Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/RC0-C02.html

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 81 – (Topic 2)

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?

  1. Capture process ID data and submit to anti-virus vendor for review.

  2. Reboot the Linux servers, check running processes, and install needed patches.

  3. Remove a single Linux server from production and place in quarantine.

  4. Notify upper management of a security breach.

  5. Conduct a bit level image, including RAM, of one or more of the Linux servers.

Answer: E Explanation:

Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes.

In this question, an attack has been identified and confirmed. When a server is compromised or used to commit a crime, it is often necessary to seize it for forensics analysis. Security teams often face two challenges when trying to remove a physical server from service: retention of potential evidence in volatile storage or removal of a device from a critical business process.

Evidence retention is a problem when the investigator wants to retain RAM content. For example, removing power from a server starts the process of mitigating business impact, but it also denies forensic analysis of data, processes, keys, and possible footprints left by an attacker.

A full a bit level image, including RAM should be taken of one or more of the Linux servers. In many cases, if your environment has been deliberately attacked, you may want to take legal action against the perpetrators. In order to preserve this option, you should gather evidence that can be used against them, even if a decision is ultimately made not to pursue such action. It is extremely important to back up the compromised systems as soon as possible. Back up the systems prior to performing any actions that could affect data integrity on the original media.

Question No: 82 – (Topic 2)

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by

reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seem to be a manageable volume of infrequently exploited security vulnerabilities. The director decides to implement continuous monitoring and other security controls to mitigate the impact of the vulnerabilities. Which of the following should the director require from the developers before agreeing to deploy the system?

  1. An incident response plan which guarantees response by tier two support within 15 minutes of an incident.

  2. A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months.

  3. Business insurance to transfer all risk from the company shareholders to the insurance company.

  4. A prudent plan of action which details how to decommission the system within 90 days of becoming operational.

Answer: B

Question No: 83 – (Topic 2)

The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity. This includes the development of a new product tracking application that works with the new platform. The security manager attempted to stop the deployment because the equipment and application are non-standard and unsupported within the organization. However, upper management decided to continue the deployment. Which of the following provides the BEST method for evaluating the potential threats?

  1. Conduct a vulnerability assessment to determine the security posture of the new devices and the application.

  2. Benchmark other organizations that already encountered this type of situation and apply all relevant learnings and industry best practices.

  3. Work with the business to understand and classify the risk associated with the full lifecycle of the hardware and software deployment.

  4. Develop a standard image for the new devices and migrate to a web application to eliminate locally resident data.

Answer: C

Question No: 84 – (Topic 2)

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?

  1. Construct a library of re-usable security patterns

  2. Construct a security control library

  3. Introduce an ESA framework

  4. Include SRTM in the SDLC

Answer: C

Question No: 85 – (Topic 2)

A company has noticed recently that its corporate information has ended up on an online forum. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO).

  1. Implement a URL filter to block the online forum

  2. Implement NIDS on the desktop and DMZ networks

  3. Security awareness compliance training for all employees

  4. Implement DLP on the desktop, email gateway, and web proxies

  5. Review of security policies and procedures

Answer: C,D Explanation:

Security awareness compliance training for all employees should be implemented to educate employees about corporate policies and procedures for working with information technology (IT). Data loss prevention (DLP) should be implemented to make sure that users do not send sensitive or critical information outside the corporate network.

Question No: 86 – (Topic 2)

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of

the following is the MOST likely cause of the noncompliance?

  1. The devices are being modified and settings are being overridden in production.

  2. The patch management system is causing the devices to be noncompliant after issuing the latest patches.

  3. The desktop applications were configured with the default username and password.

  4. 40 percent of the devices use full disk encryption.

Answer: A Explanation:

The question states that all hosts are hardened at the OS level before deployment. So we know the desktops are fully patched when the users receive them. Six months later, the desktops do not meet the compliance standards. The most likely explanation for this is that the users have changed the settings of the desktops during the six months that they’ve had them.

Question No: 87 – (Topic 2)

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?

  1. Geographical regulation issues, loss of intellectual property and interoperability agreement issues

  2. Improper handling of client data, interoperability agreement issues and regulatory issues

  3. Cultural differences, increased cost of doing business and divestiture issues

  4. Improper handling of customer data, loss of intellectual property and reputation damage

Answer: D Explanation:

The risk of security violations or compromised intellectual property (IP) rights is inherently elevated when working internationally. A key concern with outsourcing arrangements is making sure that there is sufficient protection and security in place for personal information being transferred and/or accessed under an outsourcing agreement.

Question No: 88 – (Topic 2)

A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).

  1. The email system may become unavailable due to overload.

  2. Compliance may not be supported by all smartphones.

  3. Equipment loss, theft, and data leakage.

  4. Smartphone radios can interfere with health equipment.

  5. Data usage cost could significantly increase.

  6. Not all smartphones natively support encryption.

  7. Smartphones may be used as rogue access points.

Answer: B,C,F

Question No: 89 – (Topic 2)

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:

Employee A: Works in the accounts receivable office and is in charge of entering data into the finance system.

Employee B: Works in the accounts payable office and is in charge of approving purchase orders.

Employee C: Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.

Which of the following should the auditor suggest be done to avoid future security breaches?

  1. All employees should have the same access level to be able to check on each others.

  2. The manager should only be able to review the data and approve purchase orders.

  3. Employee A and Employee B should rotate jobs at a set interval and cross-train.

  4. The manager should be able to both enter and approve information.

Answer: B

Question No: 90 – (Topic 2)

It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited?

  1. Update the blog page to HTTPS

  2. Filter metacharacters

  3. Install HIDS on the server

  4. Patch the web application

  5. Perform client side input validation

Answer: B Explanation:

A general rule of thumb with regards to XSS is to quot;Never trust user input and always filter meta-characters.quot;

100% Ensurepass Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass RC0-C02 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Comments are closed.