An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack?
A. Install IDS/IPS systems on the network
B. Force all SIP communication to be encrypted
C. Create separate VLANs for voice and data traffic
D. Implement QoS parameters on the switches
The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).
A. SIM's PIN
B. Remote wiping
C. Chargeback system
D. MDM software
E. Presence software
F. Email profiles
G. Identity attestation
H. GPS tracking
A security manager has received the following email from the Chief Financial Officer (CFO):
"While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things
currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?"
Based on the information provided, which of the following would be the MOST appropriate response to the CFO?
A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed.
B. Allow VNC access to corporate desktops from personal computers for the users working from home.
C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home.
D. Work with the executive management team to revise policies before allowing any remote access.
A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).
A. Managed security service
B. Memorandum of understanding
C. Quality of service
D. Network service provider
E. Operating level agreement
A medical device manufacturer has decided to work with another international organization to develop the software for a new robotic surgical platform to be introduced into hospitals within the next 12 months. In order to ensure a competitor does not become aware, management at the medical device manufacturer has decided to keep it secret until formal contracts are signed. Which of the following documents is MOST likely to contain a description of the initial terms and arrangement and is not legally enforceable?
A. OLA
B. BPA
C. SLA
D. SOA
E. MOU
A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?
A. Network Administrator, Database Administrator, Programmers
B. Network Administrator, Emergency Response Team, Human Resources
C. Finance Officer, Human Resources, Security Administrator
D. Database Administrator, Facilities Manager, Physical Security Manager
A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?
A. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options.
B. Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any `high' or `critical' penetration test findings and put forward recommendations for mitigation.
C. Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
D. Notify all customers about the threat to their hosted data. Bring the web servers down into "maintenance mode" until the vulnerability can be reliably mitigated through a vendor patch.
An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations?
A. Back office database
B. Asset tracking
C. Geo-fencing
D. Barcode scanner
An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement?
A. Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development.
B. Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.
C. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.
D. Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.
A corporation has expanded for the first time by integrating several newly acquired businesses. Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).
A. Remove acquired companies Internet access.
B. Federate identity management systems.
C. Install firewalls between the businesses.
D. Re-image all end user computers to a standard image.
E. Develop interconnection policy.
F. Conduct a risk analysis of each acquired company's networks.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your RC0-C02 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.