CompTIA RC0-C02 - CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education Exam
Page: 1 / 62
Total 308 questions
Question #1 (Topic: Topic 1)
A multi-national company has a highly mobile workforce and minimal IT infrastructure. The
company utilizes a BYOD and social media policy to integrate presence technology into
global collaboration tools by individuals and teams. As a result of the dispersed employees
and frequent international travel, the company is concerned about the safety of employees
and their families when moving in and out of certain countries. Which of the following could
the company view as a downside of using presence technology?
company utilizes a BYOD and social media policy to integrate presence technology into
global collaboration tools by individuals and teams. As a result of the dispersed employees
and frequent international travel, the company is concerned about the safety of employees
and their families when moving in and out of certain countries. Which of the following could
the company view as a downside of using presence technology?
A. Insider threat
B. Network reconnaissance
C. Physical security
D. Industrial espionage
Answer: C
Question #2 (Topic: Topic 1)
An organization is concerned with potential data loss in the event of a disaster, and created
a backup datacenter as a mitigation strategy. The current storage method is a single NAS
used by all servers in both datacenters. Which of the following options increases data
availability in the event of a datacenter failure?
a backup datacenter as a mitigation strategy. The current storage method is a single NAS
used by all servers in both datacenters. Which of the following options increases data
availability in the event of a datacenter failure?
A. Replicate NAS changes to the tape backups at the other datacenter.
B. Ensure each server has two HBAs connected through two routes to the NAS.
C. Establish deduplication across diverse storage paths.
D. Establish a SAN that replicates between datacenters.
Answer: D
Question #3 (Topic: Topic 1)
Company ABCs SAN is nearing capacity, and will cause costly downtimes if servers run
out disk space. Which of the following is a more cost effective alternative to buying a new
SAN?
out disk space. Which of the following is a more cost effective alternative to buying a new
SAN?
A. Enable multipath to increase availability
B. Enable deduplication on the storage pools
C. Implement snapshots to reduce virtual disk size
D. Implement replication to offsite datacenter
Answer: B
Question #4 (Topic: Topic 1)
A developer has implemented a piece of client-side JavaScript code to sanitize a users
provided input to a web page login screen. The code ensures that only the upper case and
lower case letters are entered in the username field, and that only a 6-digit PIN is entered
in the password field. A security administrator is concerned with the following web server
log:
10.235.62.11 - [02/Mar/2014:06:13:04] GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1 200 5724
Given this log, which of the following is the security administrator concerned with and which
fix should be implemented by the developer?
provided input to a web page login screen. The code ensures that only the upper case and
lower case letters are entered in the username field, and that only a 6-digit PIN is entered
in the password field. A security administrator is concerned with the following web server
log:
10.235.62.11 - [02/Mar/2014:06:13:04] GET
/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1 200 5724
Given this log, which of the following is the security administrator concerned with and which
fix should be implemented by the developer?
A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.
Answer: C
Question #5 (Topic: Topic 1)
The Chief Information Security Officer (CISO) at a large organization has been reviewing
some security-related incidents at the organization and comparing them to current industry
trends. The desktop security engineer feels that the use of USB storage devices on office
computers has contributed to the frequency of security incidents. The CISO knows the
acceptable use policy prohibits the use of USB storage devices. Every user receives a
popup warning about this policy upon login. The SIEM system produces a report of USB
violations on a monthly basis; yet violations continue to occur.
Which of the following preventative controls would MOST effectively mitigate the logical
risks associated with the use of USB storage devices?
some security-related incidents at the organization and comparing them to current industry
trends. The desktop security engineer feels that the use of USB storage devices on office
computers has contributed to the frequency of security incidents. The CISO knows the
acceptable use policy prohibits the use of USB storage devices. Every user receives a
popup warning about this policy upon login. The SIEM system produces a report of USB
violations on a monthly basis; yet violations continue to occur.
Which of the following preventative controls would MOST effectively mitigate the logical
risks associated with the use of USB storage devices?
A. Revise the corporate policy to include possible termination as a result of violations
B. Increase the frequency and distribution of the USB violations report
C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
D. Implement group policy objects
Answer: D
