An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents?
A. Memorandum of Understanding
B. Information System Security Agreement
C. Interconnection Security Agreement
D. Interoperability Agreement
E. Operating Level Agreement
A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).
A. Perform penetration testing over the HR solution to identify technical vulnerabilities
B. Perform a security risk assessment with recommended solutions to close off high-rated risks
C. Secure code review of the HR solution to identify security gaps that could be exploited
D. Perform access control testing to ensure that privileges have been configured correctly
E. Determine if the information security standards have been complied with by the project
A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?
A. Spiral model
B. Incremental model
C. Waterfall model
D. Agile model
An organization recently upgraded its wireless infrastructure to support 802.1x and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only pre-shared key compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the 802.1x requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?
A. Create a separate SSID and require the use of dynamic encryption keys.
B. Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random intervals.
C. Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow required communication paths.
D. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.
Which of the following is true about an unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.
Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B's IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?
A. Purchase the product and test it in a lab environment before installing it on any live system.
B. Allow Company A and B's IT staff to evaluate the new product prior to purchasing it.
C. Purchase the product and test it on a few systems before installing it throughout the entire company.
D. Use Company A's change management process during the evaluation of the new product.
Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem?
A. Implement change control practices at the organization level.
B. Adjust the firewall ACL to prohibit development from directly accessing the production server farm.
C. Update the vulnerability management plan to address data discrepancy issues.
D. Change development methodology from strict waterfall to agile.
During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?
A. Implement an IPS to block the application on the network
B. Implement the remote application out to the rest of the servers
C. Implement SSL VPN with SAML standards for federation
D. Implement an ACL on the firewall with NAT for remote access
Ann, the VoIP administrator, starts receiving reports that users are having problems placing phone calls. She cannot determine the issue, and asks Joe, the security administrator, for help. Joe reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. Using a protocol analyzer, he does see an excessive number of SIP INVITE packets destined for the SIP proxy. Based on the information given, which of the following types of attacks is underway and how can it be remediated?
A. Man in the middle attack; install an IPS in front of SIP proxy.
B. Man in the middle attack; use 802.1x to secure voice VLAN.
C. Denial of Service; switch to more secure H.323 protocol.
D. Denial of Service; use rate limiting to limit traffic.
A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, "BYOD clients must meet the company's infrastructure requirements to permit a connection." The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?
A. Asset management
B. IT governance
C. Change management
D. Transference of risk
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your RC0-C02 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.