RC0-C02 exam

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has...

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?A . The malware file's modify, access, change time properties.B . The...

A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory...

In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which...

A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following...

A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?A . Commercially available software packages are typically well known and widely available. Information concerning vulnerabilities and viable attack patterns...

A company that must comply with regulations is searching for a laptop encryption product to use for its 40,000 end points. The product must meet regulations but also be flexible enough to minimize overhead and support in regards to password resets and lockouts. Which of the following implementations would BEST...

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request: POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json { "account": { "creditAccount":"Credit Card Rewards account"} { "salesLeadRef":"www.example.com/badcontent/exploitme.exe"} ], "customer": { "name":"Joe Citizen"} { "custRef":"3153151"} Questions & Answers PDF } The banking website responds with: HTIP/1.1...

Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).A . Synchronous copy of dataB . RAID configurationC . Data de-duplicationD . Storage pool space allocationE . Port scanningF . LUN masking/mappingG . Port mappingView AnswerAnswer: F, G Explanation: A logical unit number (LUN)...

A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?A . LUN maskingB . Data injectionC . Data fragmentationD . Moving the H BAView AnswerAnswer: D