RC0-C02 무료 덤프문제 온라인 액세스

A small company is developing a new Internet-facing web application. The security requirements are:
Users of the web application must be uniquely identified and authenticated.
Users of the web application will not be added to the company's directory services.
Passwords must not be stored in the code.
Which of the following meets these requirements?

• A.Use SAML with federated directory services.
• B.Use Open ID and allow a third party to authenticate users.
• C.Use TLS with a shared client certificate for all users.
• D.Use Kerberos and browsers that support SAML.

A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1
Content-type: application/json
{
"account":
{ "creditAccount":"Credit Card Rewards account"}
{ "salesLeadRef":"www.example.com/badcontent/exploitme.exe"}
],
"customer":
{ "name":"Joe Citizen"}
{ "custRef":"3153151"}
Questions & Answers PDF
}
The banking website responds with:
HTIP/1.1 200 OK
{
}
"newAccountDetails":
{ "cardNumber":"1234123412341234"}
{ "cardExpiry":"2020-12-31"}
{ "cardCVV":"909"}
],
"marketingCookieTracker":"JSESSION1D=000000001"
"returnCode":"Account added successfully"
Which of the following are security weaknesses in this example? (Select TWO).

• A.Vulnerable to XSS
• B.Vulnerable to SQL injection
• C.Missing input validation on some fields
• D.Vulnerable to malware file uploads
• E.Sensitive details communicated in clear-text
• F.JSON/REST is not as secure as XML

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure.
Which of the following security goals does this meet? (Select TWO).

• A.Integrity
• B.Authentication
• C.Availability
• D.Encryption
• E.Confidentiality

An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step?

• A.Include specific case studies from other organizations in an updated report.
• B.Craft an RFP to begin finding a new human resource application.
• C.Meet the two key VPs and request a signature on the original assessment.
• D.Schedule a meeting with key human resource application stakeholders.

VPN users cannot access the active FTP server through the router but can access any server in the data center.
Additional network information:
DMZ network- 192.168.5.0/24 (FTP server is 192.168.5.11)
VPN network-192.168.1.0/24
Datacenter - 192.168.2.0/24
User network - 192.168.3.0/24
HR network-192.168.4.0/24\
Traffic shaper configuration:
VLAN Bandwidth Limit (Mbps)
VPN 50
User 175
HR 250
Finance 250
Guest 0
Router ACL:
Action Source Destination
Permit 192.168.1.0/24 192.168.2.0/24
Permit 192.168.1.0/24 192.168.3.0/24
Permit 192.168.1.0/24 192.168.5.0/24
Permit 192.168.2.0/24 192.168.1.0/24
Permit 192.168.3.0/24 192.168.1.0/24
Permit 192.168.5.1/32 192.168.1.0/24
Deny 192.168.4.0/24 192.168.1.0/24
Deny 192.168.1.0/24 192.168.4.0/24
Deny any any
Which of the following solutions would allow the users to access the active FTP server?

• A.Configure the traffic shaper to limit DMZ traffic
• B.Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network
• C.Add a permit statement to allow traffic to 192.168.5.1 from the VPN network
• D.IPS is blocking traffic and needs to be reconfigured
• E.Increase bandwidth limit on the VPN network