Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
RC0-C02 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Pass4sure CompTIA RC0-C02 Dumps with VCE and PDF 91-100

September 19, 2017

EnsurePass
2017 Sep CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/RC0-C02.html

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 91 – (Topic 2)

In a situation where data is to be recovered from an attacker’s location, which of the following are the FIRST things to capture? (Select TWO).

  1. Removable media

  2. Passwords written on scrap paper

  3. Snapshots of data on the monitor

  4. Documents on the printer

  5. Volatile system memory

  6. System hard drive

Answer: C,E Explanation:

An exact copy of the attacker’s system must be captured for further investigation so that the original data can remain unchanged. An analyst will then start the process of capturing data from the most volatile to the least volatile.

The order of volatility from most volatile to least volatile is as follows:

Data in RAM, including CPU cache and recently used data and applications

Data in RAM, including system and network processes

Swap files (also known as paging files) stored on local disk drives Data stored on local disk drives

Logs stored on remote systems Archive media

Question No: 92 – (Topic 2)

A security manager for a service provider has approved two vendors for connections to the service provider backbone. One vendor will be providing authentication services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following business agreements is MOST relevant to the vendors and service provider’s relationship?

  1. Memorandum of Agreement

  2. Interconnection Security Agreement

  3. Non-Disclosure Agreement

  4. Operating Level Agreement

Answer: B Explanation:

The Interconnection Security Agreement (ISA) is a document that identifies the requirements for connecting systems and networks and details what security controls are to be used to protect the systems and sensitive data.

Question No: 93 – (Topic 2)

A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?

  1. 1

  2. 2

  3. 3

  4. 5

Answer: D

Question No: 94 – (Topic 2)

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

  1. Avoid

  2. Accept

  3. Mitigate

  4. Transfer

Answer: C Explanation:

Mitigation means that a control is used to reduce the risk. In this case, the control is training.

Question No: 95 – (Topic 2)

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?

  1. Risk reduction, risk sharing, risk retention, and risk acceptance.

  2. Avoid, transfer, mitigate, and accept.

  3. Risk likelihood, asset value, and threat level.

  4. Calculate risk by determining technical likelihood and potential business impact.

Answer: B

Question No: 96 – (Topic 2)

An investigator wants to collect the most volatile data first in an incident to preserve the

data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow?

  1. File system information, swap files, network processes, system processes and raw disk blocks.

  2. Raw disk blocks, network processes, system processes, swap files and file system information.

  3. System processes, network processes, file system information, swap files and raw disk blocks.

  4. Raw disk blocks, swap files, network processes, system processes, and file system information.

Answer: C Explanation:

The order in which you should collect evidence is referred to as the Order of volatility. Generally, evidence should be collected from the most volatile to the least volatile. The order of volatility from most volatile to least volatile is as follows:

Data in RAM, including CPU cache and recently used data and applications Data in RAM, including system and network processes

Swap files (also known as paging files) stored on local disk drives Data stored on local disk drives

Logs stored on remote systems Archive media

Question No: 97 – (Topic 2)

A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO’s business decision?

  1. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.

  2. Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

  3. Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization’s flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.

  4. Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline and decrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

Answer: D

Question No: 98 – (Topic 2)

Which of the following provides the BEST risk calculation methodology?

  1. Annual Loss Expectancy (ALE) x Value of Asset

  2. Potential Loss x Event Probability x Control Failure Probability

  3. Impact x Threat x Vulnerability

  4. Risk Likelihood x Annual Loss Expectancy (ALE)

Answer: B Explanation:

Of the options given, the BEST risk calculation methodology would be Potential Loss x Event Probability x Control Failure Probability. This exam is about computer and data security so ‘loss’ caused by risk is not necessarily a monetary value.

For example:

Potential Loss could refer to the data lost in the event of a data storage failure. Event probability could be the risk a disk drive or drives failing.

Control Failure Probability could be the risk of the storage RAID not being able to handle the number of failed hard drives without losing data.

Question No: 99 – (Topic 2)

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?

  1. Background checks

  2. Job rotation

  3. Least privilege

  4. Employee termination procedures

Answer: B Explanation:

Job rotation can reduce fraud or misuse by preventing an individual from having too much control over an area.

Question No: 100 – (Topic 2)

The IT Security Analyst for a small organization is working on a customer’s system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?

  1. Contact the local authorities so an investigation can be started as quickly as possible.

  2. Shut down the production network interfaces on the server and change all of the DBMS account passwords.

  3. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed.

  4. Refer the issue to management for handling according to the incident response process.

Answer: D Explanation:

The database contains PII (personally identifiable information) so the natural response is to want to get the issue addressed as soon as possible. However, in this question we have an

IT Security Analyst working on a customer’s system. Therefore, this IT Security Analyst does not know what the customer’s incident response process is. In this case, the IT Security Analyst should refer the issue to company management so they can handle the issue (with your help if required) according to their incident response procedures.

100% Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass RC0-C02 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE