CompTIA RC0-C02 Online Practice
Questions and Exam Preparation
RC0-C02 Exam Details
Exam Code
:RC0-C02
Exam Name
:CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Certification
:CompTIA Advanced Security Practitioner
Vendor
:CompTIA
Total Questions
:308 Q&As
Last Updated
:May 26, 2026
CompTIA RC0-C02 Online Questions &
Answers
Question 91:
A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?
A. $60,000 B. $100,000 C. $140,000 D. $200,000
A. $60,000
ALE before implementing application caching: ALE = ARO x SLE ALE = 5 x $40,000 ALE = $200,000
ALE after implementing application caching:
ALE = ARO x SLE ALE = 1 x $40,000 ALE = $40,000
The monetary value earned would be the sum of subtracting the ALE calculated after implementing application caching and the cost of the countermeasures, from the ALE calculated before implementing application caching.
Monetary value earned = $200,000 - $40,000 - $100,000 Monetary value earned = $60,000
Question 92:
A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).
A. Use AES in Electronic Codebook mode B. Use RC4 in Cipher Block Chaining mode C. Use RC4 with Fixed IV generation D. Use AES with cipher text padding E. Use RC4 with a nonce generated IV F. Use AES in Counter mode
E. Use RC4 with a nonce generated IV F. Use AES in Counter mode
In cryptography, an initialization vector (IV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. Some cryptographic primitives require the IV only to be non-repeating, and the required randomness is derived internally. In this case, the IV is commonly called a nonce (number used once), and the primitives are described as stateful as opposed to randomized. This is because the IV need not be explicitly forwarded to a recipient but may be derived from a common state updated at both sender and receiver side. An example of stateful encryption schemes is the counter mode of operation, which uses a sequence number as a nonce.
AES is a block cipher. Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular.
Question 93:
A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?
A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection. B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network. C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections. D. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.
A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
A routing table is a set of rules, often viewed in table format that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP- enabled devices, including routers and switches, use routing tables. Each packet contains information about its origin and destination. When a packet is received, a network device examines the packet and matches it to the routing table entry providing the best match for its destination. The table then provides the device with instructions for sending the packet to the next hop on its route across the network. Thus the security consultant can use the global routing table to get the appropriate information.
Question 94:
Two universities are making their 802.11n wireless networks available to the other university's students. The infrastructure will pass the student's credentials back to the home school for authentication via the Internet.
The requirements are:
Mutual authentication of clients and authentication server
The design should not limit connection speeds
Authentication must be delegated to the home school No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A. The transport layer between the RADIUS servers should be secured B. WPA Enterprise should be used to decrease the network overhead C. The RADIUS servers should have local accounts for the visiting students D. Students should be given certificates to use for authentication to the network
A. The transport layer between the RADIUS servers should be secured
One of the requirements in this question states, "No passwords should be sent unencrypted". The design that was implemented makes no provision for the encryption of passwords as they are sent between RADIUS servers. The local RADIUS servers will pass the student's credentials back to the home school RADIUS servers for authentication via the Internet. When passing sensitive data such as usernames and passwords over the internet, the data should be sent over a secure connection. We can secure the transport layer between the RADIUS servers by implementing TLS (Transport Layer Security). Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Question 95:
A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO's requirement?
A. GRC B. IPS C. CMDB D. Syslog-ng E. IDS
A. GRC
GRC is a discipline that aims to coordinate information and activity across governance, risk management and compliance with the purpose of operating more efficiently, enabling effective information sharing, more effectively reporting activities and avoiding wasteful overlaps. An integrated GRC (iGRC) takes data feeds from one or more sources that detect or sense abnormalities, faults or other patterns from security or business applications.
Question 96:
Customer Need:
"We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website."
Which of the following BEST restates the customer need?
A. The system shall use a pseudo-random number generator seeded the same every time. B. The system shall generate a pseudo-random number upon invocation by the existing Java program. C. The system shall generate a truly random number based upon user PKI certificates. D. The system shall implement a pseudo-random number generator for use by corporate customers.
B. The system shall generate a pseudo-random number upon invocation by the existing Java program.
Question 97:
A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?
A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects. B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution. C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness. D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.
D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.
Checking whether control effectiveness complies with the complexity of the solution and then determining if there is not an alternative simpler solution would be the first procedure to follow in the light of the findings.
Question 98:
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur?
A. The data may not be in a usable format. B. The new storage array is not FCoE based. C. The data may need a file system check. D. The new storage array also only has a single controller.
B. The new storage array is not FCoE based.
Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel protocol. When moving the disks to another storage array, you need to ensure that the array supports FCoE, not just regular Fiber Channel. Fiber Channel arrays and Fiber Channel over Ethernet arrays use different network connections, hardware and protocols. Fiber Channel arrays use the Fiber Channel protocol over a dedicated Fiber Channel network whereas FCoE arrays use the Fiber Channel protocol over an Ethernet network.
Question 99:
A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the "big data" platform
Customers to perform remote log search
Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or discovery
Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).
A. Secure storage and transmission of API keys B. Secure protocols for transmission of log files and search results C. At least two years retention of log files in case of e-discovery requests D. Multi-tenancy with RBAC support E. Sanitizing filters to prevent upload of sensitive log file contents F. Encryption of logical volumes on which the customers' log files reside
A. Secure storage and transmission of API keys B. Secure protocols for transmission of log files and search results D. Multi-tenancy with RBAC support
The cloud-based log analytics platform will be used by multiple customers. We should therefore use a multi-tenancy solution. Multi-tenancy isolates each tenant's (customer's) services, jobs, and virtual machines from other tenants. RBAC (Role-Based Access Control) is used to assign permissions to each user. Roles are defined which have specific sets of permissions. Users are then assigned one or more roles according to what permissions they need (what roles they need to perform). Secure protocols for transmission of log files and search results: this is obvious. A secure protocol such as SSL/TLS should be used for the transmission of any sensitive data to prevent the data being captured by packet sniffing attacks. Encryptions keys used to access the API should be kept securely and transmitted securely. If a user is able to access another customer's key, the users could access the other customer's data.
Question 100:
A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO).
A. RAS B. Vulnerability scanner C. HTTP intercept D. HIDS E. Port scanner F. Protocol analyzer
D. HIDS F. Protocol analyzer
A protocol analyzer can be used to capture and analyze signals and data traffic over a communication channel which makes it ideal for use to assess a company's network from within under the circumstances.
HIDS is used as an intrusion detection system that can monitor and analyze the internal company network especially the dynamic behavior and the state of the computer systems; behavior such as network packets targeted at that specific
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your RC0-C02 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.