CompTIA RC0-C02 問題集

質問 1：
Three companies want to allow their employees to seamlessly connect to each other's wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companies' wireless network.
All three companies have agreed to standardize on 802.1x EAP-PEAPMSCHAPv2 for client configuration.
Which of the following should the three companies implement?
A. The three companies should implement federated authentication through Shibboleth connected to an
LDAP backend and agree on a single SSID.
B. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
C. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.
D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 2：
A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and reusable patterns into account.
Which of the following would BEST help to achieve these objectives?
A. Include SRTM in the SDLC
B. Construct a library of re-usable security patterns
C. Introduce an ESA framework
D. Construct a security control library
正解：C

質問 3：
A facilities manager has observed varying electric use on the company's metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered.
However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT department's needs? (Select TWO).
A. Rewriting the change board charter
B. Facility management participation on a change control board
C. Designing a business resource monitoring system
D. Deploying a radio frequency identification tagging asset management system
E. Purchasing software asset management software
F. Hiring a property custodian
G. Implementation of change management best practices
正解：B,G
解説: (Topexam メンバーにのみ表示されます)

質問 4：
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines.
In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?
A. vTPM
B. TPM
C. INE
D. HSM
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 5：
A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?
A. Incremental model
B. Agile model
C. Spiral model
D. Waterfall model
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 6：
A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).
A. Managed security service
B. Network service provider
C. Memorandum of understanding
D. Quality of service
E. Operating level agreement
正解：C,E
解説: (Topexam メンバーにのみ表示されます)