sy0-501

  1. which of the following is an important step to take before moving any installation packages from a test environment to production
    roll back changes in the test environment
  2. management is looking for a solution to reduce the number of account lockouts the improve security, what is the best solution for organization
    implement SSO
  3. malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network based security controls should the engineer considered implementing?
    ACL's
  4. despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. what would help prevent these policy violations
    password expiration, and password history
  5. a user has attempted to access data at a higher classification level that the users account is currently authorized. Which of the following access control models has been applied to this users account?
    RBAC
  6. An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?
    RTO
  7. When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK?
    AES
  8. A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions the penetration tester is performing?
    URL hijacking
  9. Which of the following cryptographic attacks would salting of passwords render ineffective?
    Dictionary
  10. Ann's device has slow performance-word documents not opening-a pop up- 
    it started after she opened an invoice what is the likely infection.
    backdoor
  11. Which of the following types of keys is found in a key escrow?
    session
  12. Which of the following types of cloud infrastructures would allow several organizations with similar structures and interest to realize the benefits of shared storage and resources?
    community
  13. Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted area of the OS?
    Privilege escalation
  14. an incident responded relieves a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responded perform NEXT?
    use a remote desktop client to collect and analyze the malware in real time
  15. A security analyst is hardening a server with the directory services roles installed. The analyst must ensure LDAP traffic can be monitored or sniffed and maintains compatibility with LDAP clients. what do you need to implement these requirements.
    Install and configure an SSH tunnel on the LDAP server- Ensure port 636 is open between the clients and the servers using the communications.
  16. A systems administrator is attempting to recover from a catastrophic failure in the data center. To recover the domain controller the systems administrator needs to provide the domain administrator credentials. Which of the following account types is the systems administrator using.
    service account
  17. replacing a wireless router the old router was not documented before it stopped working.which of the following configuration options should the administrator select for the new wireless router
    WPA2-TKIP
  18. An attacker compromises a public CA and issues unautherized X.509 certificates for Comapny.com. in the future company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?
    Certificate pinning
  19. When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:
    end-of-life systems
  20. Which of the following would  a security specialist be able to determine upon examination of a servers certificate?
    OID
  21. application team is performing a load-balancing test for a critical application during off hours. they dont want to have to administrator on call.  The security analyst is hesitant to give application team full access what is the best solution for security analyst to process the request
    give the application team administrator access during off hours
  22. which of the following attacks specifically impact data availability
    DDoS
  23. A company has a data system with definitions for "private" and "public" the companys security policy outlines how data should be protected based on type. the company recently added the data type "proprietary". Which of the following is the MOST likely reason the company added this data type?
    more searchable data
  24. As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the BEST way to do this?
    use a vulnerability scanner
  25. In a corporation where compute utilization spikes several times a year, the Chief Information Officer (CIO) has requested a cost effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested?
    elasticity
  26. A security analyst is diagnosing an incident in which a system was compromised from an IP address. The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?
    netstat
  27. An organization wishes to provide better security for its name resources services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?
    TLS
  28. A database backup schedule consists of weekly full backups performed on Saturday at 12:00am. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery?
    2
  29. Which of the Following security controls does an iris scanner provide?
    Physical
  30. Which of the following implements two-factor authentication?
    at ATM requiring a credit card and PIN
  31. An auditor wants to test the security posture of an organization by running a tool that will display the following:

    JIMS <00> UNIQUE Registered
    WORKGROUP <00> GROUP Registered
    JIMS <00> UNIQUE Registered
    nbtstat
  32. A botnet has hit a popular website with a massive number GRE-encapsulated packets to perform a DDoS attack. News outlets discovered a certain type of refrigerator was exploited and used to send outbound packets to the to the website that crashed. To which of the following categories does the refrigerator belong.
    IoT
  33. A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts, For which of the following is the company hiring the consulting firm?
    penetration testing
  34. Which of the following BEST describes an important security advantage yielded by implementing vendor diversity?
    Resiliency
  35. A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee?
    Have the employee sign an NDA before departing
  36. A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk is this situation?
    SNMP data leaving the printer will not be properly encrypted
  37. Attacker gains confidential company information ceo board members -SPEAR PHISHING

    Attacker post link to fake AV software broad set of victims- HOAX

    Attacker collecting credit card details by phone- VISHING

    Attacker mass-mails product information to parties that have already opted out of receiving advertisement. broad set of recipients-PHISHING

    Attacker redirects name resolution entries from legitimate site to fraudulent site.- PHARMING
  38. when tring to log onto a companys new ticketing system, some employees recieve the following message: Access denied: too many concurrent sessions. The ticketing system ws recently installed on a small VM with only the recommended hardware specifications. Which of the follwoing is the MOST likely cause for this error message?
    the VM does not have enough processing power
  39. Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the internet?
    the recipient can verify integrity of the software patch
  40. joe downloads a third party app his colleges can not find to download - Which of the following allowed joe to install the app?
    near-field communicatio, and rooting/jailbreaking
  41. Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JaveScript code via a web browser?
    XSS
  42. Which of the following characteristics differentiate a rainbow table attack from a brute force attack?
    Rainbow tables must include precomputed hashes- and Rainbow table attacks bypass maximum failed login restrictions
  43. two users need to send each other emails over unsecured channels. The systmes should support the principle of non-repudiation. Which of the following should be used to sign the users certificates?
    CA
  44. Which of the following encryption methods does PKI typically use to securely project keys?
    digital dignatures
  45. A user clicked an email link that led to a website that infected the workstation with a virus. the virus encrypted all the network shares that the user had access too. which of the following describes what occurred?
    the users account was over privileged
  46. which of the following threat actors is MOST likely to steal a company proprietary information to gain a market edge and reduce time to market?
    competitor
  47. A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?
    an air gapped computer network
  48. department head resigned on the first day of spring semester-and also deleted numerous files and directories from the server based home directory while campus was closed. Which of the following policies could have prevented this from occurring?
    account expiration
  49. company has 3 divisions and wants to make its secure web portal accessible to all employees utilizing their existing usernames and passwords- Administrator wants to use SAML-what will happen when the users try to authenticate to the portal?
    the portal will function as a service provider and request an authentication assertion, and the portal will function as an identity provider and issue an authentication assertion
  50. which of the following network vulnerability scan indicators BEST validates a successful, active scan?
    the scan results identify the hostname and IP address
  51. Security engineer is configuring a system that requires the X.509 certificate information to be passed into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer to obtain the information in the required format?
    PEM
  52. a senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?
    Botnet
  53. to secure an FTP server while using the same port and protocol what would best accomplish this
    use explicit FTPS for connections
  54. a company wants to host a publicity available server that performs the following functions.

    -evaluates MX record lookup
    -can perform authenticated request for A and AAA records
    -uses RRSIG

    which of the following should the company use to fulfill the above requirements?
    LDAPS
  55. Which of the following technologies emply the use of SAML
    Single sign-on, and federation
  56. security administrator developing controls for creating audit trails and tracking if a PHI data breach. 
    -All access must be correlated to a user account
    -All user accounts must be assigned to a single individual
    -user access to the PHI data must be recorded
    -Anomalies in PHI data access must be reported
    -Logs and records cannot be deleted or modified

    what to implement to meet the requirements?
    • -Eliminate shared accounts 
    • -Implement usage auditing and review
    • -perform regular permission audits and reviews
  57. what is the specs of a company managed smart phone, and a data center terminal server
    • Company Managed Smart Phone- 
    • -screen lock-strong password-device encryption-remote wipe-GPS tracking-Pop-up blocker

    • Data Center Terminal Server-
    • -cable locks- antivirus-host based firewall-proximity reader-sniffer-mantrap-
  58. An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?
    WPA2
  59. An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?
    false positive
  60. A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead the company decides to purchase insurance to cover the cost of any potential loss. Which of the following is the company doing?
    transferring the risk
  61. A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe?
    deterrent
  62. A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is a mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommended and configure?
    LDAP services
  63. Which of the following best describes routine in which semicolons, dashes, quotes, and commas are removed from a string?
    input validation to protect against SQL injection
  64. help desk notices a user repeatedly locked out over the course of a workweek. after contacting the user help desk discovers user is on vacation. what is MOST likely occurring?
    Pass the hast, and Dictionary
  65. When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?
    administrator
  66. Which of the following can be provided to an AAA system for the identification phase?
    Username
  67. A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees?
    WPS
  68. Multiple organizations operating in the same vertical wants to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile device?
    RADIUS federation
  69. a user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. 
    What should be the NEXT step if there is an unauthorized user on the network.
    dent the "unknown" host because the host name is not known and MAC filtering is not applied to this host
  70. A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?
    VPN
  71. multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices with it is opened.
    recovery
  72. when performing data acquisition on a workstation, which of the following should be captured based on memory volatility?
    USB- attached hard disk, and ROM
  73. a company using a mobile device deployment model in which employees use their personal devices for work at their own discretion. ..... which of the following is a deployment model that would help the company overcome these problems?
    CYOD
  74. Users report the following message appears when browsing to the company's secure sit: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages?
    Verify the certificate has not expired on the server, and Update the root certificate into the client computer certificate store
Author
tffnyhghs
ID
347308
Card Set
sy0-501
Description
sy0-501
Updated