CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 131:

  A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The programmers are not on good terms with the security team and do not want to be distracted with security issues while they are working on a major project. Which of the following is the BEST time to make them address security issues in the project?

  A. In the middle of the project
  B. At the end of the project
  C. At the inception of the project
  D. At the time they request
  C. At the inception of the project

  ---

  It would be easier for the programmers to accommodate and address security concerns if they are made aware of the security issues at the start of the project. The security issues could affect the design of the solution. It would be better to address the security issues at the beginning of the project before the solution has been designed rather than change the design of the solution halfway through the project.

• Question 132:

  A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE).

  A. Security of data storage
  B. The cost of the solution
  C. System availability
  D. User authentication strategy
  E. PBX integration of the service
  F. Operating system compatibility
  A. Security of data storage
  C. System availability
  D. User authentication strategy

• Question 133:

  Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).

  A. Passive banner grabbing
  B. Password cracker
  C. http://www.company.org/documents_private/index.php?search=string#andtopic=windowsandtcp =packet%20captureandcookie=wokdjwalkjcnie61lkasdf2aliser4
  D. 443/tcp open http
  E. dig host.company.com
  F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0
  G. Nmap
  A. Passive banner grabbing
  F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0
  G. Nmap

  ---

  Banner grabbing and operating system identification can also be defined as fingerprinting the TCP/IP stack. Banner grabbing is the process of opening a connection and reading the banner or response sent by the application.

  The output displayed in option F includes information commonly examined to fingerprint the OS.

  Nmap provides features that include host discovery, as well as service and operating system detection.

• Question 134:

  A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

  A. Demonstration of IPS system
  B. Review vendor selection process
  C. Calculate the ALE for the event
  D. Discussion of event timeline
  E. Assigning of follow up items
  D. Discussion of event timeline
  E. Assigning of follow up items

  ---

  Lessons learned process is the sixth step in the Incident Response process. Everybody that was involved in the process reviews what happened and why it happened. It is during this step that they determine what changes should be introduced to prevent future problems.

• Question 135:

  The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

  A. PING
  B. NESSUS
  C. NSLOOKUP
  D. NMAP
  D. NMAP

  ---

  NMAP works as a port scanner and is used to check if the DNS server is listening on port 53.

• Question 136:

  A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

  A. The malware file's modify, access, change time properties.
  B. The timeline analysis of the file system.
  C. The time stamp of the malware in the swap file.
  D. The date/time stamp of the malware detection in the antivirus logs.
  B. The timeline analysis of the file system.

  ---

  Timelines can be used in digital forensics to identify when activity occurred on a computer. Timelines are mainly used for data reduction or identifying specific state changes that have occurred on a computer.

• Question 137:

  A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?

  A. Encryption of each individual partition
  B. Encryption of the SSD at the file level
  C. FDE of each logical volume on the SSD
  D. FDE of the entire SSD as a single disk
  A. Encryption of each individual partition

  ---

  In this question, we have multiple operating system installations on a single disk. Some operating systems store their boot loader in the MBR of the disk. However, some operating systems install their boot loader outside the MBR especially when multiple operating systems are installed. We need to encrypt as much data as possible but we cannot encrypt the boot loaders. This would prevent the operating systems from loading. Therefore, the solution is to encrypt each individual partition separately.

• Question 138:

  A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).

  A. The email system may become unavailable due to overload.
  B. Compliance may not be supported by all smartphones.
  C. Equipment loss, theft, and data leakage.
  D. Smartphone radios can interfere with health equipment.
  E. Data usage cost could significantly increase.
  F. Not all smartphones natively support encryption.
  G. Smartphones may be used as rogue access points.
  B. Compliance may not be supported by all smartphones.
  C. Equipment loss, theft, and data leakage.
  F. Not all smartphones natively support encryption.

• Question 139:

  A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).

  A. Perform penetration testing over the HR solution to identify technical vulnerabilities
  B. Perform a security risk assessment with recommended solutions to close off high-rated risks
  C. Secure code review of the HR solution to identify security gaps that could be exploited
  D. Perform access control testing to ensure that privileges have been configured correctly
  E. Determine if the information security standards have been complied with by the project
  B. Perform a security risk assessment with recommended solutions to close off high-rated risks
  E. Determine if the information security standards have been complied with by the project

  ---

  In this question, we are pushed for time to get the project completed. Therefore, we have to prioritize our security testing as we do not have time to fully test everything. One of the priorities from a security perspective should be to perform a security risk assessment with recommended solutions to close off high-rated risks. This is to test for the most potentially damaging risks and to remediate them. The other priority is to determine if the information security standards have been complied with by the project. Security of information/data is the most important aspect of security. Loss of data can be very damaging for a company in terms of liability and litigation.

• Question 140:

  A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?

  A. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption.
  B. Require each user to log passwords used for file encryption to a decentralized repository.
  C. Permit users to only encrypt individual files using their domain password and archive all old user passwords.
  D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.
  D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.

  ---

  Electronic discovery (also called e-discovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. E-discovery can be carried out offline

  on a particular computer or it can be done in a network.

  An e-discovery policy would define how data is archived and encrypted. If the data is archived in an insecure manor, a user could be able to delete data that the user does not want to be searched. Therefore, we need to find a way of securing

  the data in a way that only authorized people can access the data.

  A public key infrastructure (PKI) supports the distribution and identification of public encryption keys for the encryption of data. The data can only be decrypted by the private key.

  In this question, we have an escrowed corporate PKI. Escrow is an independent and licensed third party that holds something (money, sensitive data etc.) and releases it only when predefined conditions have been met. In this case, Escrow is

  holding the private key of the PKI.

  By encrypting the e-discovery data by using the PKI public key, we can ensure that the data can only be decrypted by the private key held in Escrow and this will only happen when the predefined conditions are met.