An analyst connects to a company web conference hosted on www.webconference.com/meetingID#01234 and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management?
A. Guest users could present a risk to the integrity of the company's information.
B. Authenticated users could sponsor guest access that was previously approved by management.
C. Unauthenticated users could present a risk to the confidentiality of the company's information.
D. Meeting owners could sponsor guest access if they have passed a background check.
A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?
A. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
B. Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.
C. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.
D. Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.
E. Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.
A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator's concerns?
A. The SOAP header is not encrypted and allows intermediaries to view the header data. The body can be partially or completely encrypted.
B. The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.
C. The SOAP protocol can be easily tampered with, even though the header is encrypted.
D. The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.
The
A. X.509 subject name
B. PTR DNS record
C. EV certificate OID extension
D. Kerberos principal name
E. WWN record name
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
D. What snapshot or "undo" features are present in the application?
E. What encryption standards are used in remote desktop and file transfer functionality?
An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO's objectives?
A. CoBIT
B. UCF
C. ISO 27002
D. eGRC
Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following notes:
Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.
Sales is asking for easy order tracking to facilitate feedback to customers.
Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.
Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.
Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and
data encryption.
Which of the following departments' request is in contrast to the favored solution?
A. Manufacturing
B. Legal
C. Sales
D. Quality assurance
E. Human resources
A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?
A. Government regulation
B. Industry standard
C. Company guideline
D. Company policy
The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments.
Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing
Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport
A. Systems Engineering: Decomposing requirements Development: Secure coding standards Testing: Code stability Project Management: Stakeholder engagement Security: Secure transport Networks: Functional validation
B. Systems Engineering: Decomposing requirements Development: Code stability Testing: Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport
C. Systems Engineering: Functional validation Development: Stakeholder engagement Testing: Code stability Project Management: Decomposing requirements Security: Secure coding standards Networks: Secure transport
D. Systems Engineering: Decomposing requirements Development: Stakeholder engagement Testing: Code stability Project Management: Functional validation Security: Secure coding standards Networks: Secure transport
A corporation has Research and Development (RandD) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?
A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.
C. Put both departments behind the firewall and incorporate restrictive controls on each department's network.
D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your RC0-C02 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.