[Free] 2018(Aug) Ensurepass CompTIA RC0-C02 Dumps with VCE and PDF 211-220

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 211 – (Topic 4)

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

  1. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

  2. Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

  3. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

  4. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

Answer: D

Question No: 212 – (Topic 4)

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix:

DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY

———————————————————

FinancialHIGHHIGHLOW

Client nameMEDIUMMEDIUMHIGH Client addressLOWMEDIUMLOW

——————————————————— AGGREGATEMEDIUMMEDIUMMEDIUM

The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score?

  1. HIGH, MEDIUM, LOW

  2. MEDIUM, MEDIUM, LOW

  3. HIGH, HIGH, HIGH

  4. MEDIUM, MEDIUM, MEDIUM

Answer: C Explanation:

The aggregate is incorrectly calculated as the average classification in this output. An aggregate is the sum of all items.

As high is the highest level, and is present in all three categories, the aggregate should be high, high, high.

Question No: 213 – (Topic 4)

A firm’s Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product’s reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO’s requirements?

  1. Sign a MOU with a marketing firm to preserve the company reputation and use in-house resources for random testing.

  2. Sign a BPA with a small software consulting firm and use the firm to perform Black box testing and address all findings.

  3. Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and address all findings.

  4. Use the most qualified and senior developers on the project to perform a variety of White box testing and code reviews.

Answer: C Explanation:

Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.

Question No: 214 – (Topic 4)

An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened.

Which of the following would be a logical next step?

  1. Meet the two key VPs and request a signature on the original assessment.

  2. Include specific case studies from other organizations in an updated report.

  3. Schedule a meeting with key human resource application stakeholders.

  4. Craft an RFP to begin finding a new human resource application.

Answer: C Explanation:

You have submitted the report to senior management. It could be that the senior management are not that bothered about the HR application or they are just too busy to respond.

This question is asking for the logical next step. The next step should be to inform people that are interested in the HR application about your findings. To ensure that the key human resource application stakeholders fully understand the implications of your findings, you should arrange a face-to-face meeting to discuss your report.

Question No: 215 – (Topic 4)

A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?

  1. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.

  2. Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.

  3. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.

  4. Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.

  5. Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.

Answer: A

Question No: 216 – (Topic 4)

Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?

  1. Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.

  2. Introduce a peer review process that is mandatory before a document can be officially made final.

  3. Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.

  4. Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.

Answer: C

Question No: 217 – (Topic 4)

A team is established to create a secure connection between software packages in order to list employee#39;s remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

  1. Network Administrator, Database Administrator, Programmers

  2. Network Administrator, Emergency Response Team, Human Resources

  3. Finance Officer, Human Resources, Security Administrator

  4. Database Administrator, Facilities Manager, Physical Security Manager

Answer: C

Question No: 218 – (Topic 4)

An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?

  1. Back office database

  2. Asset tracking

  3. Geo-fencing

  4. Barcode scanner

Answer: C Explanation:

Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees#39; mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.

A secure container, in a mobile security context, is an authenticated and encrypted area of an employee#39;s device that separates sensitive corporate information from the owner#39;s personal data and apps.

The purpose of containerization is to prevent malware, intruders, system resources or other applications from interacting with the secured application and associated corporate data.

Secure data containers are third-party mobile apps. The container acts as a storage area that is authenticated and encrypted by software and governed by corporate IT security policies. Such apps let IT enforce security policies on the same sensitive business data across different devices, which is especially useful because native device security

capabilities vary.

As BYOD (bring your own device) and consumerization trends have grown, the challenges involved in protecting both corporate data and user privacy have also increased.

Containerization is one means of providing administrators with full control over corporate applications and data without affecting those of the user.

Question No: 219 – (Topic 4)

A company has decided to change its current business direction and refocus on core business. Consequently, several company sub-businesses are in the process of being sold-off. A security consultant has been engaged to advise on residual information security concerns with a de-merger. From a high-level perspective, which of the following BEST provides the procedure that the consultant should follow?

  1. Perform a penetration test for the current state of the company. Perform another penetration test after the de-merger. Identify the gaps between the two tests.

  2. Duplicate security-based assets should be sold off for commercial gain to ensure that the security posture of the company does not decline.

  3. Explain that security consultants are not trained to offer advice on company acquisitions or demergers. This needs to be handled by legal representatives well versed in corporate law.

  4. Identify the current state from a security viewpoint. Based on the demerger, assess what the security gaps will be from a physical, technical, DR, and policy/awareness perspective.

Answer: D Explanation:

When the businesses are sold off, the company will be losing buildings, infrastructure (including IT and security infrastructure) and staff.

From a security perspective, by selling off sections of IT infrastructure you will be losing capacity (network, servers, storage, security devices etc.) that could leave the remaining infrastructure vulnerable either to attacks or to hardware failure. Therefore, you need to plan and assess the impact that the reduced assets will have on the remainder of the company.

Question No: 220 – (Topic 4)

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

  1. Web cameras

  2. Email

  3. Instant messaging

  4. BYOD

  5. Desktop sharing

  6. Presence

Answer: C,E Explanation:

C: Instant messaging (IM) allows two-way communication in near real time, allowing users to collaborate, hold informal chat meetings, and share files and information. Some IM platforms have added encryption, central logging, and user access controls. This can be used to replace calls between the end-user and the helpdesk.

E: Desktop sharing allows a remote user access to another user’s desktop and has the ability to function as a remote system administration tool. This can allow the helpdesk to determine the cause of the problem on the end-users desktop.

100% Ensurepass Free Download!
RC0-C02 PDF
100% Ensurepass Free Guaranteed!
RC0-C02 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No