CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 101:

  A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

  A. Network Administrator, Database Administrator, Programmers
  B. Network Administrator, Emergency Response Team, Human Resources
  C. Finance Officer, Human Resources, Security Administrator
  D. Database Administrator, Facilities Manager, Physical Security Manager
  C. Finance Officer, Human Resources, Security Administrator

• Question 102:

  A network engineer wants to deploy user-based authentication across the company's wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each user's network access be controlled based on the user's role within the company. Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO).

  A. SAML
  B. WAYF
  C. LDAP
  D. RADIUS
  E. Shibboleth
  F. PKI
  C. LDAP
  D. RADIUS

  ---

  RADIUS is commonly used for the authentication of WiFi connections. We can use LDAP and RADIUS for the authentication of users and devices. LDAP and RADIUS have something in common. They`re both mainly protocols (more than a database) which uses attributes to carry information back and forth. They`re clearly defined in RFC documents so you can expect products from different vendors to be able to function properly together. RADIUS is NOT a database. It's a protocol for asking intelligent questions to a user database. LDAP is just a database. In recent offerings it contains a bit of intelligence (like Roles, Class of Service and so on) but it still is mainly just a rather stupid database. RADIUS (actually RADIUS servers like FreeRADIUS) provide the administrator the tools to not only perform user authentication but also to authorize users based on extremely complex checks and logic. For instance you can allow access on a specific NAS only if the user belongs to a certain category, is a member of a specific group and an outside script allows access. There's no way to perform any type of such complex decisions in a user database.

• Question 103:

  A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

  A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs
  B. Interview employees and managers to discover the industry hot topics and trends
  C. Attend meetings with staff, internal training, and become certified in software management
  D. Attend conferences, webinars, and training to remain current with the industry and job requirements
  D. Attend conferences, webinars, and training to remain current with the industry and job requirements

  ---

  Conferences represent an important method of exchanging information between researchers who are usually experts in their respective fields. Together with webinars and training to remain current on the subject the manager will be able to gain valuable insight into the cyber defense industry and be able to recruit personnel.

• Question 104:

  Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?

  A. Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.
  B. Introduce a peer review process that is mandatory before a document can be officially made final.
  C. Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.
  D. Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.
  C. Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.

• Question 105:

  The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company's wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

  A. Business or technical justification for not implementing the requirements.
  B. Risks associated with the inability to implement the requirements.
  C. Industry best practices with respect to the technical implementation of the current controls.
  D. All sections of the policy that may justify non-implementation of the requirements.
  E. A revised DRP and COOP plan to the exception form.
  F. Internal procedures that may justify a budget submission to implement the new requirement.
  G. Current and planned controls to mitigate the risks.
  A. Business or technical justification for not implementing the requirements.
  B. Risks associated with the inability to implement the requirements.
  G. Current and planned controls to mitigate the risks.

  ---

  The Exception Request must include:

  A description of the non-compliance.

  The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance. The proposed plan for managing the risk associated with non-compliance. The proposed metrics for evaluating

  the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance. An endorsement of the request by the appropriate Information Trustee (VP or Dean).

• Question 106:

  A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO's requirements?

  A. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.
  B. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.
  C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.
  D. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.
  C. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

  ---

  Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.

• Question 107:

  An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

  A. The company's IDS signatures were not updated.
  B. The company's custom code was not patched.
  C. The patch caused the system to revert to http.
  D. The software patch was not cryptographically signed.
  E. The wrong version of the patch was used.
  F. Third-party plug-ins were not patched.
  B. The company's custom code was not patched.
  F. Third-party plug-ins were not patched.

  ---

  In this question, we have an extensible commercial software system. Extensibility is a software design principle defined as a system's ability to have new functionality extended, in which the system's internal structure and data flow are

  minimally or not affected, particularly that recompiling or changing the original source code is unnecessary when changing a system's behavior, either by the creator or other programmers.

  Extensible systems are typically modified either by custom code or third party plugins. In this question, the core application was updated/patched. However, the custom code and third-party plugins were not patched. Therefore, a security

  vulnerability remained with was exploited.

• Question 108:

  A port in a fibre channel switch failed, causing a costly downtime on the company's primary website. Which of the following is the MOST likely cause of the downtime?

  A. The web server iSCSI initiator was down.
  B. The web server was not multipathed.
  C. The SAN snapshots were not up-to-date.
  D. The SAN replication to the backup site failed.
  B. The web server was not multipathed.

  ---

  In this question, we only have one path to the Fibre Channel storage that provides the storage for the company website. The path failed due to a switch port failure so the storage was unavailable. We can prevent this happening by configuring multiple paths to the storage. If one path fails, other paths are used.

  In computer storage, multipath I/O is a fault-tolerance and performance-enhancement technique that defines more than one physical path between the CPU in a computer system and its mass-storage devices through the buses, controllers, switches, and bridge devices connecting them.

  As an example, a SCSI hard disk drive may connect to two SCSI controllers on the same computer, or a disk may connect to two Fibre Channel ports. Should one controller, port or switch fail, the operating system can route the I/O through the remaining controller, port or switch transparently and with no changes visible to the applications.

• Question 109:

  Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam, downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost list for each item is listed below: Anti-Virus Server - $10,000 Firewall-$15,000 Load Balanced Server - $10,000 NIDS/NIPS-$10,000 Packet Analyzer - $5,000 Patch Server-$15,000 Proxy Server-$20,000 Router-$10,000 Spam Filter-$5,000 Traffic Shaper - $20,000 Web Application Firewall - $10,000 Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place an object on the network diagram, you can remove it by clicking the (x) in the upper right-hand of the object.

  Select and Place:

  

  

  ---

  The firewall and NIDS/NIPS will prevent the ping attacks and the smurf attacks.

  The web application firewall (WAF) will prevent the cross-site scripting (XSS) and SQL injection attacks.

  The spam filter will prevent e-mail spam.

  The anti-virus server will prevent downloaded malware and viruses.

• Question 110:

  The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?

  A. Capture process ID data and submit to anti-virus vendor for review.
  B. Reboot the Linux servers, check running processes, and install needed patches.
  C. Remove a single Linux server from production and place in quarantine.
  D. Notify upper management of a security breach.
  E. Conduct a bit level image, including RAM, of one or more of the Linux servers.
  E. Conduct a bit level image, including RAM, of one or more of the Linux servers.

  ---

  Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes.

  In this question, an attack has been identified and confirmed. When a server is compromised or used to commit a crime, it is often necessary to seize it for forensics analysis. Security teams often face two challenges when trying to remove a

  physical server from service: retention of potential evidence in volatile storage or removal of a device from a critical business process.

  Evidence retention is a problem when the investigator wants to retain RAM content. For example, removing power from a server starts the process of mitigating business impact, but it also denies forensic analysis of data, processes, keys,

  and possible footprints left by an attacker.

  A full a bit level image, including RAM should be taken of one or more of the Linux servers. In many cases, if your environment has been deliberately attacked, you may want to take legal action against the perpetrators. In order to preserve

  this option, you should gather evidence that can be used against them, even if a decision is ultimately made not to pursue such action. It is extremely important to back up the compromised systems as soon as possible. Back up the systems

  prior to performing any actions that could affect data integrity on the original media.