RC0-C02 Online Practice Questions and Answers

The organization has an IT driver on cloud computing to improve delivery times for IT solution provisioning. Separate to this initiative, a business case has been approved for replacing the existing banking platform for credit card processing with a newer offering. It is the security practitioner's responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing?

A. A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure.

B. Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organization's strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the company's internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform.

C. There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward.

D. Cloud computing should rarely be considered an option for any processes that need to be significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure.

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE).

A. Establish a list of users that must work with each regulation

B. Establish a list of devices that must meet each regulation

C. Centralize management of all devices on the network

D. Compartmentalize the network

E. Establish a company framework

F. Apply technical controls to meet compliance with the regulation

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC.

Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO).

A. Static and dynamic analysis is run as part of integration

B. Security standards and training is performed as part of the project

C. Daily stand-up meetings are held to ensure security requirements are understood

D. For each major iteration penetration testing is performed

E. Security requirements are story boarded and make it into the build

F. A security design is performed at the end of the requirements phase

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).

A. Use AES in Electronic Codebook mode

B. Use RC4 in Cipher Block Chaining mode

C. Use RC4 with Fixed IV generation

D. Use AES with cipher text padding

E. Use RC4 with a nonce generated IV

F. Use AES in Counter mode

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

A. The malware file's modify, access, change time properties.

B. The timeline analysis of the file system.

C. The time stamp of the malware in the swap file.

D. The date/time stamp of the malware detection in the antivirus logs.

It has come to the IT administrator's attention that the "post your comment" field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the "post your comment" field from being exploited?

A. Update the blog page to HTTPS

B. Filter metacharacters

C. Install HIDS on the server

D. Patch the web application

E. Perform client side input validation

An administrator believes that the web servers are being flooded with excessive traffic from time to time. The administrator suspects that these traffic floods correspond to when a competitor makes major announcements. Which of the following should the administrator do to prove this theory?

A. Implement data analytics to try and correlate the occurrence times.

B. Implement a honey pot to capture traffic during the next attack.

C. Configure the servers for high availability to handle the additional bandwidth.

D. Log all traffic coming from the competitor's public IP addresses.

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?

A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.

B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.

C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.

D. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be introduced into hospitals within the next 12 months. In order to ensure a competitor does not become aware, management at the medical device manufacturer has decided to keep it secret until formal contracts are signed. Which of the following documents is MOST likely to contain a description of the initial terms and arrangement and is not legally enforceable?

A. OLA

B. BPA

C. SLA

D. SOA

E. MOU

A corporation has Research and Development (RandD) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?

A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.

B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.

C. Put both departments behind the firewall and incorporate restrictive controls on each department's network.

D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?

A. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.

B. Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.

C. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.

D. Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.

E. Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.

A recently hired security administrator is advising developers about the secure integration of a legacy in-house application with a new cloud based processing system. The systems must exchange large amounts of fixed format data such as names, addresses, and phone numbers, as well as occasional chunks of data in unpredictable formats. The developers want to construct a new data format and create custom tools to parse and process the data. The security administrator instead suggests that the developers:

A. Create a custom standard to define the data.

B. Use well formed standard compliant XML and strict schemas.

C. Only document the data format in the parsing application code.

D. Implement a de facto corporate standard for all analyzed data.

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

A. Configure a firewall with deep packet inspection that restricts traffic to the systems

B. Configure a separate zone for the systems and restrict access to known ports

C. Configure the systems to ensure only necessary applications are able to run

D. Configure the host firewall to ensure only the necessary applications have listening ports

A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration?

A. Virtualize the web servers locally to add capacity during registration.

B. Move the database servers to an elastic private cloud while keeping the web servers local.

C. Move the database servers and web servers to an elastic private cloud.

D. Move the web servers to an elastic public cloud while keeping the database servers local.

A port in a fibre channel switch failed, causing a costly downtime on the company's primary website. Which of the following is the MOST likely cause of the downtime?

A. The web server iSCSI initiator was down.

B. The web server was not multipathed.

C. The SAN snapshots were not up-to-date.

D. The SAN replication to the backup site failed.