CAS-002絶対合格、コンプティア Advanced Security Practitioner (CASP)

By blog Admin | 投稿日: Tue, 19 Apr 2016 10:04:09 GMT



NO.1 The security engineer receives an incident ticket from the helpdesk stating that DNS lookup
requests are no longer working from the office. The network team has ensured that Layer 2 and Layer
3 connectivity are working. Which of the following tools would a security engineer use to make sure
the DNS server is listening on port 53?
Answer: A
CAS-002内容 CAS-002勉強時間
NO.2 An information security assessor for an organization finished an assessment that identified
critical issues with the human resource new employee management software application. The
assessor submitted the report to senior management but nothing has happened. Which of the
following would be a logical next step?
A. Meet the two key VPs and request a signature on the original assessment.
B. Include specific case studies from other organizations in an updated report.
C. Craft an RFP to begin finding a new human resource application.
D. Schedule a meeting with key human resource application stakeholders.
Answer: D
NO.3 A company Chief Information Officer (CIO) is unsure which set of standards should govern the
company's IT policy. The CIO has hired consultants to develop use cases to test against various
government and industry security standards. The CIO is convinced that there is large overlap
between the configuration checks and security controls governing each set of standards. Which of
the following selections represent the BEST option for the CIO?
A. Issue a policy that requires only the most stringent security standards be implemented throughout
the company.
B. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the
C. Issue a RFI for vendors to determine which set of security standards is best for the company.
D. Issue a policy specifying best practice security standards and a baseline to be implemented across
the company.
Answer: D
CAS-002試験 CAS-002難易度
NO.4 A security firm is writing a response to an RFP from a customer that is building a new network
based software product.
The firm's expertise is in penetration testing corporate networks.
The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not
specify any particular method to achieve this goal.
Which of the following should be used to ensure the security and functionality of the product? (Select
A. Penetration testing
B. White box testing
C. Grey box testing
D. Code review
E. Code signing
Answer: B,D


投稿日: 2016/4/19 10:04:09  |  カテゴリー: CompTIA  |  タグ: CAS-002対策CAS-002独学CAS-002合格体験記CAS-002無料過去問CAS-002認定試験CompTIA
Copyright © 2024. 日本語認定 All rights reserved.