[Free] 2018(May) EnsurePass Testinsides CompTIA RC0-C02 Dumps with VCE and PDF 141-150

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 141 – (Topic 2)

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:

Employee A: Works in the accounts receivable office and is in charge of entering data into the finance system.

Employee B: Works in the accounts payable office and is in charge of approving purchase orders.

Employee C: Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.

Which of the following should the auditor suggest be done to avoid future security breaches?

  1. All employees should have the same access level to be able to check on each others.

  2. The manager should only be able to review the data and approve purchase orders.

  3. Employee A and Employee B should rotate jobs at a set interval and cross-train.

  4. The manager should be able to both enter and approve information.

Answer: B

Question No: 142 – (Topic 2)

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

  1. Change the IDS to use a heuristic anomaly filter.

  2. Adjust IDS filters to decrease the number of false positives.

  3. Change the IDS filter to data mine the false positives for statistical trending data.

  4. Adjust IDS filters to increase the number of false negatives.

Answer: B

Topic 3, Research and Analysis

Question No: 143 – (Topic 3)

A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions. Which of the following should the analyst provide to the ISO to support the request? (Select TWO).

  1. Emerging threat reports

  2. Company attack trends

  3. Request for Quote (RFQ)

  4. Best practices

  5. New technologies report

Answer: A,B

Question No: 144 – (Topic 3)

News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?

  1. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.

  2. Implement an application whitelist at all levels of the organization.

  3. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.

  4. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.

Answer: B Explanation:

In essence a whitelist screening will ensure that only acceptable applications are passed / or granted access.

Question No: 145 – (Topic 3)

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE?

A. $6,000

B. $24,000

C. $30,000

D. $96,000

Answer: A Explanation:

Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF)

SLE = AV x EF = $120 000 x 20% = $ 24,000 (this is over 4 years) Thus ALE = $ 24,000 / 4 = $ 6,000

References: http://www.financeformulas.net/Return_on_Investment.html https://en.wikipedia.org/wiki/Risk_assessment

Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide), 5th Edition, Project Management Institute, Inc., Newtown Square, 2013, p. 198

McMillan, Troy and Robin Abernathy, CompTIA Advanced Security Practitioner (CASP) CAS-002 Cert Guide, Pearson Education, Indianapolis, 2015, p. 305

Question No: 146 – (Topic 3)

New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

  1. Establish an emergency response call tree.

  2. Create an inventory of applications.

  3. Backup the router and firewall configurations.

  4. Maintain a list of critical systems.

  5. Update all network diagrams.

Answer: B,D

Question No: 147 – (Topic 3)

Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses,

even when the devices are centrally managed.

en1: flags=8863lt;UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICASTgt; mtu 1500

ether f8:1e:af:ab:10:a3

inet6 fw80::fa1e:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf

inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=1lt;PERFORMNUDgt;

media: autoselect status: active

Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).

  1. The devices use EUI-64 format

  2. The routers implement NDP

  3. The network implements 6to4 tunneling

  4. The router IPv6 advertisement has been disabled

  5. The administrator must disable IPv6 tunneling

  6. The administrator must disable the mobile IPv6 router flag

  7. The administrator must disable the IPv6 privacy extensions

  8. The administrator must disable DHCPv6 option code 1

Answer: B,G Explanation:

IPv6 makes use of the Neighbor Discovery Protocol (NDP). Thus if your routers implement NDP you will be able to map users with IPv6 addresses. However to be able to positively map users with IPv6 addresses you will need to disable IPv6 privacy extensions.

Question No: 148 – (Topic 3)

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information

security news?

  1. Update company policies and procedures

  2. Subscribe to security mailing lists

  3. Implement security awareness training

  4. Ensure that the organization vulnerability management plan is up-to-date

Answer: B Explanation:

Subscribing to bug and vulnerability, security mailing lists is a good way of staying abreast and keeping up to date with the latest in those fields.

Question No: 149 – (Topic 3)

An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems?

  1. Use the pass the hash technique

  2. Use rainbow tables to crack the passwords

  3. Use the existing access to change the password

  4. Use social engineering to obtain the actual password

Answer: A Explanation:

With passing the hash you can grab NTLM credentials and you can manipulate the Windows logon sessions maintained by the LSA component. This will allow you to operate as an administrative user and not impact the integrity of any of the systems when running your tests.

Question No: 150 – (Topic 3)

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

  1. PING

  2. NESSUS

  3. NSLOOKUP

  4. NMAP

Answer: D Explanation:

NMAP works as a port scanner and is used to check if the DNS server is listening on port 53.

100% Ensurepass Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass RC0-C02 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.