Eligibility Candidates MUST have
An active CASP CE certification earned by passing exam CAS-001.
Received an email from CompTIA containing a Private Access Code (PAC).
Exam Description The CASP Recertification Exam covers these domains:
1.0 Enterprise Security (42% of Total)
2.0 Risk Management and Incident Response (11% of Total)
3.0 Research and Analysis (17% of Total)
4.0 Technical Integration of Enterprise Components (30% of Total)
Number of Questions: 40
Type of Questions Multiple choice questions (single and multiple response)
Length of Test: 60 Minutes
Passing Score: Pass/Fail only. No scaled score.
Delivery: Non-proctored Pearson IBT
Only candidates with an active CASP CE certification will receive CEU credit.
Passing the exam will automatically renew your existing CASP CE. Please allow 1-3 days for your record to be updated.
The CompTIA Advanced Security Practioner (CASP)
Recertification exm is one way for CompTIA certified professionals to keep their CASP certification active. A CASP certification earned on or after January 1st, 2011 is valid for three years from the date the certification was earned. The certification must be renewed within three years in order for the individual to remain certified. To remain certified, individuals may:
Re-take (and pass) the current certification exam (CAS-002)
Participate in continuing education activities
Take (and pass) the CASP recertification exam (RC0-C02)
The CASP Recertification Exam RC0-C02 bridges the competencies measured by the CASP CAS-001 exam and the CAS-002 exam. The exam (RC0-C02) blueprint includes the objectives new to the CAS-002 series and also assesses the highest weighted competencies that appear on the previous (CAS-001)exam (i.e., the knowledge and skills rated by SMEs as most relevant for on-the-job performance).
NOTE: Availability of RC0-C02 is LIMITED TO THOSE who have kept their CASP certification active and have not taken and passed the current CAS-002 series exam.
The CompTIA Advanced Security Practitioner Certification Exam is accredited by ANSI to show compliance with the ISO 17024 Standard and, as such, undergoes regular reviews and updates to the exam objectives.
The following CASP Recertification RC0-C02 exam objectives result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an advanced-level security professional.
This examination blueprint includes domain weighting, test objectives, and example content. Example topics and concepts are included to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.
Candidates are encouraged to use this document to guide their studies. The table below lists the domains measured by this examination and the extent to which they are CompTIA Advanced Security Practitioner Recertification
QUESTION 1 – (Topic 1)
ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe?
The question states that the HMAC counter-based codes and are valid until they are used. These are “one-time” use codes.
HOTP is an HMAC-based one-time password (OTP) algorithm.
HOTP can be used to authenticate a user in a system via an authentication server. Also, if some more steps are carried out (the server calculates subsequent OTP value and sends/displays it to the user who checks it against subsequent OTP value calculated by his token), the user can also authenticate the validation server.
Both hardware and software tokens are available from various vendors. Hardware tokens implementing OATH HOTP tend to be significantly cheaper than their competitors based on proprietary algorithms. Some products can be used for strong passwords as well as OATH HOTP.
Software tokens are available for (nearly) all major mobile/smartphone platforms.
QUESTION 2 – (Topic 1)
Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?
B. Data snapshots
C. LUN masking
D. Storage multipaths
A logical unit number (LUN) is a unique identifier that designates individual hard disk devices or grouped devices for address by a protocol associated with a SCSI, iSCSI, Fibre Channel (FC) or similar interface. LUNs are central to the management of block storage arrays shared over a storage area network (SAN).
LUN masking subdivides access to a given port. Then, even if several LUNs are accessed through the same port, the server masks can be set to limit each server’s access to the appropriate LUNs. LUN masking is typically conducted at the host bus adapter (HBA) or switch level.
QUESTION 3 – (Topic 1)
An application present on the majority of an organization’s 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?
A. Deploy custom HIPS signatures to detect and block the attacks.
B. Validate and deploy the appropriate patch.
C. Run the application in terminal services to reduce the threat landscape.
D. Deploy custom NIPS signatures to detect and block the attacks.
If an application has a known issue (such as susceptibility to buffer overflow attacks) and a patch is released to resolve the specific issue, then the best solution is always to deploy the patch.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow attacks are said to have
arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
QUESTION 4 – (Topic 1)
A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?
A. LUN masking
B. Data injection
C. Data fragmentation
D. Moving the HBA
QUESTION 5– (Topic 1)
select id, firstname, lastname from authors
User input= firstname= Hack;man
Which of the following types of attacks is the user attempting?
A. XML injection
B. Command injection
C. Cross-site scripting
D. SQL injection
The code in the question is SQL code. The attack is a SQL injection attack.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in
an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed
and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.