CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 581:

  Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?

  A. Write over the data
  B. Purge the data
  C. Incinerate the DVD
  D. Shred the DVD
  D. Shred the DVD

• Question 582:

  Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

  A. Test password complexity of all login fields and input validation of form fields
  B. Reverse engineering any thick client software that has been provided for the test
  C. Undertaking network-based denial of service attacks in production environment
  D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
  E. Running a vulnerability scanning tool to assess network and host weaknesses
  C. Undertaking network-based denial of service attacks in production environment

• Question 583:

  The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment. Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?

  A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing.
  B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.
  C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information.
  D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted.
  B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.

• Question 584:

  A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

  A. Agile
  B. Waterfall
  C. Scrum
  D. Spiral
  B. Waterfall

• Question 585:

  The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

  A. Business or technical justification for not implementing the requirements.
  B. Risks associated with the inability to implement the requirements.
  C. Industry best practices with respect to the technical implementation of the current controls.
  D. All section of the policy that may justify non-implementation of the requirements.
  E. A revised DRP and COOP plan to the exception form.
  F. Internal procedures that may justify a budget submission to implement the new requirement.
  G. Current and planned controls to mitigate the risks.
  A. Business or technical justification for not implementing the requirements.
  B. Risks associated with the inability to implement the requirements.
  G. Current and planned controls to mitigate the risks.

• Question 586:

  A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator notices that speakers and microphones are hard-wired and wireless enabled. Which of the following security concerns should the system administrator have about the existing technology in the room?

  A. Wired transmissions could be intercepted by remote users.
  B. Bluetooth speakers could cause RF emanation concerns.
  C. Bluetooth is an unsecure communication channel.
  D. Wireless transmission causes interference with the video signal.
  C. Bluetooth is an unsecure communication channel.

• Question 587:

  A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well- written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?

  A. The resulting impact of even one attack being realized might cripple the company financially.
  B. Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities.
  C. The director is new and is being rushed to approve a project before an adequate assessment has been performed.
  D. The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.
  A. The resulting impact of even one attack being realized might cripple the company financially.

• Question 588:

  The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor

  corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.

  Which of the following equipment MUST be deployed to guard against unknown threats?

  A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.
  B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.
  C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.
  D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.
  D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

• Question 589:

  A large bank deployed a DLP solution to detect and block customer and credit card data from leaving the organization via email. A disgruntled employee was able to successfully exfiltrate data through the corporate email gateway by embedding a word processing document containing sensitive data as an object in a CAD file. Which of the following BEST explains why it was not detected and blocked by the DLP solution? (Select TWO).

  A. The product does not understand how to decode embedded objects.
  B. The embedding of objects in other documents enables document encryption by default.
  C. The process of embedding an object obfuscates the data.
  D. The mail client used to send the email is not compatible with the DLP product.
  E. The DLP product cannot scan multiple email attachments at the same time.
  A. The product does not understand how to decode embedded objects.
  C. The process of embedding an object obfuscates the data.

• Question 590:

  A system worth $100,000 has an exposure factor of eight percent and an ARO of four. Which of the following figures is the system's SLE?

  A. $2,000
  B. $8,000
  C. $12,000
  D. $32,000
  B. $8,000