RC0-501 Online Practice Questions and Answers

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack?

A. Integer overflow attack

B. Smurf attack

C. Replay attack

D. Buffer overflow attack

E. Cross-site scripting attack

The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?

A. Implement deduplication at the network level between the two locations

B. Implement deduplication on the storage array to reduce the amount of drive space needed

C. Implement deduplication on the server storage to reduce the data backed up

D. Implement deduplication on both the local and remote servers

A security administrator wishes to implement a secure a method of file transfer when communicating with outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select TWO)

A. SCP

B. TFTP

C. SNMP

D. FTP

E. SMTP

F. FTPS

Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure?

A. MOU

B. ISA

C. BPA

D. SLA

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

A. MAC spoofing

B. Pharming

C. Xmas attack

D. ARP poisoning

Six months into development, the core team assigned to implement a new internal piece of software must convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?

A. The system integration phase of the SDLC

B. The system analysis phase of SSDSLC

C. The system design phase of the SDLC

D. The system development phase of the SDLC

A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)

A. ALE

B. AV

C. ARO

D. EF

E. ROI

Which of the following types of attacks precedes the installation of a rootkit on a server?

A. Pharming

B. DDoS

C. Privilege escalation

D. DoS

The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next 10 years. She is asking for the average lifespan of each hardware device so that she is able to calculate when she will have to replace

each device.

Which of the following categories BEST describes what she is looking for?

A. ALE

B. MTTR

C. MTBF

D. MTTF

After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.

The systems administrator reviews the output below:

Based on the above information, which of the following types of malware was installed on the user's computer?

A. RAT

B. Keylogger

C. Spyware

D. Worm

E. Bot