NO.1 An administrator is tasked with securing several website domains on a web server. The
administrator elects to secure www.example.com, mail.example.org, archive.example.com, and
www.example.org with the same certificate. Which of the following would allow the administrator to
secure those domains with a single issued certificate?
A. EV x509 Certificate
B. Wildcard Certificate
C. Intermediate Root Certificate
D. Subject Alternative Names Certificate
Answer: D
RC0-C02 スキル
Explanation:
Subject Alternative Names let you protect multiple host names with a single SSL certificate. Subject
Alternative Names allow you to specify a list of host names to be protected by a single SSL certificate.
When you order the certificate, you will specify one fully qualified domain name in the common
name field.
You can then add other names in the Subject Alternative Names field.
Incorrect Answers:
A: An Intermediate Root Certificate is used to trust an intermediate CA (Certification Authority). The
Intermediate root CA can issue certificates but the Intermediate Root Certificate itself cannot be used
to secure multiple domains on a web server.
B: A wildcard certificate can be used to secure multiple domain names within the same higher level
domain. For example: a wildcard certificate "* .example.com" can secure an unlimited number of
domains that end in 'example.com' such as domainl.example.com, domain2.example.com etc. A
wildcard certificate cannot be used to secure the domains listed in this question.
C: The certificate used to secure the domains will be an x509 certificate but it will not be a standard
EV certificate. EV stands for extended validation. With a non-EV certificate, the issuing CA just
ensures that you own the domains that you want to secure. With an EV certificate, further checks are
carried out such as checks on your company. EV certificates take longer to issue due to the extra
checks but the EV certificate provides extra guarantees to your customers that you are who you say
you are. However, a standard EV certificate only secures a single domain.
NO.2 An insurance company has an online quoting system for insurance premiums. It allows potential
customers to fill in certain details about their car and obtain a quote. During an investigation, the
following patterns were detected:
Pattern 1 - Analysis of the logs identifies that insurance premium forms are being filled in but only
single fields are incrementally being updated.
Pattern 2 - For every quote completed, a new customer number is created; due to legacy systems,
customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to
defend against it? (Select TWO).
A. Distributed denial of service
B. Cross site scripting attack
C. Implement an inline WAF and integrate into SIEM
D. Input a blacklist of all known BOT malware IPs into the firewall
E. Resource exhaustion attack
F. SQL injection
G. Apply a hidden field that triggers a SIEM alert
H. Implement firewall rules to block the attacking IP addresses
Answer: C,E
RC0-C02 再テスト
Explanation:
A resource exhaustion attack involves tying up predetermined resources on a system, thereby making
the resources unavailable to others.
Implementing an inline WAF would allow for protection from attacks, as well as log and alert admins
to what's going on. Integrating in into SIEM allows for logs and other security-related documentation
to be collected for analysis.
Incorrect Answers:
A: SIEM technology analyses security alerts generated by network hardware and applications.
B: Cross site scripting attacks occur when malicious scripts are injected into otherwise trusted
websites.
D: Traditional firewalls block or allow traffic. It is not, however, the best way to defend against a
resource exhaustion attack.
E: A SQL injection attack occurs when the attacker makes use of a series of malicious SQL queries to
directly influence the SQL database.
G: A distributed denial-of-service (DDoS) attack occurs when many compromised systems attack a
single target. This results in denial of service for users of the targeted system.
H: Traditional firewalls block or allow traffic. It is not, however, the best way to defend against a
resource exhaustion attack.
References:
http://searchsecurity.techtarget.com/feature/Four-questions-to-ask-before-buying-a-
Webapplication-firewall
http://searchsecurity.techtarget.com/definition/security-information-and-event-management-SIEM
https://en.wikipedia.org/wiki/Security_information_and_event_management
http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John
Wiley & Sons, Indianapolis, 2012, pp. 150, 153
NO.3 A company has implemented data retention policies and storage quotas in response to their
legal department's requests and the SAN administrator's recommendation. The retention policy
states all email data older than 90 days should be eliminated. As there are no technical controls in
place, users have been instructed to stick to a storage quota of 500Mb of network storage and
200Mb of email storage. After being presented with an e-discovery request from an opposing legal
council, the security administrator discovers that the user in the suit has 1Tb of files and 300Mb of
email spanning over two years. Which of the following should the security administrator provide to
opposing council?
A. Provide the first 200Mb of e-mail and the first 500Mb of files as per policy.
B. Provide the 1Tb of files on the network and the 300Mb of email files regardless of age.
C. Delete email over the policy threshold and hand over the remaining emails and all of the files.
D. Delete files and email exceeding policy thresholds and turn over the remaining files and email.
Answer: B
NO.4 A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer
(CISO) because money has been spent on IT security infrastructure, but corporate assets are still
found to be vulnerable. The business recently funded a patch management product and SOE
hardening initiative.
A third party auditor reported findings against the business because some systems were missing
patches.
Which of the following statements BEST describes this situation?
A. The CFO is at fault because they are responsible for patching the systems and have already been
given patch management and SOE hardening products.
B. The audit findings are invalid because remedial steps have already been applied to patch servers
and the remediation takes time to complete.
C. Security controls are generally never 100% effective and gaps should be explained to stakeholders
and managed accordingly.
D. The CISO has not selected the correct controls and the audit findings should be assigned to them
instead of the CFO.
Answer: C
RC0-C02 スキル RC0-C02 例題
Explanation:
Security controls can never be run 100% effective and is mainly observed as a risk mitigation strategy
thus the gaps should be explained to all stakeholders and managed accordingly.
Incorrect Answers:
A: The CFO's main concern would be of a monetary nature as per the job description and not the IT
security infrastructure or patch management per se.
B: The audit findings are not invalid since the audit actually found more missing patches on some
systems.
C: The chief information security officer is the executive in the company that has the responsibility
over information security in the organization; the CISO does not necessarily select controls.
References:
Gregg, Michael, and Billy Haines, CASP CompTIA Advanced Security Practitioner Study Guide, John
Wiley & Sons, Indianapolis, 2012, pp. 204, 213
あなたはCompTIAのSY0-401 模擬試験問題集の資料を探すのに悩んでいますか。心配しないでください。私たちを見つけるのはあなたのCompTIAのSY0-401 模擬試験問題集試験に合格する保障からです。数年以来IT認証試験のためのソフトを開発している我々ShikenPASSチームは国際的に大好評を博しています。我々はCompTIAのSY0-401 模擬試験問題集のような重要な試験を準備しているあなたに一番全面的で有効なヘルプを提供します。
試験番号:SY0-401
試験科目:「CompTIA Security+ Certification」
一年間無料で問題集をアップデートするサービスを提供いたします
最近更新時間:2018-04-24
問題と解答:全1782問 SY0-401 模擬試験問題集
試験番号:RC0-C02
試験科目:「CompTIA Advanced Security Practitioner (CASP) Recertification Exam for Continuing Education」
一年間無料で問題集をアップデートするサービスを提供いたします
最近更新時間:2018-04-24
問題と解答:全310問 RC0-C02 トレーニング資料
古くから成功は準備のできる人のためにあると聞こえます。多くの人々は我々社のRC0-C02 トレーニング資料問題集を介して、CompTIAのRC0-C02 トレーニング資料試験資格認定を取得しました.しかも、この優位を持ってよい仕事を探しました。成功を受けたいあなたはすぐに行動しませんでしょうか?RC0-C02 トレーニング資料試験に興味があると、我々社ShikenPASSをご覧になってください。
IT業界での競争がますます激しくなるうちに、あなたの能力をどのように証明しますか。CompTIAのSY0-401 模擬試験問題集試験に合格するのは説得力を持っています。我々ができるのはあなたにより速くCompTIAのSY0-401 模擬試験問題集試験に合格させます。数年間の発展で我々ShikenPASSはもっと多くの資源と経験を得ています。改善されているソフトはあなたのCompTIAのSY0-401 模擬試験問題集試験の復習の効率を高めることができます。
IT技術の急速な発展につれて、IT認証試験の問題は常に変更されています。したがって、ShikenPASSのRC0-C02 トレーニング資料問題集も絶えずに更新されています。それに、ShikenPASSの教材を購入すれば、ShikenPASSは一年間の無料アップデート・サービスを提供してあげます。問題が更新される限り、ShikenPASSは直ちに最新版のRC0-C02 トレーニング資料資料を送ってあげます。そうすると、あなたがいつでも最新バージョンの資料を持っていることが保証されます。ShikenPASSはあなたが試験に合格するのを助けることができるだけでなく、あなたは最新の知識を学ぶのを助けることもできます。このような素晴らしい資料をぜひ見逃さないでください。
購入前にお試し,私たちの試験の質問と回答のいずれかの無料サンプルをダウンロード:http://www.shikenpass.com/RC0-C02-shiken.html