質問 1:Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions.
Which of the following process level solutions would address this problem?
A. Adjust the firewall ACL to prohibit development from directly accessing the production server farm.
B. Update the vulnerability management plan to address data discrepancy issues.
C. Implement change control practices at the organization level.
D. Change development methodology from strict waterfall to agile.
正解:C
解説: (Topexam メンバーにのみ表示されます)
質問 2:Since the implementation of IPv6 on the company network, the security administrator has been unable to identify the users associated with certain devices utilizing IPv6 addresses, even when the devices are centrally managed.
En1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether f8:1e:af:ab:10:a3 inet6 fw80::fale:dfff:fee6:9d8%en1 prefixlen 64 scopeid 0x5 inet 192.168.1.14 netmask 0xffffff00 broadcast 192.168.1.255 inet6 2001:200:5:922:1035:dfff:fee6:9dfe prefixlen 64 autoconf inet6 2001:200:5:922:10ab:5e21:aa9a:6393 prefixlen 64 autoconf temporary nd6 options=l<PERFORMNUD> media: autoselect status: active
Given this output, which of the following protocols is in use by the company and what can the system administrator do to positively map users with IPv6 addresses in the future? (Select TWO).
A. The devices use EUl-64 format
B. The administrator must disable IPv6 tunneling
C. The administrator must disable the IPv6 privacy extensions
D. The administrator must disable DHCPv6 option code 1
E. The router IPv6 advertisement has been disabled
F. The administrator must disable the mobile IPv6 router flag
G. The network implements 6to4 tunneling
H. The routers implement NOP
正解:C,H
解説: (Topexam メンバーにのみ表示されます)
質問 3:A security consultant is conducting a network assessment and wishes to discover any legacy backup
Internet connections the network may have. Where would the consultant find this information and why would it be valuable?
A. This information can be found by querying the network's DNS servers, and is valuable because backup
DNS servers typically allow recursive queries from Internet hosts.
B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
D. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
正解:D
解説: (Topexam メンバーにのみ表示されます)
質問 4:Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.
正解:
Check the explanation part for complete solution below.
Explanation:
We have traffic coming from two rogue IP addresses: 192.10.3.204 and 192.10.3.254 (both in the
192.10.30.0/24 subnet) going to IPs in the corporate site subnet (192.10.1.0/24) and the remote site subnet (192.10.2.0/24). We need to Deny (block) this traffic at the firewall by ticking the following two checkboxes:
質問 5:DRAG DROP
IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.
正解:
Explanation:
Vendor may accidentally or maliciously make changes to the IT system -Allow view-only access. With view-only access, the third party can view the desktop but cannot interact with it. In other words, they cannot control the keyboard or mouse to make any changes.
Desktop sharing traffic may be intercepted by network attackers - Use SSL for remote sessions. SSL
(Secure Sockets Layer) encrypts data in transit between computers. If an attacker intercepted the traffic, the data would be encrypted and therefore unreadable to the attacker.
No guarantees that shoulder surfing attacks are not occurring at the vendor - Identified control gap.
Shoulder surfing is where someone else gains information by looking at your computer screen. This should be identified as a risk. A control gap occurs when there are either insufficient or no actions taken to avoid or mitigate a significant risk.
Vendor may inadvertently see confidential material from the company such as email and I Ms - Limit desktop session to certain windows.
The easiest way to prevent a third party from viewing your emails and IMs is to close the email and IM application windows for the duration of the desktop sharing session.
質問 6:A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would
MOST likely be uncovered by this tool?
A. The tool could show that input validation was only enabled on the client side
B. The tool could fuzz the application to determine where memory leaks occur
C. The tool could force HTTP methods such as DELETE that the server has denied
D. The tool could enumerate backend SQL database table and column names
正解:A
解説: (Topexam メンバーにのみ表示されます)
一年間の無料更新サービスを提供します
君が弊社のCompTIA RC0-C02をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたCompTIA RC0-C02をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のCompTIA RC0-C02を持っていることを保証します。
弊社は無料CompTIA RC0-C02サンプルを提供します
お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料RC0-C02サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのRC0-C02問題集は自分に適するかどうか判断して購入を決めることができます。
RC0-C02試験ツール:あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。
CompTIA RC0-C02 認定試験の出題範囲:
トピック | 出題範囲 |
---|
トピック 1 | - Technical Integration of Enterprise Components
|
トピック 2 | - Risk Management and Incident Response
|
トピック 3 | |
参照:https://certification.comptia.org/docs/default-source/exam-objectives/casp-rc0-c02-recertification-objectives-(2).pdf
弊社は失敗したら全額で返金することを承諾します
我々は弊社のRC0-C02問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のCompTIA RC0-C02を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。
TopExamは君にRC0-C02の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。
安全的な支払方式を利用しています
Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のRC0-C02問題集は全部Credit Cardで支払われることができます。
領収書について:社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。
弊社のCompTIA RC0-C02を利用すれば試験に合格できます
弊社のCompTIA RC0-C02は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はRC0-C02問題集の質問と答えが間違いないのを保証いたします。
この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100%の合格率を保証します。我々の高質量のCompTIA RC0-C02を利用すれば、君は一回で試験に合格できます。