Friday 28 December 2018

CompTIA CAS-002 Questions Answers

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

A. Physical penetration test of the datacenter to ensure there are appropriate controls.
B. Penetration testing of the solution to ensure that the customer data is well protected.
C. Security clauses are implemented into the contract such as the right to audit.
D. Review of the organizations security policies, procedures and relevant hosting certifications.
E. Code review of the solution to ensure that there are no back doors located in the software.

Answer: CD


An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?


A. Ensure the SaaS provider supports dual factor authentication.
B. Ensure the SaaS provider supports encrypted password transmission and storage.
C. Ensure the SaaS provider supports secure hash file exchange.
D. Ensure the SaaS provider supports role-based access control.
E. Ensure the SaaS provider supports directory services federation.

Answer: E

Sunday 26 August 2018

CompTIA CAS-002 Question Answer

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

A. Business or technical justification for not implementing the requirements.
B. Risks associated with the inability to implement the requirements.
C. Industry best practices with respect to the technical implementation of the current controls.
D. All sections of the policy that may justify non-implementation of the requirements.
E. A revised DRP and COOP plan to the exception form.
F. Internal procedures that may justify a budget submission to implement the new requirement.
G. Current and planned controls to mitigate the risks.

Answer: ABG



The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO's budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?

A. The company should mitigate the risk.
B. The company should transfer the risk.
C. The company should avoid the risk.
D. The company should accept the risk.

Answer: B

Friday 23 February 2018

CompTIA CAS-002 Question Answer

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues
B. Improper handling of client data, interoperability agreement issues and regulatory issues
C. Cultural differences, increased cost of doing business and divestiture issues
D. Improper handling of customer data, loss of intellectual property and reputation damage

Answer: D


A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?


A. $60,000
B. $100,000
C. $140,000
D. $200,000

Answer: A

Friday 22 December 2017

CompTIA Offers Stackable Certifications


CompTIA presented "Stackable Certifications" on Wednesday, a new destination for many of the neutral skills certifications of the providers it offers.

CompTIA's stackable certifications follow two professional CompTIA routes: infrastructure and cybersecurity, and offer a series of eligible routes to obtain a stackable certification.

Calling this a major expansion of its credentialing program, CompTIA notes that a stackable certification recognizes the great experience of a certification holder and their firm commitment to continuous professional growth and development.

"Technology professionals who have earned CompTIA Stackable Certifications have done so by passing rigorous industry-developed exams to validate the technical and business skills that have the greatest demand in today's economy," said Todd Thibodeaux, president and CEO of CompTIA.

Here are the routes for CompTIA certified IT professionals to attain a stackable certification:

  •     CompTIA A+ and CompTIA Network+ = CompTIA IT Operations Specialist
  •     CompTIA A+ and CompTIA Linux+ = CompTIA Systems Support Specialist
  •     CompTIA Network+ and CompTIA Server+ = CompTIA Network Infrastructure Professional
  •     CompTIA Network+ and CompTIA Cloud+ = CompTIA Cloud Administration Professional
  •     CompTIA A+, CompTIA Network+ and CompTIA Security+ = CompTIA Secure Infrastructure Associate
  •     CompTIA Security + and CompTIA Cybersecurity Analyst = CompTIA Security Analytics Specialist
  •     CompTIA Security+, CompTIA Cybersecurity Analyst and CompTIA Advanced Security Practitioner = CompTIA Security Analytics Expert

More than 145,000 IT professionals who obtained more than one CompTIA certification obtained a CompTIA Stackable Certification.

How does it work?

Stackable certifications follow CompTIA's two professional pathways: CompTIA Infrastructure Career Pathway and CompTIA Cybersecurity Career Pathway. Then, within each route, the Stackable certifications are classified by experience level. Specialist: early career IT professional with less than two years of experience; Professional: mid-level IT professional with two to five years of experience; and Expert: established IT professional with more than five years of experience.

Stackable certifications require active CE certifications. If you have a "good for life" certification, that also counts for a stackable certification as long as you re-certify and validate that your skills are up to date, CompTIA said.

"More than any other certifying agency, CompTIA makes extensive use of performance-based questions and simulations on its exams," said James Stanger, CompTIA's chief technology evangelist. "These simulations accurately reflect the real-world scenarios that IT professionals face, which requires examiners to demonstrate networking skills, cybersecurity and other areas under the pressure of a timed test."

Wednesday 8 November 2017

CompTIA CAS-002 Question Answer

Which stage of the change management process deals with what should be done if the change is unsuccessful?

A. Remediation planning
B. Categorization
C. Prioritization
D. Review and close

Answer: A

CompTIA CAS-002 Question Answer

An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

A. Review switch and router configurations
B. Review the security policies and standards
C. Perform a network penetration test
D. Review the firewall rule set and IPS logs

Answer: B


A new piece of ransomware got installed on a company's backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the deduplication data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern?


A. Determining how to install HIPS across all server platforms to prevent future incidents
B. Preventing the ransomware from re-infecting the server upon restore
C. Validating the integrity of the deduplicated data
D. Restoring the data will be difficult without the application configuration

Answer: D

Friday 27 October 2017

CompTIA CAS-002 Question Answer

The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?

A. HIPS
B. UTM
C. Antivirus
D. NIPS
E. DLP

Answer: A



Which of the following describes a risk and mitigation associated with cloud data storage?

A. Risk: Shared hardware caused data leakage
Mitigation: Strong encryption at rest
B. Risk: Offsite replication
Mitigation: Multi-site backups
C. Risk: Data loss from de-duplication
Mitigation: Dynamic host bus addressing
D. Risk: Combined data archiving
Mitigation: Two-factor administrator authentication

Answer: A