Latest Certified Success Dumps Download

RC0-C02 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Pass4sure CompTIA RC0-C02 Dumps with VCE and PDF 171-180

September 19, 2017

2017 Sep CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 171 – (Topic 3)

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe#39;s concerns?

  1. Ensure web services hosting the event use TCP cookies and deny_hosts.

  2. Configure an intrusion prevention system that blocks IPs after detecting too many

    incomplete sessions.

  3. Contract and configure scrubbing services with third-party DDoS mitigation providers.

  4. Purchase additional bandwidth from the company’s Internet service provider.

Answer: C Explanation:

Scrubbing is an excellent way of dealing with this type of situation where the company wants to stay connected no matter what during the one-time high profile event. It involves deploying a multi-layered security approach backed by extensive threat research to defend against a variety of attacks with a guarantee of always-on.

Question No: 172 – (Topic 3)

A network administrator with a company’s NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company’s physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company’s network or information systems from within? (Select TWO).

  1. RAS

  2. Vulnerability scanner

  3. HTTP intercept

  4. HIDS

  5. Port scanner

  6. Protocol analyzer

Answer: D,F Explanation:

A protocol analyzer can be used to capture and analyze signals and data traffic over a communication channel which makes it ideal for use to assess a company’s network from within under the circumstances.

HIDS is used as an intrusion detection system that can monitor and analyze the internal company network especially the dynamic behavior and the state of the computer systems; behavior such as network packets targeted at that specific host, which programs accesses what resources etc.

Question No: 173 – (Topic 3)

An administrator believes that the web servers are being flooded with excessive traffic from time to time. The administrator suspects that these traffic floods correspond to when a competitor makes major announcements. Which of the following should the administrator do to prove this theory?

  1. Implement data analytics to try and correlate the occurrence times.

  2. Implement a honey pot to capture traffic during the next attack.

  3. Configure the servers for high availability to handle the additional bandwidth.

  4. Log all traffic coming from the competitor#39;s public IP addresses.

Answer: A Explanation:

There is a time aspect to the traffic flood and if you correlate the data analytics with the times that the incidents happened, you will be able to prove the theory.

Question No: 174 – (Topic 3)

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

  1. The tool could show that input validation was only enabled on the client side

  2. The tool could enumerate backend SQL database table and column names

  3. The tool could force HTTP methods such as DELETE that the server has denied

  4. The tool could fuzz the application to determine where memory leaks occur

Answer: A Explanation:

A HTTP Interceptor is a program that is used to assess and analyze web traffic thus it can be used to indicate that input validation was only enabled on the client side.

Question No: 175 – (Topic 3)

A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been received:

Vendor A: product-based solution which can be purchased by the pharmaceutical company.

Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are expected to be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year.

Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company’s needs.

Bundled offering expected to be $100,000 per year.

Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.

Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following options is MOST accurate?

  1. Based on cost alone, having an outsourced solution appears cheaper.

  2. Based on cost alone, having an outsourced solution appears to be more expensive.

  3. Based on cost alone, both outsourced an in-sourced solutions appear to be the same.

  4. Based on cost alone, having a purchased product solution appears cheaper.

Answer: A Explanation:

The costs of making use of an outsources solution will actually be a savings for the company thus the outsourced solution is a cheaper option over a 5 year period because it amounts to 0,5 FTE per year for the company and at present the company expense if

$80,000 per year per FTE.

For the company to go alone it will cost $80,000 per annum per FTE = $400,000 over 5 years.

With Vendor a $150,000 $200,000 (陆 FTE) = $350,000 With Vendor B = $100,000 it will be more expensive.


Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John Wiley amp; Sons, Indianapolis, 2012, p. 130

Question No: 176 – (Topic 3)

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:

user@hostname:~$ sudo nmap -O

Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:

TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778

Based on this information, which of the following operating systems is MOST likely running on the unknown node?

  1. Linux

  2. Windows

  3. Solaris

  4. OSX

Answer: C Explanation:

TCP/22 is used for SSH; TCP/111 is used for Sun RPC; TCP/512-514 is used by CMD like exec, but automatic authentication is performed as with a login server, etc. These are all ports that are used when making use of the Sun Solaris operating system.

Question No: 177 – (Topic 3)

Joe is a security architect who is tasked with choosing a new NIPS platform that has the

ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome?

  1. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation.

  2. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased.

  3. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved.

  4. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data.

  5. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product.

Answer: A Explanation:

A request for a Proposal (RFP) is in essence an invitation that you present to vendors asking them to submit proposals on a specific commodity or service. This should be evaluated, then the product should be tested and then a product recommendation can be made to achieve the desired outcome.

Question No: 178 – (Topic 3)

Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test?

  1. Test password complexity of all login fields and input validation of form fields

  2. Reverse engineering any thick client software that has been provided for the test

  3. Undertaking network-based denial of service attacks in production environment

  4. Attempting to perform blind SQL injection and reflected cross-site scripting attacks

  5. Running a vulnerability scanning tool to assess network and host weaknesses

Answer: C Explanation:

Penetration testing is done to look at a network in an adversarial fashion with the aim of looking at what an attacker will use. Penetration testing is done without malice and undertaking a network-based denial of service attack in the production environment is as such ‘OUT OF SCOPE’.

Question No: 179 – (Topic 3)

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

  1. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.

  2. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.

  3. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.

  4. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

Answer: D Explanation:

Good preventive security practices are a must. These include installing and keeping firewall policies carefully matched to business and application needs, keeping antivirus software updated, blocking potentially harmful file attachments and keeping all systems patched against known vulnerabilities. Vulnerability scans are a good means of measuring the effectiveness of preventive procedures. Real-time protection: Deploy inline intrusion- prevention systems (IPS) that offer comprehensive protection. When considering an IPS, seek the following capabilities: network-level protection, application integrity checking, application protocol Request for Comment (RFC) validation, content validation and forensics capability. In this case it would be behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed.

Question No: 180 – (Topic 3)

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network.

Vendors were authenticating directly to the retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN’s no other security action was taken.

To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

  1. Residual Risk calculation

  2. A cost/benefit analysis

  3. Quantitative Risk Analysis

  4. Qualitative Risk Analysis

Answer: C Explanation:

Performing quantitative risk analysis focuses on assessing the probability of risk with a metric measurement which is usually a numerical value based on money or time.

100% Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass RC0-C02 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE