CompTIA RC0-C02 問題集

質問 1：
Which of the following represents important technical controls for securing a SAN storage infrastructure?
(Select TWO).
A. Storage pool space allocation
B. Port mapping
C. Synchronous copy of data
D. RAID configuration
E. LUN masking/mapping
F. Port scanning
G. Data de-duplication
正解：B,E
解説: (Topexam メンバーにのみ表示されます)

質問 2：
The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?
A. Use after free
B. Integer overflow
C. SQL injection
D. Race condition
E. Click-jacking
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 3：
The senior security administrator wants to redesign the company DMZ to mm1m1ze the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?
A. A Saas based firewall which logs to the company's local storage via SSL, and is managed by the change control team.
B. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.
C. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware.
D. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 4：
The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system?
A. Install an antivirus and HIDS on the system.
B. Virtualize the system and migrate it to a cloud provider.
C. Segment the device on its own secure network.
D. Hire developers to reduce vulnerabilities in the code.
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 5：
A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE).
A. User authentication strategy
B. Operating system compatibility
C. The cost of the solution
D. PBX integration of the service
E. System availability
F. Security of data storage
正解：A,E,F

質問 6：
A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?
A. Client side input validation
B. Regular expression matching
C. Stored procedure
D. Encrypting credit card details
正解：B
解説: (Topexam メンバーにのみ表示されます)