CompTIA RC0-C02 Online Practice
Questions and Exam Preparation
RC0-C02 Exam Details
Exam Code
:RC0-C02
Exam Name
:CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education
Certification
:CompTIA Advanced Security Practitioner
Vendor
:CompTIA
Total Questions
:308 Q&As
Last Updated
:May 26, 2026
CompTIA RC0-C02 Online Questions &
Answers
Question 221:
The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?
A. Race condition B. Click-jacking C. Integer overflow D. Use after free E. SQL injection
C. Integer overflow
Integer overflow errors can occur when a program fails to account for the fact that an arithmetic operation can result in a quantity either greater than a data type's maximum value or less than its minimum value.
Question 222:
An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?
A. Configure a firewall with deep packet inspection that restricts traffic to the systems B. Configure a separate zone for the systems and restrict access to known ports C. Configure the systems to ensure only necessary applications are able to run D. Configure the host firewall to ensure only the necessary applications have listening ports
C. Configure the systems to ensure only necessary applications are able to run
SCADA stands for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water
and waste control, energy, oil and gas refining and transportation.
If we cannot take the SCADA systems offline for patching, then the best way to protect these systems from malicious software is to reduce the attack surface by configuring the systems to ensure only necessary applications are able to run.
The basic strategies of attack surface reduction are to reduce the amount of code running, reduce entry points available to untrusted users, and eliminate services requested by relatively few users. One approach to improving information
security is to reduce the attack surface of a system or software. By turning off unnecessary functionality, there are fewer security risks. By having less code available to unauthorized actors, there will tend to be fewer failures. Although attack
surface reduction helps prevent security failures, it does not mitigate the amount of damage an attacker could inflict once a vulnerability is found.
Question 223:
As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor's products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility
issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?
A. Purchase the equipment now, but do not use 802.11r until the standard is ratified. B. Do not purchase the equipment now as the client devices do not yet support 802.11r. C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard. D. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.
C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.
Question 224:
Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors?
A. Establish a cloud-based authentication service that supports SAML. B. Implement a new Diameter authentication server with read-only attestation. C. Install a read-only Active Directory server in the corporate DMZ for federation. D. Allow external connections to the existing corporate RADIUS server.
A. Establish a cloud-based authentication service that supports SAML.
There is widespread adoption of SAML standards by SaaS vendors for single sign-on identity management, in response to customer demands for fast, simple and secure employee, customer and partner access to applications in their environments. By eliminating all passwords and instead using digital signatures for authentication and authorization of data access, SAML has become the Gold Standard for single sign-on into cloud applications. SAML-enabled SaaS applications are easier and quicker to user provision in complex enterprise environments, are more secure and help simplify identity management across large and diverse user communities.
Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. The SAML specification defines three roles: the principal (typically a user), the Identity provider (IdP), and the service provider (SP). In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision ?in other words it can decide whether to perform some service for the connected principal.
Question 225:
A company Chief Information Officer (CIO) is unsure which set of standards should govern the company's IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?
A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company. B. Issue a policy that requires only the most stringent security standards be implemented throughout the company. C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company. D. Issue a RFI for vendors to determine which set of security standards is best for the company.
C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company.
There is large overlap between the configuration checks and security controls governing each set of standards (government standards and industry security standards). In other words, different sets of standards have many of the same requirements. A baseline implemented across the company that meets the overlapping requirements would meet the requirements of both sets of standards without the need for duplicate checks and controls. Therefore, you should create a policy specifying best practice security standards along with the baseline.
Question 226:
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 ?Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 ?For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
A. Apply a hidden field that triggers a SIEM alert B. Cross site scripting attack C. Resource exhaustion attack D. Input a blacklist of all known BOT malware IPs into the firewall E. SQL injection F. Implement an inline WAF and integrate into SIEM G. Distributed denial of service H. Implement firewall rules to block the attacking IP addresses
C. Resource exhaustion attack F. Implement an inline WAF and integrate into SIEM
A resource exhaustion attack involves tying up predetermined resources on a system, thereby making the resources unavailable to others.
Implementing an inline WAF would allow for protection from attacks, as well as log and alert admins to what's going on. Integrating in into SIEM allows for logs and other security- related documentation to be collected for analysis.
Question 227:
The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization's mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?
A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset. B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset. C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal. D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.
B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.
Question 228:
An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?
A. Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need. B. Implement controls based on the system needs. Perform a risk analysis of the system. For any remaining risks, perform continuous monitoring. C. Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis. Decide on which security controls to implement. D. Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture.
C. Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis. Decide on which security controls to implement.
Question 229:
The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled: Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a A packet capture shows the following: 09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length 65534 09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length 65534 09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length 65534 Which of the following is occurring on the network?
A. A man-in-the-middle attack is underway on the network. B. An ARP flood attack is targeting at the router. C. The default gateway is being spoofed on the network. D. A denial of service attack is targeting at the router.
D. A denial of service attack is targeting at the router.
The above packet capture shows an attack where the attacker is busy consuming your resources (in this case the router) and preventing normal use. This is thus a Denial Of Service Attack.
Question 230:
The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?
A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA. B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA. C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ. D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.
D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.
VoIP is an integral part of network design and in particular remote access, that enables customers accessing and communicating with the company. If VoIP is unavailable then the company is in a situation that can be compared to downtime. And since the ISO is reviewing he summary of findings from the last COOP tabletop exercise, it can be said that the ISO is assessing the effect of a simulated downtime within the AAR.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your RC0-C02 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.