
  A. The devices are being modified and settings are being overridden in production.

• Question 500:

  An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server. Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline Archived Financial Data = No need for the database to be online. Low damage for integrity loss Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server?

  A. Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)}
  B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)}
  C. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)}
  D. Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)}
  B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)}