• Home
  • Articles
  • [Q406-Q427] Excellent SY0-501 PDF Dumps With 100% ValidDumps Exam Passing Guaranted [Oct-2021]

[Q406-Q427] Excellent SY0-501 PDF Dumps With 100% ValidDumps Exam Passing Guaranted [Oct-2021]

Share

Excellent SY0-501 PDF Dumps With 100% ValidDumps Exam Passing Guaranted [Oct-2021]

100% Pass Your SY0-501 CompTIA Security+ Certification Exam at First Attempt with ValidDumps

NEW QUESTION 406
A security analyst is checking log files and finds the following entries:

Which of the following is MOST likely happening?

  • A. A server is experiencing a DoS, and the request is timing out.
  • B. A potential hacker could be banner grabbing to determine what architecture is being used.
  • C. The DNS is misconfigured for the server's IP address.
  • D. A hacker attempted to pivot using the web server interface.

Answer: D

 

NEW QUESTION 407
A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code.
Which of the following assessment techniques is BEST described in the analyst's report?

  • A. Baseline reporting
  • B. Whitebox testing
  • C. Architecture evaluation
  • D. Peer review

Answer: D

 

NEW QUESTION 408
Select the appropriate attack from each drop down list to label the corresponding illustrated attack.
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation:
1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.
2: The Hoax in this question is designed to make people believe that the fake AV (anti- virus) software is genuine.
3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.
4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
References: http://searchsecurity.techtarget.com/definition/spear-phishing http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html http://www.webopedia.com/TERM/P/pharming.html

 

NEW QUESTION 409
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?

  • A. EAP-TTLS
  • B. L2TP with MAC filtering
  • C. WPA2-CCMP with PSK
  • D. RADIUS federation
    :
    RADIUS generally includes 802.1X that pre-authenticates devices.

Answer: D

 

NEW QUESTION 410
An organization allows the use of open-source software as long as users perform a file integrity check on the executables and verify the file against hashes of known malware. A user downloads the following files from an open-source website:
After submitting the hashes to the malware registry, the user is alerted that 2f40 3221 33ad 8f34 1032 1adc 13ef 51a4 matches a known malware signature. The organization has been running all of the above software with no known issues. Which of the following actions should the user take and why?

  • A. Download and run only webserver_82.exe and opendatabase_44.exe and notify the organization's cybersecurity office. Legacy versions of the software have been compromised.
  • B. Download and run the software but notify the organization's cybersecurity office. The malware registry has a false positive since the software has been running without any issues.
  • C. Do not run webserver_82.exe and notify the organization's cybersecurity office. The software is malware.
  • D. Do not run any of the software and notify the organization's cybersecurity office. The open-source website has been compromised, and none of the software can be trusted.

Answer: C

 

NEW QUESTION 411
A security administrator receives an alert from a third-party vendor that indicates a certificate that was
installed in the browser has been hijacked at the root of a small public CA. The security administrator
knows there are at least four different browsers in use on more than a thousand computers in the domain
worldwide.
Which of the following solutions would be BEST for the security administrator to implement to most
efficiently assist with this issue?

  • A. CRL
  • B. PKI
  • C. SSL
  • D. ACL

Answer: A

 

NEW QUESTION 412
After deploying an antivirus solution on some network-isolated industrial computers, the service desk team received a trouble ticket about the following message being displayed on the computers' screens:
Your AV protection has blocked an unknown application while performing suspicious activities. The application was put in quarantine.
Which of the following would be the SAFEST next step to address the issue?

  • A. Centrally activate a full scan for the entire set of industrial computers, looking for new threats.
  • B. Immediately delete the detected file from the quarantine to secure the environment and clear the alert from the antivirus console.
  • C. Perform a manual antivirus signature update directly from the antivirus vendor's cloud.
  • D. Check the antivirus vendor's documentation about the security modules, incompatibilities, and software whitelisting.

Answer: D

 

NEW QUESTION 413
A security analyst observes the following events in the logs of an employee workstation:

Given the information provided, which of the following MOST likely occurred on the workstation?

  • A. Application whitelisting controls blocked an exploit payload from executing.
  • B. Antivirus software found and quarantined three malware files.
  • C. The SIEM log agent was not tuned properly and reported a false positive.
  • D. Automatic updates were initiated but failed because they had not been approved.

Answer: A

 

NEW QUESTION 414
A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network.
Which of the following security measures did the technician MOST likely implement to cause this Scenario?

  • A. Beacon interval was decreased
  • B. Implementation of MAC filtering
  • C. Deactivation of SSID broadcast
  • D. Activation of 802.1X with RADIUS
  • E. Reduction of WAP signal output power

Answer: C

 

NEW QUESTION 415
A global gaming console manufacturer is launching a new gaming platform to its customers.
Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

  • A. Manual software upgrades
  • B. Vulnerability scanning
  • C. Network segmentation
  • D. Firmware version control
  • E. Automatic updates
  • F. Application firewalls

Answer: D,E

 

NEW QUESTION 416
A security administrator is given the security and availability profiles for servers that are being deployed.
Match each RAID type with the correct configuration and MINIMUM number of drives.
Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions:
All drive definitions can be dragged as many times as necessary
Not all placeholders may be filled in the RAID configuration boxes
If parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Answer:

Explanation:

RAID-0 is known as striping. It is not a fault tolerant solution but does improve disk performance for read/write operations. Striping requires a minimum of two disks and does not use parity.
RAID-0 can be used where performance is required over fault tolerance, such as a media streaming server.
RAID-1 is known as mirroring because the same data is written to two disks so that the two disks have identical data. This is a fault tolerant solution that halves the storage space. A minimum of two disks are used in mirroring and does not use parity. RAID-1 can be used where fault tolerance is required over performance, such as on an authentication server. RAID-5 is a fault tolerant solution that uses parity and striping. A minimum of three disks are required for RAID-5 with one disk's worth of space being used for parity information. However, the parity information is distributed across all the disks. RAID-5 can recover from a sing disk failure.
RAID-6 is a fault tolerant solution that uses dual parity and striping. A minimum of four disks are required for RAID-6. Dual parity allows RAID-6 to recover from the simultaneous failure of up to two disks. Critical data should be stored on a RAID-6 system.
http://www.adaptec.com/en-us/solutions/raid_levels.html

 

NEW QUESTION 417
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements:
Allow authentication from within the United States anytime
Allow authentication if the user is accessing email or a shared file system Do not allow authentication if the AV program is two days out of date Do not allow authentication if the location of the device is in two specific countries Given the requirements, which of the following mobile deployment authentication types is being utilized?

  • A. Two-factor authentication
  • B. Context-aware authentication
  • C. Geofencing authentication
  • D. Biometric authentication

Answer: B

 

NEW QUESTION 418
A security engineer wants to be able to monitor and configure network devices remotely and securely Which of the following would be the BEST option for this objective?

  • A. AES
  • B. DNSSEC
  • C. SFTP
  • D. SNMPv3
  • E. S/MIME

Answer: D

 

NEW QUESTION 419
A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  • A. Database server was attacked, actions should be to capture network traffic and Chain of Custody.


    IDS Server Log:
    Web Server Log:

    Database Server Log:

    Users PC Log:
  • B. Database server was attacked, actions should be to capture network traffic and Chain of Custody.


    IDS Server Log:

    Web Server Log:


    Database Server Log:

    Users PC Log:

Answer: B

 

NEW QUESTION 420
A security analyst is reviewing the following output from an IPS:

Given this output, which of the following can be concluded? (Select TWO).

  • A. The source IP of the attack is coming from 250 19.18 71.
  • B. The attacker sent a malformed TCP packet, triggering the alert.
  • C. The source IP of the attack is coming from 250.19 18.22.
  • D. The TTL value is outside of the expected range, triggering the alert.
  • E. The attacker sent a malformed IGAP packet, triggering the alert.

Answer: D

 

NEW QUESTION 421
A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the company's mobile device management configuration would allow the company data to be removed from the device without touching the new hire's data?

  • A. Device access control
  • B. Storage lock out
  • C. Asset control
  • D. Storage segmentation

Answer: A

 

NEW QUESTION 422
A security analyst is checking log files and finds the following entries:

Which of the following is MOST likely happening?

  • A. A server is experiencing a DoS, and the request is timing out,
  • B. A potential hacker could be banner grabbing to determine what architecture is being used.
  • C. The DNS is misconfigured for the server's IP address.
  • D. A hacker attempted to pivot using the web server interface.

Answer: D

 

NEW QUESTION 423
Select the appropriate attack from each drop down list to label the corresponding illustrated attack.
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation

1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.
2: The Hoax in this question is designed to make people believe that the fake AV (anti- virus) software is genuine.
3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.
4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
References:
http://searchsecurity.techtarget.com/definition/spear-phishing
http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html
http://www.webopedia.com/TERM/P/pharming.html

 

NEW QUESTION 424
You have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:
The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a passphrase on the customer receipts.
In the Data Center you need to include authentication from the "something you know" category and take advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while maintaining three-factor authentication and retaining the more expensive controls.

Instructions: The original security controls for each office can be reset at any time by selecting the Reset button. Once you have met the above requirements for each office, select the Save button. When you have completed the entire simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.




Answer:

Explanation:
See the solution below.
Explanation
Solution as




 

NEW QUESTION 425
A technician, who is managing a secure B2B connection, noticed the connection broke last night. All networking equipment and media are functioning as expected, which leads the technician to technician use to validate this assumption? (Choose two.)

  • A. CRL
  • B. OCSP
  • C. PFX
  • D. CER
  • E. SCEP
  • F. PEM

Answer: A,B

 

NEW QUESTION 426
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation:
Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader Safe is a hardware/physical security measure Mantrap can be used to control access to sensitive areas. CCTV can be used as video surveillance.
Biometric reader can be used to control and prevent unauthorized access. Locking cabinets can be used to protect backup media, documentation and other physical artefacts.

 

NEW QUESTION 427
......

Trend for SY0-501 pdf dumps before actual exam: https://www.validdumps.top/SY0-501-exam-torrent.html

 

Related Articles

more
CompTIA SY0-501 Certification Practice Exam