RC0-501 Online Practice Questions and Answers

An organization is moving its human resources system to a cloud services provider. The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?

A. Two-factor authentication

B. Account and password synchronization

C. Smartcards with PINS

D. Federated authentication

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the organization incurs in this situation in the future?

A. Time-of-day restrictions

B. User access reviews

C. Group-based privileges

D. Change management policies

Which of the following can affect electrostatic discharge in a network operations center?

A. Fire suppression

B. Environmental monitoring

C. Proximity card access

D. Humidity controls

A website administrator has received an alert from an application designed to check the integrity of the company's website. The alert indicated that the hash value for a particular MPEG file has changed. Upon further investigation, the media appears to be the same as it was before the alert. Which of the following methods has MOST likely been used?

A. Cryptography

B. Time of check/time of use

C. Man in the middle

D. Covert timing

E. Steganography

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws.

Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?

A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers

B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location

C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work?

A. Taking pictures of proprietary information and equipment in restricted areas.

B. Installing soft token software to connect to the company's wireless network.

C. Company cannot automate patch management on personally-owned devices.

D. Increases the attack surface by having more target devices on the company's campus

Which of the following security controls does an iris scanner provide?

A. Logical

B. Administrative

C. Corrective

D. Physical

E. Detective

F. Deterrent

An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance. Which of the following should the security analyst recommend is lieu of an OCSP?

A. CSR

B. CRL

C. CA

D. OID

An auditor is reviewing the following output from a password-cracking tool:

Which of the following methods did the auditor MOST likely use?

A. Hybrid

B. Dictionary

C. Brute force

D. Rainbow table

A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/for approvals. Which of the following BEST describes this type of agreement?

A. ISA

B. NDA

C. MOU

D. SLA