CompTIA RC0-C02 Online Practice
Questions and Exam Preparation
RC0-C02 Exam Details
Exam Code
:RC0-C02
Exam Name
:CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Certification
:CompTIA Advanced Security Practitioner
Vendor
:CompTIA
Total Questions
:308 Q&As
Last Updated
:May 26, 2026
CompTIA RC0-C02 Online Questions &
Answers
Question 111:
A security administrator is performing VDI traffic data collection on a virtual server which migrates from one host to another. While reviewing the data collected by the protocol analyzer, the security administrator notices that sensitive data is present in the packet capture. Which of the following should the security administrator recommend to ensure the confidentiality of sensitive information during live VM migration, while minimizing latency issues?
A. A separate physical interface placed on a private VLAN should be configured for live host operations. B. Database record encryption should be used when storing sensitive information on virtual servers. C. Full disk encryption should be enabled across the enterprise to ensure the confidentiality of sensitive data. D. Sensitive data should be stored on a backend SAN which uses an isolated fiber channel network.
A. A separate physical interface placed on a private VLAN should be configured for live host operations.
VDI virtual machines can be migrated across physical hosts while the virtual machines are still powered on. In VMware, this is called vMotion. In Microsoft Hyper-V, this is called Live Migration.
When a virtual machine is migrated between hosts, the data is unencrypted as it travels across the network. To prevent access to the data as it travels across the network, a dedicated network should be created for virtual machine migrations.
The dedicated migration network should only be accessible by the virtual machine hosts to maximize security.
Question 112:
An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?
A. Ensure the SaaS provider supports dual factor authentication. B. Ensure the SaaS provider supports encrypted password transmission and storage. C. Ensure the SaaS provider supports secure hash file exchange. D. Ensure the SaaS provider supports role-based access control. E. Ensure the SaaS provider supports directory services federation.
E. Ensure the SaaS provider supports directory services federation.
A SaaS application that has a federation server within the customer's network that interfaces with the customer's own enterprise user-directory service can provide single sign-on authentication. This federation server has a trust relationship with a corresponding federation server located within the SaaS provider's network. Single sign-on will mitigate the risk of managing separate user credentials.
Question 113:
Due to a new regulation, a company has to increase active monitoring of security-related events to 24 hours a day. The security staff only has three full time employees that work during normal business hours. Instead of hiring new security analysts to cover the remaining shifts necessary to meet the monitoring requirement, the Chief Information Officer (CIO) has hired a Managed Security Service (MSS) to monitor events. Which of the following should the company do to ensure that the chosen MSS meets expectations?
A. Develop a memorandum of understanding on what the MSS is responsible to provide. B. Create internal metrics to track MSS performance. C. Establish a mutually agreed upon service level agreement. D. Issue a RFP to ensure the MSS follows guidelines.
C. Establish a mutually agreed upon service level agreement.
Question 114:
A new piece of ransomware got installed on a company's backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the deduplication data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern?
A. Determining how to install HIPS across all server platforms to prevent future incidents B. Preventing the ransomware from re-infecting the server upon restore C. Validating the integrity of the deduplicated data D. Restoring the data will be difficult without the application configuration
D. Restoring the data will be difficult without the application configuration
Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction.
Since the backup application configuration is not accessible, it will require more effort to recover the data.
Eradication and Recovery is the fourth step of the incident response. It occurs before preventing future problems.
Question 115:
ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone?
A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone. B. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s). C. Organize VM hosts into containers based on security zone and restrict access using an ACL. D. Require multi-factor authentication when accessing the console at the physical VM host.
C. Organize VM hosts into containers based on security zone and restrict access using an ACL.
Access Control Lists (ACLs) are used to restrict access to the console of a virtual host. Virtual hosts are often managed by centralized management servers (for example: VMware vCenter Server). You can create logical containers that can contain multiple hosts and you can configure ACLs on the containers to provide access to the hosts within the container.
Question 116:
A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. The company uses Active Directory for its directory service and host configuration management. The branch location does not have a datacenter, and the physical security posture of the building is weak. Which of the following designs is MOST appropriate for this scenario?
A. Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a two-way trust. B. Deploy a corporate Read-Only Domain Controller to the branch location. C. Deploy a corporate Domain Controller in the DMZ at the main campus. D. Deploy a branch location Read-Only Domain Controller to the branch office location with a one-way trust. E. Deploy a corporate Domain Controller to the branch location. F. Deploy a branch location Domain Controller to the branch location with a one-way trust.
B. Deploy a corporate Read-Only Domain Controller to the branch location.
A read-only domain controller (RODC) is a new type of domain controller in the Windows Server?2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the Active Directory?Domain Services (AD DS) database. Before the release of Windows Server 2008, if users had to authenticate with a domain controller over a wide area network (WAN), there was no real alternative. In many cases, this was not an efficient solution. Branch offices often cannot provide the adequate physical security that is required for a writable domain controller. Furthermore, branch offices often have poor network bandwidth when they are connected to a hub site. This can increase the amount of time that is required to log on. It can also hamper access to network resources. Beginning with Windows Server 2008, an organization can deploy an RODC to address these problems. As a result, users in this situation can receive the following benefits: Improved security Faster logon times More efficient access to resources on the network
Question 117:
The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization's mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?
A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset. B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset. C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal. D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.
B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.
Question 118:
A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).
A. An authorized administrator has logged into the root account remotely. B. The administrator should disable remote root logins. C. Isolate the system immediately and begin forensic analysis on the host. D. A remote attacker has compromised the root account using a buffer overflow in sshd. E. A remote attacker has guessed the root password using a dictionary attack. F. Use iptables to immediately DROP connections from the IP 198.51.100.23. G. A remote attacker has compromised the private key of the root account. H. Change the root password immediately to a password not found in a dictionary.
C. Isolate the system immediately and begin forensic analysis on the host. E. A remote attacker has guessed the root password using a dictionary attack.
The log shows six attempts to log in to a system. The first five attempts failed due to `failed password'. The sixth attempt was a successful login. Therefore, the MOST likely explanation of what is occurring is that a remote attacker has
guessed the root password using a dictionary attack.
The BEST immediate response is to isolate the system immediately and begin forensic analysis on the host. You should isolate the system to prevent any further access to it and prevent it from doing any damage to other systems on the
network. You should perform a forensic analysis on the system to determine what the attacker did on the system after gaining access.
Question 119:
The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?
A. $6,000 B. $24,000 C. $30,000 D. $96,000
A. $6,000
Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) SLE = AV x EF = $120 000 x 20% = $ 24,000 (this is over 4 years) Thus ALE = $ 24,000 / 4 = $ 6,000
References: http://www.financeformulas.net/Return_on_Investment.html https://en.wikipedia.org/wiki/Risk_assessment Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide), 5th Edition, Project Management Institute, Inc., Newtown Square, 2013, p. 198 McMillan, Troy and Robin Abernathy, CompTIA Advanced Security Practitioner (CASP) CAS-002 Cert Guide, Pearson Education, Indianapolis, 2015, p. 305
Question 120:
A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of the following has MOST likely occurred?
A. A stolen two factor token and a memory mapping RAM exploit were used to move data from one virtual guest to an unauthorized similar token. B. An employee with administrative access to the virtual guests was able to dump the guest memory onto their mapped disk. C. A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access. D. A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack to gain unauthorized access.
C. A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your RC0-C02 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.