Vendor: CompTIA
Certifications: CompTIA Advanced Security Practitioner
Exam Name: CompTIA Advanced Security Practitioner Exam
Exam Code: CAS-002
Total Questions: 733 Q&As ( View Details)
Exam retired ,new exam code replace: CAS-003
VCE
CompTIA CAS-002 Last Month Results
CAS-002 Q&A's Detail
Exam Code: | CAS-002 |
Total Questions: | 733 |
Single & Multiple Choice | 723 |
Drag Drop | 6 |
Simulation Labs | 4 |
CertBus Has the Latest CAS-002 Exam Dumps in Both PDF and VCE Format
CAS-002 Online Practice Questions and Answers
A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?
A. Client side input validation
B. Stored procedure
C. Encrypting credit card details
D. Regular expression matching
Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three companies: A National landline telephone provider
A Regional wireless telephone provider
An international Internet service provider
The board of directors at Company XYZ wants to keep the companies and billing separated.
While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ's customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and customer authentication.
The proposed solution must use open standards and must make it simple and seamless for Company XYZ's customers to receive all four services.
Which of the following solutions is BEST suited for this scenario?
A. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology.
B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP.
C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution.
D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.
The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with this new trend?
A. Risks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface, prohibitive telecommunications costs Mitigations: Device Encryptions, lock screens, certificate based authentication, corporate telecom plans
B. Risks: Confidentiality leaks through cell conversations, availability of remote corporate data, integrity of data stored on the devices Mitigations: Cellular privacy extensions, mobile VPN clients, over-the-air backups.
C. Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices
D. Risks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality Mitigations: GPS tracking, centralized approved application deployment, over-the-air backups, QoS implementation
Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls.
A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?
A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
B. Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
C. Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
D. Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.
A security administrator of a large private firm is researching and putting together a proposal to purchase an IPS. The specific IPS type has not been selected, and the security administrator needs to gather information from several vendors to determine a specific product. Which of the following documents would assist in choosing a specific brand and model?
A. RFC
B. RTO
C. RFQ
D. RFI
Add Comments
hi guys this dumps is enough to pass the exam because i have passed the exam just with the help of this dumps, so you can do it.
this dumps is useful and convenient, i think it will be your best choice. believe on it .
Yes, i have passed the exam by using this dumps,so you also can try it and you will have unexpected achievements. Recommend to all.
So happy. I passed the exam with the help of this material. Good luck to you.
There are many new questions in the dumps and the answers are accurate and correct. I finished my exam with high score this morning, thanks very much.
This dumps is very good, and i have passed the exam with the help of it recently.
Hello, guys. i have passed the exam successfully in the morning,thanks you very much.
The answers are accurate. Well you should notice some of the questions are slightly changed. Be careful.
Thanks very much for the CAS-002 dumps. i will work it on to get the best in life. it is so great.
there are many same questions between this dumps and exam, so i have passed the exam this morning.thanks for this dumps