CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 181:

  VPN users cannot access the active FTP server through the router but can access any server in the data center. Additional network information: DMZ network – 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network – 192.168.1.0/24 Datacenter – 192.168.2.0/24 User network - 192.168.3.0/24 HR network – 192.168.4.0/24\ Traffic shaper configuration: VLANBandwidth Limit (Mbps) VPN50 User175 HR250 Finance250 Guest0 Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24 Deny192.168.1.0/24192.168.4.0/24 Denyanyany

  Which of the following solutions would allow the users to access the active FTP server?

  A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network
  B. Add a permit statement to allow traffic to 192.168.5.1 from the VPN network
  C. IPS is blocking traffic and needs to be reconfigured
  D. Configure the traffic shaper to limit DMZ traffic
  E. Increase bandwidth limit on the VPN network
  A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network

  ---

  The FTP Server is in the DMZ network (192.168.5.0/24). VPN users connect to the VPN network (192.168.1.0/24)

  We have a firewall rule which allows traffic from the VPN network to the DMZ network as shown below. Permit192.168.1.0/24192.168.5.0/24

  However, we do not have a rule allowing traffic going the other way. This means that FTP requests will reach the FTP server but any response from the FTP server back to a VPN user's computer will be blocked at the firewall. The solution is to allow the return traffic by adding a permit statement to allow traffic from 192.168.5.0/24 (the DMZ network) to the VPN network. Such a rule would look like the rule shown below: Permit192.168.5.0/24192.168.1.0/24

• Question 182:

  A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two- factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?

  A. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.
  B. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.
  C. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.
  D. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.
  A. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.

  ---

  In this question, two virtual machines have been accessed by an attacker. The question is asking what is MOST likely to have occurred.

  It is common for operating systems to not be fully patched. Of the options given, the most likely occurrence is that the two VMs were not fully patched allowing an attacker to access each of them. The attacker could then copy data from one

  VM and hide it in a hidden folder on the other VM.

• Question 183:

  Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.

  The information security team has been a part of the department meetings and come away with the following notes:

  Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.

  Sales is asking for easy order tracking to facilitate feedback to customers.

  Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.

  Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.

  Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.

  The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and

  data encryption.

  Which of the following departments' request is in contrast to the favored solution?

  A. Manufacturing
  B. Legal
  C. Sales
  D. Quality assurance
  E. Human resources
  E. Human resources

  ---

  The human resources department wanted complete access to employee data stored in the application, and an automated data interchange with their cloud-based SaaS employee management application. However, the favored solution provides read-only access and is hosted onsite.

• Question 184:

  Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?

  A. They should logon to the system using the username concatenated with the 6-digit code and their original password.
  B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.
  C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.
  D. They should use the username format: [email protected], together with a password and their 6-digit code.
  D. They should use the username format: [email protected], together with a password and their 6-digit code.

  ---

  The two companies use Active Directory domains for the authentication (plus the TOTP second factor). The system administrators have configured a trust relationship between the authentication backend. This trust relationship will be an external Active Directory forest/domain trust. With this trust relationship, the AD domain controllers in one domain `trust' the AD domain controllers in the other domain to perform the authentication. We just need a way of telling the domain controllers which domain the user is from so the authentication can be passed to the appropriate domain controllers. We can do this by logging on with the username format: [email protected]. The `@company.com' part of the username will tell the domain controllers whether the user account is in the local domain or in the other (trusted) domain. Now that the domain login has been passed to a domain controller in the appropriate domain, the user can complete the authentication by entering their password and their TOTP 6-digit code.

• Question 185:

  A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

  A. The user's certificate private key must be installed on the VPN concentrator.
  B. The CA's certificate private key must be installed on the VPN concentrator.
  C. The user certificate private key must be signed by the CA.
  D. The VPN concentrator's certificate private key must be signed by the CA and installed on the VPN concentrator.
  E. The VPN concentrator's certificate private key must be installed on the VPN concentrator.
  F. The CA's certificate public key must be installed on the VPN concentrator.
  E. The VPN concentrator's certificate private key must be installed on the VPN concentrator.
  F. The CA's certificate public key must be installed on the VPN concentrator.

  ---

  A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party. A

  typical PKI includes the following key elements:

  A trusted party, called a certificate authority (CA), acts as the root of trust and provides services that authenticate the identity of individuals, computers and other entities A registration authority, often called a subordinate CA, certified by a root

  CA to issue certificates for specific uses permitted by the root A certificate database, which stores certificate requests and issues and revokes certificates A certificate store, which resides on a local computer as a place to store issued

  certificates and private keys

  A CA issues digital certificates to entities and individuals after verifying their identity. It signs these certificates using its private key; its public key is made available to all interested parties in a self-signed CA certificate.

  In this question, we have implemented a PKI. The Certificate Authority is the trusted root and supplies certificates to all devices that require one. Every device that trusts the CA will have the CA's public installed... This includes the VPN

  concentrator. With the VPN concentrator trusting the CA, the VPN concentrator will trust users with certificates supplied by the CA.

  For the users and their devices to trust the VPN concentrator (to ensure that no error messages are displayed to the user during the VPN connection), the VPN concentrator must have a certificate that includes a private key installed.

• Question 186:

  A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

  A. Loss of physical control of the servers
  B. Distribution of the job to multiple data centers
  C. Network transmission of cryptographic keys
  D. Data scraped from the hardware platforms
  D. Data scraped from the hardware platforms

• Question 187:

  A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).

  A. NIPS
  B. HSM
  C. HIPS
  D. NIDS
  E. WAF
  C. HIPS
  E. WAF

  ---

  OSI layer 7 is the application layer. To protect layer 7, we need to use application aware security devices such as Host-based Intrusion Prevention Systems (HIPS) or Web Application Firewalls (WAFs). An IPS generally sits in-line and watches network traffic as the packets flow through it. It acts similarly to an Intrusion Detection System (IDS) by trying to match data in the packets against a signature database or detect anomalies against what is pre-defined as "normal" traffic. In addition to its IDS functionality, an IPS can do more than log and alert. It can be programmed to react to what it detects. The ability to react to the detections is what makes IPSs more desirable than IDSs. There are still some drawbacks to an IPS. IPSs are designed to block certain types of traffic that it can identify as potentially bad traffic. IPSs do not have the ability to understand web application protocol logic. Hence, IPSs cannot fully distinguish if a request is normal or malformed at the application layer (OSI Layer 7). Host IPSs (HIPS) are a little more granular than network IPSs (NIPS). HIPS can monitor the application layer (OSI Layer 7), a little closer to the logic delivered to the web application. But HIPS still lacks some understanding of web application languages and logic. In response to these shortcomings, we are presented the Web Application Firewall. WAFs are designed to protect web applications/servers from web-based attacks that IPSs cannot prevent. In the same regards as an IPS, WAFs can be network or host based. They sit in-line and monitor traffic to and from web applications/servers. Basically, the difference is in the level of ability to analyze the Layer 7 web application logic.

• Question 188:

  During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company's database server. Which of the following is the correct order in which the forensics team should engage?

  A. Notify senior management, secure the scene, capture volatile storage, capture non- volatile storage, implement chain of custody, and analyze original media.
  B. Take inventory, secure the scene, capture RAM, capture hard drive, implement chain of custody, document, and analyze the data.
  C. Implement chain of custody, take inventory, secure the scene, capture volatile and non- volatile storage, and document the findings.
  D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.
  D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.

  ---

  The scene has to be secured first to prevent contamination. Once a forensic copy has been created, an analyst will begin the process of moving from most volatile to least volatile information. The chain of custody helps to protect the integrity and reliability of the evidence by keeping an evidence log that shows all access to evidence, from collection to appearance in court.

• Question 189:

  An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?

  A. Increase the virtual RAM allocation to high I/O servers.
  B. Install a management NIC and dedicated virtual switch.
  C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
  D. Move the guest web server to another dedicated host.
  B. Install a management NIC and dedicated virtual switch.

• Question 190:

  A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

  A. Client side input validation
  B. Stored procedure
  C. Encrypting credit card details
  D. Regular expression matching
  D. Regular expression matching

  ---

  Regular expression matching is a technique for reading and validating input, particularly in web software. This question is asking about securing input fields where customers enter their credit card details. In this case, the expected input into the credit card number field would be a sequence of numbers of a certain length. We can use regular expression matching to verify that the input is indeed a sequence of numbers. Anything that is not a sequence of numbers could be malicious code.