EnsurePass
2018 Jan CompTIA Official New Released RC0-C02
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/RC0-C02.html

CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education

Question No: 61 – (Topic 1)

In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end- to-end?

  1. Creation and secure destruction of mail accounts, emails, and calendar items

  2. Information classification, vendor selection, and the RFP process

  3. Data provisioning, processing, in transit, at rest, and de-provisioning

  4. Securing virtual environments, appliances, and equipment that handle email

Answer: C

Question No: 62 – (Topic 1)

An administrator is tasked with securing several website domains on a web server. The administrator elects to secure www.example.com, mail.example.org, archive.example.com, and www.example.org with the same certificate. Which of the following would allow the administrator to secure those domains with a single issued certificate?

  1. Intermediate Root Certificate

  2. Wildcard Certificate

  3. EV x509 Certificate

  4. Subject Alternative Names Certificate

Answer: D Explanation:

Subject Alternative Names let you protect multiple host names with a single SSL certificate. Subject Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.

When you order the certificate, you will specify one fully qualified domain name in the common name field. You can then add other names in the Subject Alternative Names field.

Question No: 63 – (Topic 1)

A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement?

  1. SAN

  2. NAS

  3. Virtual SAN

  4. Virtual storage

Answer: B Explanation:

A NAS is an inexpensive storage solution suitable for small offices. Individual files can be encrypted by using the EFS (Encrypted File System) functionality provided by the NTFS file system.

NAS typically uses a common Ethernet network and can provide storage services to any authorized devices on that network.

Two primary NAS protocols are used in most environments. The choice of protocol depends largely on the type of computer or server connecting to the storage. Network File System (NFS) protocol usually used by servers to access storage in a NAS environment. Common Internet File System (CIFS), also sometimes called Server Message Block (SMB), is usually used for desktops, especially those running Microsoft Windows.

Unlike DAS and SAN, NAS is a file-level storage technology. This means the NAS appliance maintains and controls the files, folder structures, permission, and attributes of the data it holds. A typical NAS deployment integrates the NAS appliance with a user database, such as Active Directory, so file permissions can be assigned based on established users and groups. With Active Directory integration, most Windows New Technology File System (NTFS) permissions can be set on the files contained on a NAS device.

Question No: 64 – (Topic 1)

A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?

  1. Encryption of each individual partition

  2. Encryption of the SSD at the file level

  3. FDE of each logical volume on the SSD

  4. FDE of the entire SSD as a single disk

Answer: A Explanation:

In this question, we have multiple operating system installations on a single disk. Some operating systems store their boot loader in the MBR of the disk. However, some operating systems install their boot loader outside the MBR especially when multiple operating

systems are installed. We need to encrypt as much data as possible but we cannot encrypt the boot loaders. This would prevent the operating systems from loading.

Therefore, the solution is to encrypt each individual partition separately.

Question No: 65 – (Topic 1)

A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?

  1. Refuse LM and only accept NTLMv2

  2. Accept only LM

  3. Refuse NTLMv2 and accept LM

  4. Accept only NTLM

Answer: A Explanation:

In a Windows network, NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN or LM), an older Microsoft product, and attempts to provide backwards compatibility with LANMAN. NTLM version 2 (NTLMv2), which was introduced in Windows NT 4.0 SP4 (and natively supported in Windows 2000), enhances NTLM security by hardening the protocol against many spoofing attacks, and adding the ability for a server to authenticate to the client.

This question states that the security authentication on the Windows domain is set to the highest level. This will be NTLMv2. Therefore, the answer to the question is to allow NTLMv2 which will enable the Windows users to connect to the UNIX server. To improve security, we should disable the old and insecure LM protocol as it is not used by the Windows computers.

Question No: 66 – (Topic 1)

A security administrator is shown the following log excerpt from a Unix system:

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port

37914 ssh2

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port

37915 ssh2

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port

37916 ssh2

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port

37918 ssh2

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port

37920 ssh2

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port

37924 ssh2

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

  1. An authorized administrator has logged into the root account remotely.

  2. The administrator should disable remote root logins.

  3. Isolate the system immediately and begin forensic analysis on the host.

  4. A remote attacker has compromised the root account using a buffer overflow in sshd.

  5. A remote attacker has guessed the root password using a dictionary attack.

  6. Use iptables to immediately DROP connections from the IP 198.51.100.23.

  7. A remote attacker has compromised the private key of the root account.

  8. Change the root password immediately to a password not found in a dictionary.

Answer: C,E Explanation:

The log shows six attempts to log in to a system. The first five attempts failed due to ‘failed password’. The sixth attempt was a successful login. Therefore, the MOST likely explanation of what is occurring is that a remote attacker has guessed the root password using a dictionary attack.

The BEST immediate response is to isolate the system immediately and begin forensic analysis on the host. You should isolate the system to prevent any further access to it and prevent it from doing any damage to other systems on the network. You should perform a forensic analysis on the system to determine what the attacker did on the system after gaining access.

Question No: 67 – (Topic 1)

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:

POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json

{

“account”: [

{ “creditAccount”:”Credit Card Rewards account”}

{ “salesLeadRef”:”www.example.com/badcontent/exploitme.exe”}

],

“customer”: [

{ “name”:”Joe Citizen”}

{ “custRef”:”3153151″}

]

}

The banking website responds with: HTTP/1.1 200 OK

{

“newAccountDetails”: [

{ “cardNumber”:”1234123412341234″}

{ “cardExpiry”:”2020-12-31″}

{ “cardCVV”:”909″}

],

“marketingCookieTracker”:”JSESSIONID=000000001″

“returnCode”:”Account added successfully”

}

Which of the following are security weaknesses in this example? (Select TWO).

  1. Missing input validation on some fields

  2. Vulnerable to SQL injection

  3. Sensitive details communicated in clear-text

  4. Vulnerable to XSS

  5. Vulnerable to malware file uploads

  6. JSON/REST is not as secure as XML

Answer: A,C Explanation:

The SalesLeadRef field has no input validation. The penetration tester should not be able to enter “www.example.com/badcontent/exploitme.exe” in this field.

The credit card numbers are communicated in clear text which makes it vulnerable to an attacker. This kind of information should be encrypted.

Question No: 68 – (Topic 1)

The Chief Technology Officer (CTO) has decided that servers in the company datacenter should be virtualized to conserve physical space. The risk assurance officer is concerned that the project team in charge of virtualizing servers plans to co-mingle many guest operating systems with different security requirements to speed up the rollout and reduce the number of host operating systems or hypervisors required. Which of the following BEST describes the risk assurance officer’s concerns?

  1. Co-mingling guest operating system with different security requirements allows guest OS privilege elevation to occur within the guest OS via shared memory allocation with the host OS.

  2. Co-mingling of guest operating systems with different security requirements increases the risk of data loss if the hypervisor fails.

  3. A weakly protected guest OS combined with a host OS exploit increases the chance of a successful VMEscape attack being executed, compromising the hypervisor and other guest OS.

  4. A weakly protected host OS will allow the hypervisor to become corrupted resulting in data throughput performance issues.

Answer: C

Question No: 69 – (Topic 1)

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following:

90.76.165.40 – – [08/Mar/2014:10:54:04] “GET calendar.php?create table hidden HTTP/1.1” 200 5724

90.76.165.40 – – [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200

5724

90.76.165.40 – – [08/Mar/2014:10:54:04] “GET index.php?user=lt;scriptgt;Createlt;/scriptgt; HTTP/1.1” 200 5724

The security administrator also inspects the following file system locations on the database server using the command ‘ls -al /root’

drwxrwxrwx 11 root root 4096 Sep 28 22:45 .

drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..

-rws— 25 root root 4096 Mar 8 09:30 .bash_history

-rw—- 25 root root 4096 Mar 8 09:30 .bash_history

-rw—- 25 root root 4096 Mar 8 09:30 .profile

-rw—- 25 root root 4096 Mar 8 09:30 .ssh

Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).

  1. Privilege escalation

  2. Brute force attack

  3. SQL injection

  4. Cross-site scripting

  5. Using input validation, ensure the following characters are sanitized: lt;gt;

  6. Update crontab with: find / \( -perm -4000 \) -type f -print0 | xargs -0 ls -l | email.sh

  7. Implement the following PHP directive: $clean_user_input = addslashes($user_input)

  8. Set an account lockout policy

Answer: A,F Explanation:

This is an example of privilege escalation.

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

The question states that the web server communicates with the database server via an account with SELECT only privileges. However, the privileges listed include read, write and execute (rwx). This suggests the privileges have been ‘escalated’.

Now that we know the system has been attacked, we should investigate what was done to the system.

The command “Update crontab with: find / \( -perm -4000 \) -type f -print0 | xargs -0 ls -l | email.sh” is used to find all the files that are setuid enabled. Setuid means set user ID upon execution. If the setuid bit is turned on for a file, the user executing that executable file gets the permissions of the individual or group that owns the file.

Topic 2, Risk Management and Incident Response

Question No: 70 – (Topic 2)

An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?

  1. Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need.

  2. Implement controls based on the system needs. Perform a risk analysis of the system. For any remaining risks, perform continuous monitoring.

  3. Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis. Decide on which security controls to implement.

  4. Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture.

Answer: C

100% Free Download!
Download Free Demo:RC0-C02 Demo PDF
100% Pass Guaranteed!
Download 2018 EnsurePass RC0-C02 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2018 EnsurePass IT Certification PDF and VCE