CompTIA RC0-C02 Online Practice Questions and Exam Preparation

CompTIA RC0-C02 Online Questions & Answers

• Question 201:

  A trucking company delivers products all over the country. The executives at the company would like to have better insight into the location of their drivers to ensure the shipments are following secure routes. Which of the following would BEST help the executives meet this goal?

  A. Install GSM tracking on each product for end-to-end delivery visibility.
  B. Implement geo-fencing to track products.
  C. Require drivers to geo-tag documentation at each delivery location.
  D. Equip each truck with an RFID tag for location services.
  B. Implement geo-fencing to track products.

  ---

  A Geo-fencing solution would use GPS to track the vehicles and could be configured to inform the executives where the vehicles are.

  Geo-fencing is a feature in a software program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries. A geo- fence is a virtual barrier.

  Programs that incorporate geo-fencing allow an administrator to set up triggers so when a device enters (or exits) the boundaries defined by the administrator, a text message or email alert is sent. Many geo-fencing applications incorporate

  Google Earth, allowing administrators to define boundaries on top of a satellite view of a specific geographical area. Other applications define boundaries by longitude and latitude or through user- created and Web-based maps.

• Question 202:

  A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning?

  A. Remove contact details from the domain name registrar to prevent social engineering attacks.
  B. Test external interfaces to see how they function when they process fragmented IP packets.
  C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.
  D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network interfaces.
  B. Test external interfaces to see how they function when they process fragmented IP packets.

  ---

  Fragmented IP packets are often used to evade firewalls or intrusion detection systems.

  Port Scanning is one of the most popular reconnaissance techniques attackers use to discover services they can break into. All machines connected to a Local Area Network (LAN) or Internet run many services that listen at well-known and

  not so well known ports. A port scan helps the attacker find which ports are available (i.e., what service might be listing to a port).

  One problem, from the perspective of the attacker attempting to scan a port, is that services listening on these ports log scans. They see an incoming connection, but no data, so an error is logged. There exist a number of stealth scan

  techniques to avoid this. One method is a fragmented port scan.

  Fragmented packet Port Scan

  The scanner splits the TCP header into several IP fragments. This bypasses some packet filter firewalls because they cannot see a complete TCP header that can match their filter rules. Some packet filters and firewalls do queue all IP

  fragments, but many networks cannot afford the performance loss caused by the queuing.

• Question 203:

  In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end- to-end?

  A. Creation and secure destruction of mail accounts, emails, and calendar items
  B. Information classification, vendor selection, and the RFP process
  C. Data provisioning, processing, in transit, at rest, and de-provisioning
  D. Securing virtual environments, appliances, and equipment that handle email
  C. Data provisioning, processing, in transit, at rest, and de-provisioning

• Question 204:

  A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).

  A. The company must dedicate specific staff to act as social media representatives of the company.
  B. All staff needs to be instructed in the proper use of social media in the work environment.
  C. Senior staff blogs should be ghost written by marketing professionals.
  D. The finance department must provide a cost benefit analysis for social media.
  E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.
  F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.
  A. The company must dedicate specific staff to act as social media representatives of the company.
  E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.

• Question 205:

  A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a user's age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.

  Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred?

  A. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Improper error handling prevented the application from recovering.
  B. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering.
  C. Computers are able to store numbers well above "billions" in size. Therefore, the website issues are not related to the large number being input.
  D. The application has crashed because a very large integer has led to a "divide by zero". Improper error handling prevented the application from recovering.
  B. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering.

  ---

  The age variable was configured to expect a number (an age); probably a number less than 100... or three digits. If someone entered a very large number (billions) with many digits, an integer overflow can occur which can cause the value to recorded as a negative number.

  In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is too large to be represented within the available storage space.

  In some situations, a program may make the assumption that a variable always contains a positive value. If the variable has a signed integer type, an overflow can cause its value to wrap and become negative. This overflow violates the

  program's assumption and may lead to unintended behavior.

• Question 206:

  A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

  A. Isolate the system on a secure network to limit its contact with other systems
  B. Implement an application layer firewall to protect the payroll system interface
  C. Monitor the system's security log for unauthorized access to the payroll application
  D. Perform reconciliation of all payroll transactions on a daily basis
  A. Isolate the system on a secure network to limit its contact with other systems

  ---

  The payroll system is not meeting security policy due to missing OS security patches. We cannot apply the patches to the system because the vendor states that the system is only supported on the current OS patch level. Therefore, we need

  another way of securing the system.

  We can improve the security of the system and the other systems on the network by isolating the payroll system on a secure network to limit its contact with other systems. This will reduce the likelihood of a malicious user accessing the

  payroll system and limit any damage to other systems if the payroll system is attacked.

• Question 207:

  An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

  A. $4,800
  B. $24,000
  C. $96,000
  D. $120,000
  C. $96,000

  ---

  The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE

  Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF)

  Thus if SLE = $ 24,000 and EF = 25% then the Asset value is SLE/EF = $ 96,000

  References:

  http://www.financeformulas.net/Return_on_Investment.html https://en.wikipedia.org/wiki/Risk_assessment

• Question 208:

  An employee is performing a review of the organization's security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams?

  A. BPA
  B. BIA
  C. MOU
  D. OLA
  C. MOU

  ---

  A memorandum of understanding (MOU) documents conditions and applied terms for teams that must share data and information resources.

• Question 209:

  A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).

  A. The X509 V3 certificate was issued by a non trusted public CA.
  B. The client-server handshake could not negotiate strong ciphers.
  C. The client-server handshake is configured with a wrong priority.
  D. The client-server handshake is based on TLS authentication.
  E. The X509 V3 certificate is expired.
  F. The client-server implements client-server mutual authentication with different certificates.
  B. The client-server handshake could not negotiate strong ciphers.
  C. The client-server handshake is configured with a wrong priority.

  ---

  The client-server handshake could not negotiate strong ciphers. This means that the system is not configured to support the strong ciphers provided by later versions of the SSL protocol. For example, if the system is configured to support

  only SSL version 1.1, then only a weak cipher will be supported.

  The client-server handshake is configured with a wrong priority. The client sends a list of SSL versions it supports and priority should be given to the highest version it supports. For example, if the client supports SSL versions 1.1, 2 and 3,

  then the server should use version 3. If the priority is not configured correctly (if it uses the lowest version) then version 1.1 with its weak algorithm will be used.

• Question 210:

  A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?

  A. Insider threat
  B. Network reconnaissance
  C. Physical security
  D. Industrial espionage
  C. Physical security

  ---

  If all company users worked in the same office with one corporate network and using company supplied laptops, then it is easy to implement all sorts of physical security controls. Examples of physical security include intrusion detection systems, fire protection systems, surveillance cameras or simply a lock on the office door. However, in this question we have dispersed employees using their own devices and frequently traveling internationally. This makes it extremely difficult to implement any kind of physical security. Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.