Online Access Free RC0-C02 Practice Test

A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the shortest time period?

• A.Rainbow tables attack
• B.Online password testing
• C.Brute force attack
• D.Dictionary attack

The sales division within a large organization purchased touch screen tablet computers for all 250 sales representatives in an effort to showcase the use of technology to its customers and increase productivity.
This includes the development of a new product tracking application that works with the new platform. The security manager attempted to stop the deployment because the equipment and application are non-standard and unsupported within the organization. However, upper management decided to continue the deployment. Which of the following provides the BEST method for evaluating the potential threats?

• A.Benchmark other organizations that already encountered this type of situation and apply all relevant learnings and industry best practices.
• B.Develop a standard image for the new devices and migrate to a web application to eliminate locally resident data.
• C.Work with the business to understand and classify the risk associated with the full lifecycle of the hardware and software deployment.
• D.Conduct a vulnerability assessment to determine the security posture of the new devices and the application.

A security engineer at a major financial institution is prototyping multiple secure network configurations.
The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions. Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?

• A.Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.
• B.Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.
• C.Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
• D.Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.
• E.Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:
POST /login.aspx HTTP/1.1
Host: comptia.org
Content-type: text/html txtUsername=ann&txtPassword=ann&alreadyloggedln=false&submit=true
Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

• A.Attempt to brute force all usernames and passwords using a password cracker
• B.Remove the txtPassword post data and change alreadyloggedln from false to true
• C.Remove the txtUsername and txtPassword post data and toggle submit from true to false
• D.Remove all of the post data and change the request to /login.aspx from POST to GET

The <namelD> element in SAML can be provided in which of the following predefined formats? (Select
TWO).

• A.WWN record name
• B.PTR DNS record
• C.X.509 subject name
• D.Kerberos principal name
• E.EV certificate OID extension