CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 191:

  An application present on the majority of an organization's 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?

  A. Deploy custom HIPS signatures to detect and block the attacks.
  B. Validate and deploy the appropriate patch.
  C. Run the application in terminal services to reduce the threat landscape.
  D. Deploy custom NIPS signatures to detect and block the attacks.
  B. Validate and deploy the appropriate patch.

  ---

  If an application has a known issue (such as susceptibility to buffer overflow attacks) and a patch is released to resolve the specific issue, then the best solution is always to deploy the patch.

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.

• Question 192:

  A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service

  being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified:

  Developers have the ability to perform technical validation of development applications.

  End users have the ability to access internal web applications.

  Third-party vendors have the ability to support applications.

  In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All

  placeholders must be filled.

  Select and Place:

  

  

• Question 193:

  Company XYZ provides cable television services to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?

  A. The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP.
  B. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP.
  C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.
  D. The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP.
  C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.

  ---

  The question states that "all three companies must share customer data for the purposes of accounting, billing, and customer authentication". The simplest solution is a federated solution. In a federated solution, you have a single

  authentication provider.

  In this question, the parent company should be the authentication provider. The authentication provider is known as the IdP (Identity Provider). The IdP is the partner in a federation that creates security tokens for users. The other two

  subsidiaries, the telephone and Internet services providers will be the SP (Service Provider). The SP is the partner in a federation that consumes security tokens for providing access to applications.

• Question 194:

  Company A needs to export sensitive data from its financial system to company B's database, using company B's API in an automated manner. Company A's policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A's financial system and company B's destination server using the supplied API. Additionally, company A's legacy financial software does not support encryption, while company B's API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

  A. Company A must install an SSL tunneling software on the financial system.
  B. Company A's security administrator should use an HTTPS capable browser to transfer the data.
  C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
  D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.
  A. Company A must install an SSL tunneling software on the financial system.

  ---

  We need to transfer the data from company A's financial system to company B's destination server. Company B's API does support encryption. Company A's legacy financial software does not support encryption.

  To provide end-to-end encryption for the data transfer, we need a way of enabling Company A's financial system to support encryption. The easiest way to do this is to install an SSL tunneling software application on the financial system.

  There are several SSL tunneling software applications out there; one example is STunnel.

• Question 195:

  Which of the following activities is commonly deemed "OUT OF SCOPE" when undertaking a penetration test?

  A. Test password complexity of all login fields and input validation of form fields
  B. Reverse engineering any thick client software that has been provided for the test
  C. Undertaking network-based denial of service attacks in production environment
  D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
  E. Running a vulnerability scanning tool to assess network and host weaknesses
  C. Undertaking network-based denial of service attacks in production environment

  ---

  Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network-based denial of service attack in the production environment is as such `OUT OF SCOPE'.

• Question 196:

  An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same certificate. Which of the following would allow the administrator to secure those domains with a single issued certificate?

  A. Intermediate Root Certificate
  B. Wildcard Certificate
  C. EV x509 Certificate
  D. Subject Alternative Names Certificate
  D. Subject Alternative Names Certificate

  ---

  Subject Alternative Names let you protect multiple host names with a single SSL certificate. Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate. When you order the certificate, you will specify one fully qualified domain name in the common name field. You can then add other names in the Subject Alternative Names field.

• Question 197:

  A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the shortest time period?

  A. Online password testing
  B. Rainbow tables attack
  C. Dictionary attack
  D. Brute force attack
  B. Rainbow tables attack

  ---

  The passwords in a Windows (Active Directory) domain are encrypted. When a password is "tried" against a system it is "hashed" using encryption so that the actual password is never sent in clear text across the communications line. This prevents eavesdroppers from intercepting the password. The hash of a password usually looks like a bunch of garbage and is typically a different length than the original password. Your password might be "shitzu" but the hash of your password would look something like "7378347eedbfdd761619451949225ec1". To verify a user, a system takes the hash value created by the password hashing function on the client computer and compares it to the hash value stored in a table on the server. If the hashes match, then the user is authenticated and granted access. Password cracking programs work in a similar way to the login process. The cracking program starts by taking plaintext passwords, running them through a hash algorithm, such as MD5, and then compares the hash output with the hashes in the stolen password file. If it finds a match then the program has cracked the password. Rainbow Tables are basically huge sets of precomputed tables filled with hash values that are pre-matched to possible plaintext passwords. The Rainbow Tables essentially allow hackers to reverse the hashing function to determine what the plaintext password might be. The use of Rainbow Tables allow for passwords to be cracked in a very short amount of time compared with brute-force methods, however, the trade-off is that it takes a lot of storage (sometimes Terabytes) to hold the Rainbow Tables themselves.

• Question 198:

  Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).

  A. Code review
  B. Sandbox
  C. Local proxy
  D. Fuzzer
  E. Port scanner
  C. Local proxy
  D. Fuzzer

  ---

  C: Local proxy will work by proxying traffic between the web client and the web server. This is a tool that can be put to good effect in this case.

  D: Fuzzing is another form of blackbox testing and works by feeding a program multiple input iterations that are specially written to trigger an internal error that might indicate a bug and crash it.

• Question 199:

  A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?

  A. To ensure the security of the network is documented prior to customer delivery
  B. To document the source of all functional requirements applicable to the network
  C. To facilitate the creation of performance testing metrics and test plans
  D. To allow certifiers to verify the network meets applicable security requirements
  D. To allow certifiers to verify the network meets applicable security requirements

• Question 200:

  Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.

  Which of the following would be the advantage of conducting this kind of penetration test?

  A. The risk of unplanned server outages is reduced.
  B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
  C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
  D. The results should reflect what attackers may be able to learn about the company.
  D. The results should reflect what attackers may be able to learn about the company.

  ---

  A black box penetration test is usually done when you do not have access to the code, much the same like an outsider/attacker. This is then the best way to run a penetration test that will also reflect what an attacker/outsider can learn about the company. A black box test simulates an outsiders attack.