This page was exported from New Released Exam Dumps Free Download In Lead2pass
Export date: Fri Jul 20 15:55:06 2018 / +0000 GMT
CompTIA Exam CAS-002 PDF Dump Free Download In Lead2pass: QUESTION 11 A. Traces of proprietary data which can remain on the virtual machine and be exploited Answer: A A. Social Engineering Answer: D A. Entropy should be enabled on all SSLv2 transactions. Answer: C A. The excessive time it will take to merge the company's information systems. Answer: B A. Accepting risk Answer: D A. Data ownership on all files Answer: D A. Schedule weekly vulnerability assessments Answer: C A. Document the security requirements in an email and move on to the next most urgent task. Answer: C A. No effective controls in place Answer: B A. LDAP Answer: D CAS-002 dumps full version (PDF&VCE): https://www.lead2pass.com/cas-002.html Large amount of free CAS-002 exam questions on Google Drive: https://drive.google.com/open?id=13j5iOL_XYuK24xlefcIzTQtqmeQfLY7K
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers.
This allows the company to avoid a large investment in computing resources which will only be used for a short time.
Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
B. Remnants of network data from prior customers on the physical servers during a compute
C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assurance for the web application?
B. Penetration Test
C. Vulnerability Assessment
D. Code Review
A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak.
The security administrator needs to implement a process to ensure that financial transactions will not be compromised if a weak encryption key is found.
Which of the following should the security administrator implement?
B. AES256-CBC should be implemented for all encrypted data.
C. PFS should be implemented on all VPN tunnels.
D. PFS should be implemented on all SSH connections.
Company Z is merging with Company A to expand its global presence and consumer base.
This purchase includes several offices in different countries.
To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed.
Which of the following would be the MOST likely cause for a change in this practice?
B. Countries may have different legal or regulatory requirements.
C. Company A might not have adequate staffing to conduct these reviews.
D. The companies must consolidate security policies during the merger.
A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months.
All preliminary planning has been completed and a risk assessment plan is being adopted to decide which security controls to put in place throughout each phase.
Which of the following risk responses is MOST likely being considered if the business is creating an SLA with a third party?
B. Mitigating risk
C. Identifying risk
D. Transferring risk
Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?
B. Data size on physical disks
C. Data retention policies on only file servers
D. Data recovery and storage
Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers.
Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?
B. Implement continuous log monitoring
C. Scan computers weekly against the baseline
D. Require monthly reports showing compliance with configuration and updates
A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company.
A security administrator is engaged in the project to provide security consulting advice.
In addition, there are database, network, application, HR, and transformation management consultants engaged on the project as well.
The administrator has established the security requirements.
Which of the following is the NEXT logical step?
B. Organize for a requirements workshop with the non-technical project members, being the
HR and transformation management consultants.
C. Communicate the security requirements with all stakeholders for discussion and buy-in.
D. Organize for a requirements workshop with the technical project members, being the
database, network, and application consultants.
A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP.
The workstations have the latest patches and all have up-to-date anti-virus software.
User authentication is a two-factor system with fingerprint scanners and passwords.
Sensitive data on each workstation is encrypted.
The network is configured to use IPv4 and is a standard Ethernet network.
The network also has a captive portal based wireless hot-spot to accommodate visitors.
Which of the following is a problem with the security posture of this company?
B. No transport security controls are implemented
C. Insufficient user authentication controls are implemented
D. IPv6 is not incorporated in the network
Which of the following authentication types is used primarily to authenticate users through the use of tickets?
CompTIA Exam CAS-002 PDF Dump Free Download In Lead2pass:
A. Traces of proprietary data which can remain on the virtual machine and be exploited
A. Social Engineering
A. Entropy should be enabled on all SSLv2 transactions.
A. The excessive time it will take to merge the company's information systems.
A. Accepting risk
A. Data ownership on all files
A. Schedule weekly vulnerability assessments
A. Document the security requirements in an email and move on to the next most urgent task.
A. No effective controls in place
CAS-002 dumps full version (PDF&VCE): https://www.lead2pass.com/cas-002.html
Large amount of free CAS-002 exam questions on Google Drive: https://drive.google.com/open?id=13j5iOL_XYuK24xlefcIzTQtqmeQfLY7K
Post date: 2018-03-02 09:21:31
Post date GMT: 2018-03-02 09:21:31
Post modified date: 2018-03-02 09:21:31
Post modified date GMT: 2018-03-02 09:21:31
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com