RC0-501 Online Practice Questions and Answers
A security administrator needs to implement a system that detects possible intrusions based upon a vendor provided list. Which of the following BEST describes this type of IDS?
A. Signature based
B. Heuristic
C. Anomaly-based
D. Behavior-based
Which of the following are MOST susceptible to birthday attacks?
A. Hashed passwords
B. Digital certificates
C. Encryption passwords
D. One time passwords
A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?
A. Whitelisting
B. Anti-malware
C. Application hardening
D. Blacklisting
E. Disable removable media
An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP
service and download their personal files, however, they cannot transfer new files to the server.
Which of the following will most likely fix the uploading issue for the users?
A. Create an ACL to allow the FTP service write access to user directories
B. Set the Boolean selinux value to allow FTP home directory uploads
C. Reconfigure the ftp daemon to operate without utilizing the PSAV mode
D. Configure the FTP daemon to utilize PAM authentication pass through user permissions
A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.)
A. Geofencing
B. Remote wipe
C. Near-field communication
D. Push notification services
E. Containerization
A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic's -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this?
A. CSIRT
B. Containment phase
C. Escalation notifications
D. Tabletop exercise
A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first.
Which of the following is the correct order in which Joe should collect the data?
A. CPU cache, paging/swap files, RAM, remote logging data
B. RAM, CPU cache. Remote logging data, paging/swap files
C. Paging/swap files, CPU cache, RAM, remote logging data
D. CPU cache, RAM, paging/swap files, remote logging data
Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?
A. The recipient can verify integrity of the software patch.
B. The recipient can verify the authenticity of the site used to download the patch.
C. The recipient can request future updates to the software using the published MD5 value.
D. The recipient can successfully activate the new software patch.
After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.
The systems administrator reviews the output below:
Based on the above information, which of the following types of malware was installed on the user's computer?
A. RAT
B. Keylogger
C. Spyware
D. Worm
E. Bot
When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.)
A. Use of performance analytics
B. Adherence to regulatory compliance
C. Data retention policies
D. Size of the corporation
E. Breadth of applications support