[Free] 2017(Nov) Dumps4cert Testinsides CompTIA RC0-C02 Dumps with VCE and PDF Download 101-110

Dumps4cert 2017 Nov CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 101 – (Topic 2)

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two- factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred?

  1. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data.

  2. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment.

  3. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access.

  4. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk.

Answer: A Explanation:

In this question, two virtual machines have been accessed by an attacker. The question is asking what is MOST likely to have occurred.

It is common for operating systems to not be fully patched. Of the options given, the most likely occurrence is that the two VMs were not fully patched allowing an attacker to access each of them. The attacker could then copy data from one VM and hide it in a hidden folder on the other VM.

Question No: 102 – (Topic 2)

A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they

would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user#39;s ongoing communication be retained in the user#39;s account for future investigations. Which of the following will BEST meet the goals of law enforcement?

  1. Begin a chain-of-custody on for the user#39;s communication. Next, place a legal hold on the user#39;s email account.

  2. Perform an e-discover using the applicable search terms. Next, back up the user#39;s email for a future investigation.

  3. Place a legal hold on the user#39;s email account. Next, perform e-discovery searches to collect applicable emails.

  4. Perform a back up of the user#39;s email account. Next, export the applicable emails that match the search terms.

Answer: C Explanation:

A legal hold is a process that an organization uses to maintain all forms of pertinent information when legal action is reasonably expected. E-discovery refers to discovery in litigation or government investigations that manages the exchange of electronically stored information (ESI). ESI includes email and office documents, photos, video, databases, and other filetypes.

Question No: 103 – (Topic 2)

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker#39;s position?

  1. Least privilege

  2. Job rotation

  3. Mandatory vacation

  4. Separation of duties

Answer: B Explanation:

Job rotation can reduce fraud or misuse by preventing an individual from having too much control over an area.

Question No: 104 – (Topic 2)

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?

  1. Establish a risk matrix

  2. Inherit the risk for six months

  3. Provide a business justification to avoid the risk

  4. Provide a business justification for a risk exception

Answer: D Explanation:

The Exception Request must include: A description of the non-compliance.

The anticipated length of non-compliance (2-year maximum).

The proposed assessment of risk associated with non-compliance.

The proposed plan for managing the risk associated with non-compliance.

The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance.

An endorsement of the request by the appropriate Information Trustee (VP or Dean).

Question No: 105 – (Topic 2)

An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

  1. Review switch and router configurations

  2. Review the security policies and standards

  3. Perform a network penetration test

  4. Review the firewall rule set and IPS logs

Answer: B Explanation:

IT security professionals should have a chance to review the security controls and practices of a company targeted for acquisition. Any irregularities that are found should be

reported to management so that expenses and concerns are properly identified.

Question No: 106 – (Topic 2)

The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management’s directives?

  1. Develop an information classification scheme that will properly secure data on corporate systems.

  2. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment.

  3. Publish a policy that addresses the security requirements for working remotely with company equipment.

  4. Work with mid-level managers to identify and document the proper procedures for telecommuting.

Answer: C Explanation:

The question states that “the organization has not addressed telecommuting in the past”. It is therefore unlikely that a company policy exists for telecommuting workers.

There are many types of company policies including Working time, Equality and diversity, Change management, Employment policies, Security policies and Data Protection policies. In this question, a new method of working has been employed: remote working or telecommuting. Policies should be created to establish company security requirements (and any other requirements) for users working remotely.

Question No: 107 – (Topic 2)

An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

  1. Independent verification and validation

  2. Security test and evaluation

  3. Risk assessment

  4. Ongoing authorization

Answer: D Explanation:

Ongoing assessment and authorization is often referred to as continuous monitoring. It is a process that determines whether the set of deployed security controls in an information system continue to be effective with regards to planned and unplanned changes that occur in the system and its environment over time.

Continuous monitoring allows organizations to evaluate the operating effectiveness of controls on or near a real-time basis. Continuous monitoring enables the enterprise to detect control failures quickly because it transpires immediately or closely after events in which the key controls are utilized.

Question No: 108 – (Topic 2)

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

  1. Demonstration of IPS system

  2. Review vendor selection process

  3. Calculate the ALE for the event

  4. Discussion of event timeline

  5. Assigning of follow up items

Answer: D,E Explanation:

Lessons learned process is the sixth step in the Incident Response process. Everybody that was involved in the process reviews what happened and why it happened. It is during this step that they determine what changes should be introduced to prevent future problems.

Question No: 109 – (Topic 2)

A large hospital has implemented BYOD to allow doctors and specialists the ability to

access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and require two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

  1. Privacy could be compromised as patient records can be viewed in uncontrolled areas.

  2. Device encryption has not been enabled and will result in a greater likelihood of data loss.

  3. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.

  4. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.

  5. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.

Answer: A,D Explanation:

Privacy could be compromised because patient records can be from a doctor’s personal device. This can then be shown to persons not authorized to view this information.

Similarly, the doctor’s personal device could have malware on it.

Question No: 110 – (Topic 2)

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

  1. The malware file’s modify, access, change time properties.

  2. The timeline analysis of the file system.

  3. The time stamp of the malware in the swap file.

  4. The date/time stamp of the malware detection in the antivirus logs.

Answer: B Explanation:

Timelines can be used in digital forensics to identify when activity occurred on a computer. Timelines are mainly used for data reduction or identifying specific state changes that have occurred on a computer.

100% Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert RC0-C02 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *