CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 171:

  A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

  A. Establish a risk matrix
  B. Inherit the risk for six months
  C. Provide a business justification to avoid the risk
  D. Provide a business justification for a risk exception
  D. Provide a business justification for a risk exception

  ---

  The Exception Request must include:

  A description of the non-compliance.

  The anticipated length of non-compliance (2-year maximum). The proposed assessment of risk associated with non-compliance. The proposed plan for managing the risk associated with non-compliance. The proposed metrics for evaluating

  the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance. An endorsement of the request by the appropriate Information Trustee (VP or Dean).

• Question 172:

  An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?

  A. BGP route hijacking attacks
  B. Bogon IP network traffic
  C. IP spoofing attacks
  D. Man-in-the-middle attacks
  E. Amplified DDoS attacks
  C. IP spoofing attacks

  ---

  The IP address block 203.0.113.0/24 is used on the internal network. Therefore, there should be no traffic coming into the network claiming to be from an address in the 203.0.113.0/24 range. Similarly, there should be no outbound traffic destined for an address in the 203.0.113.0/24 range. So this has been blocked at the firewall. This is to protect against IP spoofing attacks where an attacker external to the network sends data claiming to be from an internal computer with an address in the 203.0.113.0/24 range. IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here's how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source. When IP spoofing is used to hijack a browser, a visitor who types in the URL (Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL www.loc.gov would see spoofed content created by the hijacker. If a user interacts with dynamic content on a spoofed page, the hijacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware. The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam.

• Question 173:

  After reviewing a company's NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security controls on the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the following is true about the security controls implemented by the security administrator?

  A. The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user.
  B. Removing the no_root_squash directive grants the root user remote NFS read/write access to important files owned by root on the NAS.
  C. Users with root access on remote NFS client computers can always use the SU command to modify other user's files on the NAS.
  D. Adding the nosuid directive disables regular users from accessing files owned by the root user over NFS even after using the SU command.
  C. Users with root access on remote NFS client computers can always use the SU command to modify other user's files on the NAS.

  ---

  If a user has root access, the user can log in with a non-root access account and then use the SU (Switch User) command to perform functions that require root access such as modifying other user's files on the NAS.

  By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set. If no_root_squash is

  used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.

  Some unix programs are called "suid" programs: They set the id of the person running them to whomever is the owner of the file. If a file is owned by root and is suid, then the program will execute as root, so that they can perform operations

  that only root is allowed to do. Using the nosuid option is a good idea and you should consider using this with all NFS mounted disks. It means that the server's root user cannot make a suid-root program on the file system, log in to the client

  as a normal user and then use the suid-root program to become root on the client too.

• Question 174:

  A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailer's AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN's no other security action was taken.

  To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

  A. Residual Risk calculation
  B. A cost/benefit analysis
  C. Quantitative Risk Analysis
  D. Qualitative Risk Analysis
  C. Quantitative Risk Analysis

  ---

  Performing quantitative risk analysis focuses on assessing the probability of risk with a metric measurement which is usually a numerical value based on money or time.

• Question 175:

  A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO's business decision?

  A. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.
  B. Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organization's flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.
  C. Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization's flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.
  D. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization's flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.
  D. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization's flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

• Question 176:

  The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:

  Employee A: Works in the accounts receivable office and is in charge of entering data into the finance system.

  Employee B: Works in the accounts payable office and is in charge of approving purchase orders.

  Employee C: Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.

  Which of the following should the auditor suggest be done to avoid future security breaches?

  A. All employees should have the same access level to be able to check on each others.
  B. The manager should only be able to review the data and approve purchase orders.
  C. Employee A and Employee B should rotate jobs at a set interval and cross-train.
  D. The manager should be able to both enter and approve information.
  B. The manager should only be able to review the data and approve purchase orders.

• Question 177:

  A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm's expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

  A. Code review
  B. Penetration testing
  C. Grey box testing
  D. Code signing
  E. White box testing
  A. Code review
  E. White box testing

  ---

  A Code review refers to the examination of an application (the new network based software product in this case) that is designed to identify and assess threats to the organization. White box testing assumes that the penetration test team has full knowledge of the network and the infrastructure per se thus rendering the testing to follow a more structured approach.

• Question 178:

  An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?

  A. Meet the two key VPs and request a signature on the original assessment.
  B. Include specific case studies from other organizations in an updated report.
  C. Schedule a meeting with key human resource application stakeholders.
  D. Craft an RFP to begin finding a new human resource application.
  C. Schedule a meeting with key human resource application stakeholders.

  ---

  You have submitted the report to senior management. It could be that the senior management are not that bothered about the HR application or they are just too busy to respond.

  This question is asking for the logical next step. The next step should be to inform people that are interested in the HR application about your findings. To ensure that the key human resource application stakeholders fully understand the

  implications of your findings, you should arrange a face-to-face meeting to discuss your report.

• Question 179:

  The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

  A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues
  B. Improper handling of client data, interoperability agreement issues and regulatory issues
  C. Cultural differences, increased cost of doing business and divestiture issues
  D. Improper handling of customer data, loss of intellectual property and reputation damage
  D. Improper handling of customer data, loss of intellectual property and reputation damage

  ---

  The risk of security violations or compromised intellectual property (IP) rights is inherently elevated when working internationally. A key concern with outsourcing arrangements is making sure that there is sufficient protection and security in place for personal information being transferred and/or accessed under an outsourcing agreement.

• Question 180:

  The IT Security Analyst for a small organization is working on a customer's system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?

  A. Contact the local authorities so an investigation can be started as quickly as possible.
  B. Shut down the production network interfaces on the server and change all of the DBMS account passwords.
  C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed.
  D. Refer the issue to management for handling according to the incident response process.
  D. Refer the issue to management for handling according to the incident response process.

  ---

  The database contains PII (personally identifiable information) so the natural response is to want to get the issue addressed as soon as possible. However, in this question we have an IT Security Analyst working on a customer's system. Therefore, this IT Security Analyst does not know what the customer's incident response process is. In this case, the IT Security Analyst should refer the issue to company management so they can handle the issue (with your help if required) according to their incident response procedures.