RC0-501 Online Practice Questions and Answers

Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure?

A. MOU

B. ISA

C. BPA

D. SLA

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

A. Block level encryption

B. SAML authentication

C. Transport encryption

D. Multifactor authentication

E. Predefined challenge questions

F. Hashing

An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of: A. Passive reconnaissance

B. Persistence

C. Escalation of privileges

D. Explogting the switch

Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Select two.)

A. Rainbow table attacks greatly reduce compute cycles at attack time.

B. Rainbow tables must include precomputed hashes.

C. Rainbow table attacks do not require access to hashed passwords.

D. Rainbow table attacks must be performed on the network.

E. Rainbow table attacks bypass maximum failed login restrictions.

An auditor wants to test the security posture of an organization by running a tool that will display the following:

Which of the following commands should be used?

A. nbtstat

B. nc

C. arp

D. ipconfig

Which of the following can be provided to an AAA system for the identification phase?

A. Username

B. Permissions

C. One-time token

D. Private certificate

A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?

A. Vulnerability scanning

B. Penetration testing

C. Application fuzzing

D. User permission auditing

When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:

A. system sprawl

B. end-of-life systems

C. resource exhaustion

D. a default configuration

Which of the following occurs when the security of a web application relies on JavaScript for input validation?

A. The integrity of the data is at risk.

B. The security of the application relies on antivirus.

C. A host-based firewall is required.

D. The application is vulnerable to race conditions.

A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization's PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement to BEST meet these requirements? (Select two.)

A. Install an X- 509-compliant certificate.

B. Implement a CRL using an authorized CA.

C. Enable and configure TLS on the server.

D. Install a certificate signed by a public CA.

E. Configure the web server to use a host header.