CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 141:

  The security administrator is responsible for the confidentiality of all corporate data. The company's servers are located in a datacenter run by a different vendor. The vendor datacenter hosts servers for many different clients, all of whom have access to the datacenter. None of the racks are physically secured. Recently, the company has been the victim of several attacks involving data injection and exfiltatration. The security administrator suspects these attacks are due to several new network based attacks facilitated by having physical access to a system. Which of the following BEST describes how to adapt to the threat?

  A. Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.
  B. Apply two factor authentication, require point to point VPNs, and enable log auditing on all devices.
  C. Apply port security to all routers, switch to telnet, and implement point to point VPNs on all servers.
  D. Apply three factor authentication, implement IPSec, and enable SNMP.
  A. Apply port security to all switches, switch to SCP, and implement IPSec tunnels between devices.

• Question 142:

  A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company's video conference. All parties must be issued a VPN account and must connect to the company's VPN concentrator to participate in the remote meetings. Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?

  A. IPSec transport mode is enabled
  B. ICMP is disabled
  C. Split tunneling is disabled
  D. NAT-traversal is enabled
  C. Split tunneling is disabled

• Question 143:

  A finance manager says that the company needs to ensure that the new system can "replay" data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the company's transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manager's needs?

  A. Compliance standards
  B. User requirements
  C. Data elements
  D. Data storage
  E. Acceptance testing
  F. Information digest
  G. System requirements
  B. User requirements

  ---

  User requirements are used to specify what the USER expects an application or system to do.

  In this question, the finance manager has stated what he wants the system to do. Therefore, the answer to this question is `user requirements'.

• Question 144:

  A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement?

  A. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's email account.
  B. Perform an e-discover using the applicable search terms. Next, back up the user's email for a future investigation.
  C. Place a legal hold on the user's email account. Next, perform e-discovery searches to collect applicable emails.
  D. Perform a back up of the user's email account. Next, export the applicable emails that match the search terms.
  C. Place a legal hold on the user's email account. Next, perform e-discovery searches to collect applicable emails.

  ---

  A legal hold is a process that an organization uses to maintain all forms of pertinent information when legal action is reasonably expected. E-discovery refers to discovery in litigation or government investigations that manages the exchange of electronically stored information (ESI). ESI includes email and office documents, photos, video, databases, and other filetypes.

• Question 145:

  A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company's main applications were created in-house. Which of the following actions should the large company's security administrator take in preparation for the merger?

  A. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed.
  B. An ROI calculation should be performed to determine which company's application should be used.
  C. A security assessment should be performed to establish the risks of integration or co- existence.
  D. A regression test should be performed on the in-house software to determine security risks associated with the software.
  C. A security assessment should be performed to establish the risks of integration or co- existence.

  ---

  With any merger regardless of the monetary benefit there is always security risks and prior to the merger the security administrator should assess the security risks to as to mitigate these.

• Question 146:

  In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change. Which of the following BEST addresses risks associated with disclosure of intellectual property?

  A. Require the managed service provider to implement additional data separation.
  B. Require encrypted communications when accessing email.
  C. Enable data loss protection to minimize emailing PII and confidential data.
  D. Establish an acceptable use policy and incident response policy.
  C. Enable data loss protection to minimize emailing PII and confidential data.

• Question 147:

  A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

  A. Survey threat feeds from services inside the same industry.
  B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
  C. Conduct an internal audit against industry best practices to perform a qualitative analysis.
  D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
  A. Survey threat feeds from services inside the same industry.

  ---

  Security posture refers to the overall security plan from planning through to implementation and comprises technical and non-technical policies, procedures and controls to protect from both internal and external threats. From a security standpoint, one of the first questions that must be answered in improving the overall security posture of an organization is to identify where data resides. All the advances that were made by technology make this very difficult. The best way then to improve your company's security posture is to first survey threat feeds from services inside the same industry.

• Question 148:

  An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO's objectives?

  A. CoBIT
  B. UCF
  C. ISO 27002
  D. eGRC
  D. eGRC

• Question 149:

  A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement?

  A. SAN
  B. NAS
  C. Virtual SAN
  D. Virtual storage
  B. NAS

  ---

  A NAS is an inexpensive storage solution suitable for small offices. Individual files can be encrypted by using the EFS (Encrypted File System) functionality provided by the NTFS file system.

  NAS typically uses a common Ethernet network and can provide storage services to any authorized devices on that network. Two primary NAS protocols are used in most environments. The choice of protocol depends largely on the type of computer or server connecting to the storage. Network File System (NFS) protocol usually used by servers to access storage in a NAS environment. Common Internet File System (CIFS), also sometimes called Server Message Block (SMB), is usually used for desktops, especially those running Microsoft Windows. Unlike DAS and SAN, NAS is a file-level storage technology. This means the NAS appliance maintains and controls the files, folder structures, permission, and attributes of the data it holds. A typical NAS deployment integrates the NAS appliance with a user database, such as Active Directory, so file permissions can be assigned based on established users and groups. With Active Directory integration, most Windows New Technology File System (NTFS) permissions can be set on the files contained on a NAS device.

• Question 150:

  The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

  A. Avoid
  B. Accept
  C. Mitigate
  D. Transfer
  C. Mitigate

  ---

  Mitigation means that a control is used to reduce the risk. In this case, the control is training.