RC0-C02 Online Practice Questions and Answers

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

A. Change the IDS to use a heuristic anomaly filter.

B. Adjust IDS filters to decrease the number of false positives.

C. Change the IDS filter to data mine the false positives for statistical trending data.

D. Adjust IDS filters to increase the number of false negatives.

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and require two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital's system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.

B. Device encryption has not been enabled and will result in a greater likelihood of data loss.

C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.

E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO).

A. Retrieve source system image from backup and run file comparison analysis on the two images.

B. Parse all images to determine if extra data is hidden using steganography.

C. Calculate a new hash and compare it with the previously captured image hash.

D. Ask desktop support if any changes to the images were made.

E. Check key system files to see if date/time stamp is in the past six months.

A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm's expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO).

A. Code review

B. Penetration testing

C. Grey box testing

D. Code signing

E. White box testing

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

A. Ensure web services hosting the event use TCP cookies and deny_hosts.

B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.

C. Contract and configure scrubbing services with third-party DDoS mitigation providers.

D. Purchase additional bandwidth from the company's Internet service provider.

A corporation has expanded for the first time by integrating several newly acquired businesses. Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).

A. Remove acquired companies Internet access.

B. Federate identity management systems.

C. Install firewalls between the businesses.

D. Re-image all end user computers to a standard image.

E. Develop interconnection policy.

F. Conduct a risk analysis of each acquired company's networks.

A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

A. Network Administrator, Database Administrator, Programmers

B. Network Administrator, Emergency Response Team, Human Resources

C. Finance Officer, Human Resources, Security Administrator

D. Database Administrator, Facilities Manager, Physical Security Manager

The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments.

Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing

Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport

A. Systems Engineering: Decomposing requirements Development: Secure coding standards Testing: Code stability Project Management: Stakeholder engagement Security: Secure transport Networks: Functional validation

B. Systems Engineering: Decomposing requirements Development: Code stability Testing: Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport

C. Systems Engineering: Functional validation Development: Stakeholder engagement Testing: Code stability Project Management: Decomposing requirements Security: Secure coding standards Networks: Secure transport

D. Systems Engineering: Decomposing requirements Development: Stakeholder engagement Testing: Code stability Project Management: Functional validation Security: Secure coding standards Networks: Secure transport

A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator's concerns?

A. The SOAP header is not encrypted and allows intermediaries to view the header data. The body can be partially or completely encrypted.

B. The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.

C. The SOAP protocol can be easily tampered with, even though the header is encrypted.

D. The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.

Two universities are making their 802.11n wireless networks available to the other university's students. The infrastructure will pass the student's credentials back to the home school for authentication via the Internet.

The requirements are:

Mutual authentication of clients and authentication server

The design should not limit connection speeds

Authentication must be delegated to the home school No passwords should be sent unencrypted

The following design was implemented:

WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security

RADIUS proxy servers will be used to forward authentication requests to the home school

The RADIUS servers will have certificates from a common public certificate authority

A strong shared secret will be used for RADIUS server authentication

Which of the following security considerations should be added to the design?

A. The transport layer between the RADIUS servers should be secured

B. WPA Enterprise should be used to decrease the network overhead

C. The RADIUS servers should have local accounts for the visiting students

D. Students should be given certificates to use for authentication to the network