CompTIA RC0-C02 - CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education Exam
Page: 2 / 62
Total 308 questions
Question #6 (Topic: Topic 1)
Joe, a penetration tester, is tasked with testing the security robustness of the protocol
between a mobile web application and a RESTful application server. Which of the following
security tools would be required to assess the security between the mobile web application
and the RESTful application server? (Select TWO).
between a mobile web application and a RESTful application server. Which of the following
security tools would be required to assess the security between the mobile web application
and the RESTful application server? (Select TWO).
A. Jailbroken mobile device
B. Reconnaissance tools
C. Network enumerator
D. HTTP interceptor
E. Vulnerability scanner
F. Password cracker
Answer: D,E
Question #7 (Topic: Topic 1)
A security administrator has been asked to select a cryptographic algorithm to meet the
criteria of a new application. The application utilizes streaming video that can be viewed
both on computers and mobile devices. The application designers have asked that the
algorithm support the transport encryption with the lowest possible performance overhead.
Which of the following recommendations would BEST meet the needs of the application
designers? (Select TWO).
criteria of a new application. The application utilizes streaming video that can be viewed
both on computers and mobile devices. The application designers have asked that the
algorithm support the transport encryption with the lowest possible performance overhead.
Which of the following recommendations would BEST meet the needs of the application
designers? (Select TWO).
A. Use AES in Electronic Codebook mode
B. Use RC4 in Cipher Block Chaining mode
C. Use RC4 with Fixed IV generation
D. Use AES with cipher text padding
E. Use RC4 with a nonce generated IV
F. Use AES in Counter mode
Answer: E,F
Question #8 (Topic: Topic 1)
A pentester must attempt to crack passwords on a windows domain that enforces strong
complex passwords. Which of the following would crack the MOST passwords in the
shortest time period?
complex passwords. Which of the following would crack the MOST passwords in the
shortest time period?
A. Online password testing
B. Rainbow tables attack
C. Dictionary attack
D. Brute force attack
Answer: B
Question #9 (Topic: Topic 1)
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a
browser crashes the browser and then allows him to gain remote code execution in the
context of the victims privilege level. The browser crashes due to an exception error when
a heap memory that is unused is accessed. Which of the following BEST describes the
application issue?
browser crashes the browser and then allows him to gain remote code execution in the
context of the victims privilege level. The browser crashes due to an exception error when
a heap memory that is unused is accessed. Which of the following BEST describes the
application issue?
A. Integer overflow
B. Click-jacking
C. Race condition
D. SQL injection
E. Use after free
F. Input validation
Answer: E
Question #10 (Topic: Topic 1)
ABC Corporation has introduced token-based authentication to system administrators due
to the risk of password compromise. The tokens have a set of HMAC counter-based codes
and are valid until they are used. Which of the following types of authentication
mechanisms does this statement describe?
to the risk of password compromise. The tokens have a set of HMAC counter-based codes
and are valid until they are used. Which of the following types of authentication
mechanisms does this statement describe?
A. TOTP
B. PAP
C. CHAP
D. HOTP
Answer: D
