CompTIA RC0-C02 問題集

質問 1：
The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?
A. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
B. The ISO is evaluating the business implications of a recent telephone system failure within the BI
C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 2：
A large organization has recently suffered a massive credit card breach. During the months of Incident
Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred.
In which part of the incident response phase would this be addressed in a controlled and productive manner?
A. During the Identification Phase
B. During the Lessons Learned phase
C. During the Preparation Phase
D. During the Containment Phase
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 3：
After the install process, a software application executed an online activation process. After a few months, the system experienced a hardware failure. A backup image of the system was restored on a newer revision of the same brand and model device. After the restore, the specialized application no longer works. Which of the following is the MOST likely cause of the problem?
A. The binary files used by the application have been modified by malware.
B. The restored image backup was encrypted with the wrong key.
C. The hash key summary of hardware and installed software no longer match.
D. The application is unable to perform remote attestation due to blocked ports.
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 4：
Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions.
When speaking with the network administrator, the security administrator learns that the existing routers have the minimum processing power to do the required level of encryption. Which of the following solutions minimizes the performance impact on the router?
A. Require all core business applications to use encryption
B. Add an encryption module to the router and configure IPSec
C. Deploy inline network encryption devices
D. Install an SSL acceleration appliance
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 5：
The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?
A. Use after free
B. Integer overflow
C. SQL injection
D. Race condition
E. Click-jacking
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 6：
The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments.
Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing
Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation,
Stakeholder engagement, Secure transport
A. Systems Engineering: Decomposing requirements
Development: Stakeholder engagement
Testing: Code stability
Project Management: Functional validation
Security: Secure coding standards
Networks: Secure transport
B. Systems Engineering: Functional validation
Development: Stakeholder engagement
Testing: Code stability
Project Management: Decomposing requirements
Security: Secure coding standards
Networks: Secure transport
C. Systems Engineering: Decomposing requirements
Development: Secure coding standards
Testing: Code stability
Project Management: Stakeholder engagement
Security: Secure transport
Networks: Functional validation
D. Systems Engineering: Decomposing requirements
Development: Code stability
Testing: Functional validation
Project Management: Stakeholder engagement
Security: Secure coding standards
Networks: Secure transport
正解：D