[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 271-280

Ensurepass

QUESTION 271

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?

 

A.

Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

B.

Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

C.

Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

D.

Enable ESP on the internal network, and place NIPS on both networks.

 

Correct Answer: A

 

 

QUESTION 272

A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?

 

A.

Data retention policy

B.

Business continuity plan

C.

Backup and archive processes

D.

Electronic inventory

 

Correct Answer: A

 

 

QUESTION 273

A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un-disclosed zero day exploits. The code base
used for the device is a combination of compiled C and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?

 

A.

Device fingerprinting

B.

Switchport analyzer

C.

Grey box testing

D.

Penetration testing

 

Correct Answer: A

 

 

QUESTION 274

A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing. Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform?

 

A.

Establish return on investment as the main criteria for selection.

B.

Run a cost/benefit analysis based on the data received from the RFP.

C.

Evaluate each platform based on the total cost of ownership.

D.

Develop a service level agreement to ensure the selected NIPS meets all performance requirements.

Correct Answer: C

 

 

QUESTION 275

A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO’s laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO’s email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur?

 

A.

Restore the CIO’s email from an email server backup and provide the last 90 days from the date of the subpoena request.

B.

Inform the litigators that the CIOs information has been deleted as per corporate policy.

C.

Restore the CIO’s email from an email server backup and provide the last 90 days from the date of the CIO resignation.

D.

Restore the CIO’s email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.

 

Correct Answer: D

 

 

QUESTION 276

When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones. Which of the following would impact the security of conference’s resources?

 

A.

Wireless network security may need to be increased to decrease access of mobile devices.

B.

Physical security may need to be increased to deter or prevent theft of mobile devices.

C.

Network security may need to be increased by reducing the number of available physical network jacks.

D.

Wireless network security may need to be decreased to allow for increased access of mobile devices.

 

Correct Answer: C

 

 

QUESTION 277

A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value-added service by the hosting company. Which of the following BEST meets these requirements?

 

A.

The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.

B.

The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall.

C.

Customers should purchase physical firewalls to protect their guest hosts and have the hosting company manage these if requested.

D.

The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.

 

Correct Answer: B

QUESTION 278

Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ. Which of the following is the MOST important to be considered before going ahead with the service?

 

A.

Internal auditors have approved the outsourcing arrangement.

B.

Penetration testing can be performed on the externally facing web system.

C.

Ensure there are security controls within the contract and the right to audit.

D.

A physical site audit is performed on Company XYZ’s management / operation.

 

Correct Answer: C

 

 

QUESTION 279

The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The `bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?

 

A.

The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.

B.

Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.

C.

The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.

D.

Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.

 

Correct Answer: B

 

 

QUESTION 280

Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?

 

A.

Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.

B.

IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.

C.

Port security on switches, point to point VPN tunnels for user server connections, two- factor cryptographic authentication, physical locks, and a standby hot site.

D.

Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site.

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …