CompTIA RC0-C02 - CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education Exam

Page:    1 / 62   
Total 308 questions

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?

  • A. Insider threat
  • B. Network reconnaissance
  • C. Physical security
  • D. Industrial espionage


Answer : C

Explanation:
If all company users worked in the same office with one corporate network and using company supplied laptops, then it is easy to implement all sorts of physical security controls. Examples of physical security include intrusion detection systems, fire protection systems, surveillance cameras or simply a lock on the office door.
However, in this question we have dispersed employees using their own devices and frequently traveling internationally. This makes it extremely difficult to implement any kind of physical security.
Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.

An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?

  • A. Replicate NAS changes to the tape backups at the other datacenter.
  • B. Ensure each server has two HBAs connected through two routes to the NAS.
  • C. Establish deduplication across diverse storage paths.
  • D. Establish a SAN that replicates between datacenters.


Answer : D

Explanation:
A SAN is a Storage Area Network. It is an alternative to NAS storage. SAN replication is a technology that replicates the data on one SAN to another SAN; in this case, it would replicate the data to a SAN in the backup datacenter. In the event of a disaster, the SAN in the backup datacenter would contain all the data on the original SAN.
Array-based replication is an approach to data backup in which compatible storage arrays use built-in software to automatically copy data from one storage array to another. Array- based replication software runs on one or more storage controllers resident in disk storage systems, synchronously or asynchronously replicating data between similar storage array models at the logical unit number (LUN) or volume block level. The term can refer to the creation of local copies of data within the same array as the source data, as well as the creation of remote copies in an array situated off site.

Company ABCs SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new
SAN?

  • A. Enable multipath to increase availability
  • B. Enable deduplication on the storage pools
  • C. Implement snapshots to reduce virtual disk size
  • D. Implement replication to offsite datacenter


Answer : B

Explanation:
Storage-based data deduplication reduces the amount of storage needed for a given set of files. It is most effective in applications where many copies of very similar or even identical data are stored on a single disk.
It is common for multiple copies of files to exist on a SAN. By eliminating (deduplicating) repeated copies of the files, we can reduce the disk space used on the existing SAN. This solution is a cost effective alternative to buying a new SAN.

A developer has implemented a piece of client-side JavaScript code to sanitize a users provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:
10.235.62.11 - [02/Mar/2014:06:13:04] GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1 200 5724
Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

  • A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
  • B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
  • C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
  • D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.


Answer : C

Explanation:
The code in the question is an example of a SQL Injection attack. The code 1=1 will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.
In this question, the administrator has implemented client-side input validation. Client-side validation can be bypassed. It is much more difficult to bypass server-side input validation.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur.
Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

  • A. Revise the corporate policy to include possible termination as a result of violations
  • B. Increase the frequency and distribution of the USB violations report
  • C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
  • D. Implement group policy objects


Answer : D

Explanation:
A Group Policy Object (GPO) can apply a common group of settings to all computers in
Windows domain.
One GPO setting under the Removable Storage Access node is: All removable storage classes: Deny all access.
This setting can be applied to all computers in the network and will disable all USB storage devices on the computers.

Page:    1 / 62   
Total 308 questions