[Free] 2018(June) Ensurepass CompTIA RC0-C02 Dumps with VCE and PDF 181-190

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 181 – (Topic 3)

As part of a new wireless implementation, the Chief Information Officer’s (CIO’s) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor’s products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?

  1. Purchase the equipment now, but do not use 802.11r until the standard is ratified.

  2. Do not purchase the equipment now as the client devices do not yet support 802.11r.

  3. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.

  4. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.

Answer: C

Question No: 182 – (Topic 3)

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).

  1. Code review

  2. Sandbox

  3. Local proxy

  4. Fuzzer

  5. Port scanner

Answer: C,D Explanation:

C: Local proxy will work by proxying traffic between the web client and the web server. This is a tool that can be put to good effect in this case.

D: Fuzzing is another form of blackbox testing and works by feeding a program multiple input iterations that are specially written to trigger an internal error that might indicate a bug and crash it.

Question No: 183 – (Topic 3)

A security analyst, Ann, states that she believes Internet facing file transfer servers are being attacked. Which of the following is evidence that would aid Ann in making a case to management that action needs to be taken to safeguard these servers?

  1. Provide a report of all the IP addresses that are connecting to the systems and their locations

  2. Establish alerts at a certain threshold to notify the analyst of high activity

  3. Provide a report showing the file transfer logs of the servers

  4. Compare the current activity to the baseline of normal activity

Answer: D Explanation:

In risk assessment a baseline forms the foundation for how an organization needs to increase or enhance its current level of security. This type of assessment will provide Ann

with the necessary information to take to management.

Question No: 184 – (Topic 3)

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company’s security information and event management server.

Logs: Log 1:

Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 3 packets

Log 2:

HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Log 3:

Security Error Alert

Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client

Log 4:

Encoder oe = new OracleEncoder ();

String query = “Select user_id FROM user_data WHERE user_name = ‘ “

oe.encode ( req.getParameter(“userID”) ) ” ‘ and user_password = ‘ “

oe.encode ( req.getParameter(“pwd”) ) ” ‘ “;

Vulnerabilities Buffer overflow SQL injection


Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO).

  1. Log 1

  2. Log 2

  3. Log 3

  4. Log 4

  5. Buffer overflow

  6. ACL

  7. XSS

  8. SQL injection

Answer: B,E Explanation:

Log 2 indicates that the security breach originated from an external source. And the vulnerability that can be associated with this security breach is a buffer overflow that happened when the amount of data written into the buffer exceeded the limit of that particular buffer.

Question No: 185 – (Topic 3)

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

  1. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs

  2. Interview employees and managers to discover the industry hot topics and trends

  3. Attend meetings with staff, internal training, and become certified in software management

  4. Attend conferences, webinars, and training to remain current with the industry and job requirements

Answer: D


Conferences represent an important method of exchanging information between researchers who are usually experts in their respective fields. Together with webinars and training to remain current on the subject the manager will be able to gain valuable insight into the cyber defense industry and be able to recruit personnel.

Question No: 186 – (Topic 3)

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?

  1. Social media is an effective solution because it is easily adaptable to new situations.

  2. Social media is an ineffective solution because the policy may not align with the business.

  3. Social media is an effective solution because it implements SSL encryption.

  4. Social media is an ineffective solution because it is not primarily intended for business applications.

Answer: B Explanation:

Social media networks are designed to draw people’s attention quickly and to connect people is thus the main focus; security is not the main concern. Thus the CEO should decide that it would be ineffective to use social media in the company as it does not align with the company business.

Question No: 187 – (Topic 3)

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

  1. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.

  2. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.

  3. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.

  4. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

Answer: D Explanation:

Checking whether control effectiveness complies with the complexity of the solution and then determining if there is not an alternative simpler solution would be the first procedure to follow in the light of the findings.

Question No: 188 – (Topic 3)

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

  1. Check log files for logins from unauthorized IPs.

  2. Check /proc/kmem for fragmented memory segments.

  3. Check for unencrypted passwords in /etc/shadow.

  4. Check timestamps for files modified around time of compromise.

  5. Use lsof to determine files with future timestamps.

  6. Use gpg to encrypt compromised data files.

  7. Verify the MD5 checksum of system binaries.

  8. Use vmstat to look for excessive disk I/O.

Answer: A,D,G Explanation:

The MD5 checksum of the system binaries will allow you to carry out a forensic analysis of the compromised Linux system. Together with the log files of logins into the compromised system from unauthorized IPs and the timestamps for those files that were modified around the time that the compromise occurred will serve as useful forensic tools.

Question No: 189 – (Topic 3)

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory?

  1. Use fuzzing techniques to examine application inputs

  2. Run nmap to attach to application memory

  3. Use a packet analyzer to inspect the strings

  4. Initiate a core dump of the application

  5. Use an HTTP interceptor to capture the text strings

Answer: D Explanation:

Applications store information in memory and this information include sensitive data, passwords, and usernames and encryption keys. Conducting memory/core dumping will allow you to analyze the memory content and then you can test that the strings are indeed encrypted.

Question No: 190 – (Topic 3)

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package?

  1. 1

  2. 2

  3. 3

  4. 4

Answer: D Explanation:

Return on investment = Net profit / Investment where:

Profit for the first year is $60 000, second year = $ 120 000 ; third year = $ 180 000 ; and fourth year = $ 240 000

investment in first year = $ 180 000, by year 2 = $ 182 000; by year 3 = $ 184 000 ; and by

year 4 = $ 186 000

Thus you will only get a return on the investment in 4 years’ time.

References: http://www.financeformulas.net/Return_on_Investment.html

100% Ensurepass Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Ensurepass Free Guaranteed!
RC0-C02 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No
Tagged , , , , , , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *