RC0-501 Online Practice Questions and Answers

For each of the given items, select the appropriate authentication category from the dropdown choices. Instructions: When you have completed the simulation, please select the Done button to submit.

Hot Area:

You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan-Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Select and Place:

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

Select and Place:

An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed?

A. Service level agreement

B. Interconnection security agreement

C. Non-disclosure agreement

D. Business process analysis

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the company's mobile device management configuration would allow the company data to be removed from the device without touching the new hire's data?

A. Asset control

B. Device access control

C. Storage lock out

D. Storage segmentation

A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran on the user's computers without exception. Which of the following should the administrator do to prevent all unapproved software from running on the user's computer?

A. Deploy antivirus software and configure it to detect and remove pirated software

B. Configure the firewall to prevent the downloading of executable files

C. Create an application whitelist and use OS controls to enforce it

D. Prevent users from running as administrator so they cannot install software.

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The

bank president thought separation of duties would prevent this from happening.

In order to implement a true separation of duties approach the bank could:

A. Require the use of two different passwords held by two different individuals to open an account

B. Administer account creation on a role based access control approach

C. Require all new accounts to be handled by someone else other than a teller since they have different duties

D. Administer account creation on a rule based access control approach

An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week. Which of the following would be the BEST method of updating this application?

A. Configure testing and automate patch management for the application.

B. Configure security control testing for the application.

C. Manually apply updates for the application when they are released.

D. Configure a sandbox for testing patches before the scheduled monthly update.

A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator

reported that log files indicated that several records were missing from the database.

Which of the following risk mitigation strategies should have been implemented when the supervisor was demoted?

A. Incident management

B. Routine auditing

C. IT governance

D. Monthly user rights reviews

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.)

A. Escrowed keys

B. SSL symmetric encryption key

C. Software code private key

D. Remote server public key

E. OCSP

Refer to the following code:

Which of the following vulnerabilities would occur if this is executed?

A. Page exception

B. Pointer deference

C. NullPointerException

D. Missing null check

Which of the following specifically describes the explogtation of an interactive process to access otherwise restricted areas of the OS?

A. Privilege escalation

B. Pivoting

C. Process affinity

D. Buffer overflow

An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?

A. PEAP

B. EAP

C. WPA2

D. RADIUS

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)

A. Option A

B. Option B

C. Option C

D. Option D

E. Option E

F. Option F

A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/for approvals. Which of the following BEST describes this type of agreement?

A. ISA

B. NDA

C. MOU

D. SLA