• Home
  • Articles
  • Verified SY0-501 Exam Dumps Q&As - Provide SY0-501 with Correct Answers [Q74-Q99]

Verified SY0-501 Exam Dumps Q&As - Provide SY0-501 with Correct Answers [Q74-Q99]

Share

Verified SY0-501 Exam Dumps Q&As - Provide SY0-501 with Correct Answers

Pass Your SY0-501 Dumps Free Latest CompTIA Practice Tests

NEW QUESTION 74
DRAG DROP
A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

Answer:

Explanation:

Explanation:
When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts.
Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 453

 

NEW QUESTION 75
Ann, a customer, is reporting that several important files are missing from her workstation. She recently
received communication from an unknown party who is requesting funds to restore the files. Which of the
following attacks has occurred?

  • A. Keylogger
  • B. Rootkit
  • C. Ransomware
  • D. Buffer overflow

Answer: C

 

NEW QUESTION 76
A company wants to host a publicly available server that performs the following functions:
* Evaluates MX record lookup
* Can perform authenticated requests for A and AAA records
* Uses RRSIG
Which of the following should the company use to fulfill the above requirements?

  • A. nslookup
  • B. SFTP
  • C. DNSSEC
  • D. dig

Answer: A

 

NEW QUESTION 77
A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

Answer:

Explanation:

Explanation

 

NEW QUESTION 78
An administrator is configuring access to information located on a network file server named "Bowman".
The files are located in a folder named "BalkFiles". The files are only for use by the "Matthews" division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files.
The administrator configures the file share according to the following table:

Which of the following rows has been misconfigured?

  • A. Row 5
  • B. Row 3
  • C. Row 2
  • D. Row 1
  • E. Row 4

Answer: E

 

NEW QUESTION 79
Ann, an employee in the payroll department, has contacted the help desk citing multiple issues with her device, including:
* Slow performance
* Word documents, PDFs, and images no longer opening
* A pop-up
Ann states the issues began after she opened an invoice that a vendor emailed to her.
Upon opening the invoice, she had to click several security warnings to view it in her word processor.
With which of the following is the device MOST likely infected?

  • A. Backdoor
  • B. Crypto-malware
  • C. Rootkit

Answer: A

 

NEW QUESTION 80
A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
* WAP
* DHCP Server
* AAA Server
* Wireless Controller
* LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 81
A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server:

Which of the following did the security administrator discover?

  • A. Trojan
  • B. Logic bomb
  • C. Backdoor
  • D. Ransomeware

Answer: B

 

NEW QUESTION 82
An organization wants to deliver streaming audio and video from its home office to remote locations all over the world. It wants the stream to be delivered securely and protected from intercept and replay attacks. Which of the following protocols is BEST suited for this purpose?

  • A. SSH
  • B. SIP
  • C. SRTP
  • D. S/MIME

Answer: C

 

NEW QUESTION 83
An attacker has gained control of several systems on the Internet and is using them to attach a website, causing it to stop responding to legitimate traffic Which of the following BEST describes the attack?

  • A. DDoS
  • B. DNS poisoning
  • C. MITM
  • D. Buffer overflow

Answer: A

 

NEW QUESTION 84
While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

  • A. Conduct a ping sweep.
  • B. Physically check each system.
  • C. Deny Internet access to the "UNKNOWN" hostname.
  • D. Apply MAC filtering.

Answer: A

 

NEW QUESTION 85
A company is deploying smartphones for its mobile salesforce. These devices are for personal and
business use but are owned by the company. Sales personnel will save new customer data via a custom
application developed for the company. This application will integrate with the contact information stored in
the smartphones and will populate new customer records onto it.
The customer application's data is encrypted at rest, and the application's connection to the back office
system is considered secure. The Chief Information Security Officer (CISO) has concerns that customer
contact information may be accidentally leaked due to the limited security capabilities of the devices and
the planned controls.
Which of the following will be the MOST efficient security control to implement to lower this risk?

  • A. Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact
    information.
  • B. Require complex passwords for authentication when accessing the contact information.
  • C. Restrict contact information storage dataflow so it is only shared with the customer application.
  • D. Restrict screen capture features on the devices when using the custom application and the contact
    information.

Answer: C

 

NEW QUESTION 86
After a merger between two companies a security analyst has been asked to ensure that the organization's
systems are secured against infiltration by any former employees that were terminated during the
transition.
Which of the following actions are MOST appropriate to harden applications against infiltration by former
employees? (Select TWO)

  • A. Increase password complexity requirements
  • B. Monitor VPN client access
  • C. Review and address invalid login attempts
  • D. Assess and eliminate inactive accounts
  • E. Reduce failed login out settings
  • F. Develop and implement updated access control policies

Answer: D,F

 

NEW QUESTION 87
An organization is looking to build its second head ofce in another city. which has a history of ooding with an average of two oods every 'I00 years. The estimated building cost is $1 million. and the estimated damage due to flooding is half of the buildings cost. Given this information, which of the following is the SLE?'

  • A. $500,000
  • B. $200000
  • C. $1.000000
  • D. $50,000

Answer: A

 

NEW QUESTION 88
A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a document on the desktop has disappeared and in its place is an odd filename with no icon image. When clicking on this icon, the user receives a system notification that it cannot find the correct program to use to open this file. Which of the following types of malware has MOST likely targeted this workstation?

  • A. Remote-access Trojan
  • B. Rootkit
  • C. Ransomware
  • D. Spyware

Answer: C

 

NEW QUESTION 89
Attackers have been using revoked certificates for MITM attacks to steal credentials from employees of Company.com.
Which of the following options should Company.com implement to mitigate these attacks?

  • A. Captive portal
  • B. Key escrow
  • C. OCSP stapling
  • D. Extended validation certificate
  • E. Object identifiers

Answer: C

 

NEW QUESTION 90
Which of the following attacks specifically impact data availability?

  • A. Trojan
  • B. DDoS
  • C. Rootkit
  • D. MITM

Answer: B

 

NEW QUESTION 91
An application developer has neglected to include input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code, to an application will allow the execution of the custom code at the administrator level. Which of the following BEST identifies this application attack?

  • A. Clickjacking
  • B. Cross-site scripting
  • C. Buffer overflow
  • D. Replay

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 92
A penetration tester has been hired to scan a company's network for potentially active hosts. The company's IPS system blocks the ICMP echo reply and echo request packets. Which of the following can be used to scan the network?

  • A. Ping
  • B. IPSec
  • C. OSPF
  • D. ARP

Answer: D

 

NEW QUESTION 93
When accessing a popular website, a user receives a warning that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users. Which of the following is the MOST likely cause for this?

  • A. The system date on the user's device is out of sync.
  • B. The user needs to restart the machine.
  • C. The certificate was deleted from the local cache.
  • D. The certificate Is corrupted on the server.

Answer: A

 

NEW QUESTION 94
A Chief Information Security Officer (CISO) has tasked a security analyst with assessing the security posture of an organization and which internal factors would contribute to a security compromise. The analyst performs a walk-through of the organization and discovers there are multiple instances of unlabeled optical media on office desks. Employees in the vicinity either do not claim ownership or disavow any knowledge concerning who owns the media. Which of the following is the MOST immediate action to be taken?

  • A. Confiscate the media, insert it into a computer, find out what is on the disc, and then label it and return it to where it was found.
  • B. Confiscate the media and wait for the owner to claim it. If it is not claimed within one month, shred it.
  • C. Confiscate the media, insert it into a computer, make a copy of the disc, and then return the original to where it was found.
  • D. Confiscate the media and dispose of it in a secure manner as per company policy.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 95
A high-security defense installation recently began utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe?

  • A. Preventive
  • B. Compensating
  • C. Detective

Answer: B

 

NEW QUESTION 96
A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host.

Which of the following is preventing the remote user from being able to access the workstation?

  • A. Network latency is causing remote desktop service request to time out
  • B. Lack of network time synchronization is causing authentication mismatches
  • C. User1 has been locked out due to too many failed passwords
  • D. The workstation host firewall is not allowing remote desktop connections
  • E. The workstation has been compromised and is accessing known malware sites

Answer: C

 

NEW QUESTION 97
A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a:

  • A. Credentialed scan.
  • B. Passive scan.
  • C. Privilege escalation test.
  • D. Non-intrusive scan.

Answer: A

 

NEW QUESTION 98
Which of the following attacks can be mitigated by proper data retention policies?

  • A. Watering hole
  • B. Dumpster diving
  • C. Spear phishing
  • D. Man-in-the-browser

Answer: B

 

NEW QUESTION 99
......

Get Top-Rated CompTIA SY0-501 Exam Dumps Now: https://www.validdumps.top/SY0-501-exam-torrent.html

Related Articles

more
CompTIA SY0-501 Certification Practice Exam