[Free] 2018(June) Dumps4cert CompTIA RC0-C02 Dumps with VCE and PDF Download 131-140

By | July 9, 2018

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 131 – (Topic 2)

The Chief Executive Officer (CEO) has decided to outsource systems which are not core business functions; however, a recent review by Ann, the risk officer, has indicated that core business functions are dependent on the outsourced systems. Ann has requested that the IT department calculates the priority of restoration for all systems and applications under the new business model. Which of the following is the BEST tool to achieve this?

  1. Business impact analysis

  2. Annualized loss expectancy analysis

  3. TCO analysis

  4. Residual risk and gap analysis

Answer: A

Question No: 132 – (Topic 2)

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

  1. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.

  2. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.

  3. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

  4. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

Answer: C Explanation:

Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.

Question No: 133 – (Topic 2)

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief

Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

  1. Business or technical justification for not implementing the requirements.

  2. Risks associated with the inability to implement the requirements.

  3. Industry best practices with respect to the technical implementation of the current controls.

  4. All sections of the policy that may justify non-implementation of the requirements.

  5. A revised DRP and COOP plan to the exception form.

  6. Internal procedures that may justify a budget submission to implement the new requirement.

  7. Current and planned controls to mitigate the risks.

Answer: A,B,G Explanation:

The Exception Request must include: A description of the non-compliance.

The anticipated length of non-compliance (2-year maximum).

The proposed assessment of risk associated with non-compliance.

The proposed plan for managing the risk associated with non-compliance.

The proposed metrics for evaluating the success of risk management (if risk is significant). The proposed review date to evaluate progress toward compliance.

An endorsement of the request by the appropriate Information Trustee (VP or Dean).

Question No: 134 – (Topic 2)

An organization determined that each of its remote sales representatives must use a smartphone for email access. The organization provides the same centrally manageable model to each person. Which of the following mechanisms BEST protects the confidentiality of the resident data?

  1. Require dual factor authentication when connecting to the organization’s email server.

  2. Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks.

  3. Require encrypted communications when connecting to the organization’s email server.

  4. Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs.

Answer: D

Question No: 135 – (Topic 2)

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the company’s internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following recommendations should be implemented to keep the device from posing a security risk to the company?

  1. A corporate policy to prevent sensitive information from residing on a mobile device and anti-virus software.

  2. Encryption of the non-volatile memory and a corporate policy to prevent sensitive information from residing on a mobile device.

  3. Encryption of the non-volatile memory and a password or PIN to access the device.

  4. A password or PIN to access the device and a corporate policy to prevent sensitive information from residing on a mobile device.

Answer: C

Question No: 136 – (Topic 2)

Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger states the merged systems should meet these goals:

-Ability to customize systems per department

-Quick implementation along with an immediate ROI

-The internal IT team having administrative level control over all products

The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services. Which of the following solutions BEST solves the disagreement?

  1. Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services.

  2. Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.

  3. Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals.

  4. Arrange a meeting between the project manager and the senior security administrator to

review the requirements and determine how critical all the requirements are.

Answer: B

Question No: 137 – (Topic 2)

The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO).

  1. Retrieve source system image from backup and run file comparison analysis on the two images.

  2. Parse all images to determine if extra data is hidden using steganography.

  3. Calculate a new hash and compare it with the previously captured image hash.

  4. Ask desktop support if any changes to the images were made.

  5. Check key system files to see if date/time stamp is in the past six months.

Answer: A,C Explanation:

Running a file comparison analysis on the two images will determine whether files have been changed, as well as what files were changed.

Hashing can be used to meet the goals of integrity and non-repudiation. One of its advantages of hashing is its ability to verify that information has remained unchanged. If the hash values are the same, then the images are the same. If the hash values differ, there is a difference between the two images.

Question No: 138 – (Topic 2)

Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?

  1. Data ownership on all files

  2. Data size on physical disks

  3. Data retention policies on only file servers

  4. Data recovery and storage

Answer: D

Question No: 139 – (Topic 2)

Joe, an administrator, is notified that contract workers will be onsite assisting with a new project. Joe wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?

  1. Interconnection Security Agreement

  2. Memorandum of Understanding

  3. Business Partnership Agreement

  4. Non-Disclosure Agreement

Answer: C

Question No: 140 – (Topic 2)

A company has implemented data retention policies and storage quotas in response to their legal department#39;s requests and the SAN administrator#39;s recommendation. The retention policy states all email data older than 90 days should be eliminated. As there are no technical controls in place, users have been instructed to stick to a storage quota of 500Mb of network storage and 200Mb of email storage. After being presented with an e- discovery request from an opposing legal council, the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of email spanning over two years. Which of the following should the security administrator provide to opposing council?

  1. Delete files and email exceeding policy thresholds and turn over the remaining files and email.

  2. Delete email over the policy threshold and hand over the remaining emails and all of the files.

  3. Provide the 1Tb of files on the network and the 300Mb of email files regardless of age.

  4. Provide the first 200Mb of e-mail and the first 500Mb of files as per policy.

Answer: C

100% Dumps4cert Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Dumps4cert Pass Guaranteed!
RC0-C02 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.