CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. RC0-501

Free RC0-501 Exam Braindumps (page: 46)

Page 45 of 87
PDF with 346 Questions

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field.
Which of the following has the application programmer failed to implement?

  1. Revision control system
  2. Client side exception handling
  3. Server side validation
  4. Server hardening

Answer(s): C



An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine.
Which of the following is being described?

  1. Zero-day exploit
  2. Remote code execution
  3. Session hijacking
  4. Command injection

Answer(s): A



A security administrator returning from a short vacation receives an account lock-out message when attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine.
Which of the following can be implemented to reduce the likelihood of this attack going undetected?

  1. Password complexity rules
  2. Continuous monitoring
  3. User access reviews
  4. Account lockout policies

Answer(s): B



A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening.
In order to implement a true separation of duties approach the bank could:

  1. Require the use of two different passwords held by two different individuals to open an account
  2. Administer account creation on a role based access control approach
  3. Require all new accounts to be handled by someone else other than a teller since they have different duties
  4. Administer account creation on a rule based access control approach

Answer(s): C






Post your Comments and Discuss CompTIA RC0-501 exam with other Community members:

RC0-501 Discussions & Posts