RC0-C02 무료 덤프문제 온라인 액세스

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company's security information and event management server.
Logs:
Log 1:
Feb S 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets
Log 2:
HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Log 3:
Security Error Alert
Event ID SO: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client
Log 4:
Encoder oe = new OracleEncoder ();
String query= "Select user_id FROM user_data WHERE user_name = '"
+ oe.encode ( req.getParameter("userlD")) +"'and user_password = '"
+ oe.encode ( req.getParameter("pwd") ) +" '";
Vulnerabilities
Buffer overflow
SQL injection
ACL xss
Which of the following logs and vulnerabilities would MOST likely be related to the security breach?
(Select TWO).

• A.ACL
• B.XSS
• C.Log 1
• D.Log 3
• E.SQL injection
• F.Buffer overflow
• G.Log 4
• H.Log 2

A security administrator is shown the following log excerpt from a Unix system:
2 013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2 013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2 013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2 013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2 013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2
2 013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

• A.Isolate the system immediately and begin forensic analysis on the host.
• B.A remote attacker has guessed the root password using a dictionary attack.
• C.A remote attacker has compromised the private key of the root account.
• D.Change the root password immediately to a password not found in a dictionary.
• E.Use iptables to immediately DROP connections from the IP 198.51.100.23.
• F.A remote attacker has compromised the root account using a buffer overflow in sshd.
• G.An authorized administrator has logged into the root account remotely.
• H.The administrator should disable remote root logins.

A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the
BEST way to ensure confidentiality of individual operating system data?

• A.FDE of the entire SSD as a single disk
• B.FDE of each logical volume on the SSD
• C.Encryption of each individual partition
• D.Encryption of the SSD at the file level

A small company is developing a new Internet-facing web application. The security requirements are:
Users of the web application must be uniquely identified and authenticated.
Users of the web application will not be added to the company's directory services.
Passwords must not be stored in the code.
Which of the following meets these requirements?

• A.Use TLS with a shared client certificate for all users.
• B.Use SAML with federated directory services.
• C.Use Open ID and allow a third party to authenticate users.
• D.Use Kerberos and browsers that support SAML.

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).

• A./etc/password
• B./sbin/logon
• C./etc/passwd
• D./etc/security
• E./bin/bash
• F./etc/shadow