100% Pass Ensure CompTIA CASP CAS-002 Practice Test with Free VCE and PDF (Question 636 – Question 640)

PassLeader released the NEWEST CompTIA CAS-002 exam dumps recently! Both CAS-002 VCE dumps and CAS-002 PDF dumps are available on PassLeader, either CAS-002 VCE dumps or CAS-002 PDF dumps have the NEWEST CAS-002 exam questions in it, they will help you passing CompTIA CAS-002 exam easily! You can download the valid CAS-002 dumps VCE and PDF from PassLeader here: https://www.passleader.com/cas-002.html (900 Q&As Dumps)

Also, previewing the NEWEST PassLeader CAS-002 dumps online for free on Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpenQtV3dLMDkyM0U

QUESTION 636
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?

A.    SRTM review
B.    Fuzzer
C.    Vulnerability assessment
D.    HTTP interceptor

Answer: B

QUESTION 637
Juan is trying to perform a risk analysis of his network. He has chosen to use OCTAVE. What is OCTAVE primarily used for?

A.    A language for vulnerability assessment
B.    A comprehensive risk assessment model
C.    A threat assessment tool
D.    An impact analysis tool

Answer: B
Explanation:
OCTAVE, or Operationally Critical, Threat, Asset and Vulnerability Evaluation is a comprehensive risk assessment model. Answer option A is incorrect. OVAL, or Open Vulnerability Assessment Language is the language for vulnerability assessment. Answer options C and D are incorrect. Threat assessment and impact analysis are both part of OVAL, but only a part.

QUESTION 638
Which of the following is a log that contains records of login/logout activity or other security related events specified by the systems audit policy?

A.    Process tracking
B.    Logon event
C.    Object Manager
D.    Security Log

Answer: D
Explanation:
The Security log records events related to security like valid and invalid logon attempts or events related to resource usage, such as creating, opening, or deleting files. For example, when logon auditing is enabled, an event is recorded in the security log each time a user attempts to log on to the computer. Answer option B is incorrect. In computer security, a login or logon is the process by which individual access to a computer system is controlled by identifying and authorizing the user referring to credentials presented by the user. Answer option C is incorrect. Object Manager is a subsystem implemented as part of the Windows Executive which manages Windows resources.

QUESTION 639
Which of the following is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies?

A.    SAML
B.    SOAP
C.    SPML
D.    XACML

Answer: D
Explanation:
– XACML stands for extensible Access Control Markup Language. It is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies. Latest version 2.0 was ratified by OASIS standards organization on 1 February 2005. The planned version 3.0 will add generic attribute categories for the evaluation context and policy delegation profile (administrative policy profile).
– SOAP, defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks, it relies on extensible Markup Language as its message format, and usually relies on other Application Layer protocols for message negotiation and transmission. SOAP can form the foundation layer of a web services protocol stack, providing a basic messaging framework upon which web services can be built.
– SPML is an XML-based framework developed by OASIS (Organization for the Advancement of Structured Information Standards). It is used to exchange user, resource and service provisioning information between cooperating organizations. SPML is the open standard for the integration and interoperation of service provisioning requests. It has a goal to allow organizations to securely and quickly set up user interfaces for Web applications and services, by letting enterprise platforms such as Web portals, application servers, and service centers produce provisioning requests within and across organizations. SPML is the open standard for the integration and interoperation of service provisioning requests. It has a goal to allow organizations to securely and quickly set up user interfaces for Web applications and services, by letting enterprise platforms such as Web portals, application servers, and service centers produce provisioning requests within and across organizations.
– SAML is an XM-based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.

QUESTION 640
Which of the following is the capability to correct flows in the existing functionality without affecting other components of the system?

A.    Manageability
B.    Reliability
C.    Maintainability
D.    Availability

Answer: C
Explanation:
– Availability: It is used to make certain that a service/resource is always accessible.
– Manageability: It is the capability to manage the system for ensuring the constant health of the system with respect to scalability, reliability, availability, performance, and security.
– Maintainability: It is the capability to correct flows in the existing functionality without affecting other components of the system.
– Answer option B is incorrect. It is not a valid option.


Welcome to choose PassLeader CAS-002 dumps for 100% passing CompTIA CAS-002 exam: https://www.passleader.com/cas-002.html (900 Q&As VCE Dumps and PDF Dumps)

Also, previewing the NEWEST PassLeader CAS-002 dumps online for free on Google Drive: https://drive.google.com/open?id=0B-ob6L_QjGLpenQtV3dLMDkyM0U