2022 Valid SY0-501 Real Exam Questions (Updated) 100% Dumps & Practice Exam
[UPDATED 2022] CompTIA SY0-501 Questions Prepare with Free Demo of PDF
NEW QUESTION 247
A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST:
- A. preserve the data.
- B. maintain the chain of custody.
- C. obtain a legal hold.
- D. recover data at a later time.
Answer: A
NEW QUESTION 248
Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe
demonstrates a free movie application that he installed from a third party on his corporate smartphone.
Joe's colleagues were unable to find the application in the app stores. Which of the following allowed Joe
to install the application? (Select two.)
- A. Ad-hoc connections
- B. Rooting/jailbreaking
- C. Near-field communication.
- D. Sideloading
- E. Tethering
Answer: B,D
NEW QUESTION 249
A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic.
Which of the following should be used for the IDS implementation?
- A. Port mirror
- B. Aggregation
- C. Honeypot
- D. Network tap
Answer: D
NEW QUESTION 250
A technician, who is managing a secure B2B connection, noticed the connection broke last night. All networking equipment and media are functioning as expected, which leads the technician to Question: 280 PKI components. Which of the following should the technician use to validate this assumption? (Choose two.)
- A. CER
- B. OCSP
- C. SCEP
- D. CRL
- E. PEM
- F. PFX
Answer: B,D
NEW QUESTION 251
An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1) Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
Explanation
NEW QUESTION 252
When considering a third-party cloud service provider, which of the following criteria would be the BEST to
include in the security assessment process? (Select two.)
- A. Size of the corporation
- B. Use of performance analytics
- C. Breadth of applications support
- D. Adherence to regulatory compliance
- E. Data retention policies
Answer: D,E
NEW QUESTION 253
An auditor is reviewing the following output from a password-cracking tool:
User:1: Password1
User2: Recovery!
User3: Alaskan10
User4: 4Private
User5: PerForMance2
Which of the following methods did the author MOST likely use?
- A. Dictionary
- B. Hybrid
- C. Brute force
- D. Rainbow table
Answer: B
NEW QUESTION 254
An application team is performing a load-balancing test for a critical application during off- hours and has requested access to the load balancer to review. Which servers are up without having the administrator on call. The security analyst is hesitant to give the application team full access due to other critical applications running on the road balancer.
Which of the following is the BEST solution for the security analyst to process the request?
- A. Share the account with the application team
- B. Give the application team administrator access during off hours
- C. Disable other critical applications before granting the team access.
- D. Give the application team read-only access
Answer: B
NEW QUESTION 255
Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform?
- A. Fault tolerance
- B. Continuous monitoring
- C. Non-persistent configuration
- D. Firmware updates
Answer: C
Explanation:
NEW QUESTION 256
Task: Configure the firewall (fill out the table) to allow these four rules:
Only allow the Accounting computer to have HTTPS access to the Administrative server.
Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2
Answer:
Explanation:
Use the following answer for this simulation task. Below table has all the answers required for this question.
Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network.
Three possible actions can be taken based on the rule's criteria: Block the connection Allow the connection Allow the connection only if it is secured TCP is responsible for providing a reliable, one-to-one, connection-oriented session. TCP establishes a connection and ensures that the other end receives any packets sent.
Two hosts communicate packet results with each other.
TCP also ensures that packets are decoded and sequenced properly.
This connection is persistent during the session.
When the session ends, the connection is torn down.
UDP provides an unreliable connectionless communication method between hosts.
UDP is considered a best-effort protocol, but it's considerably faster than TCP.
The sessions don't establish a synchronized session like the kind used in TCP, and UDP doesn't guarantee error-free communications.
The primary purpose of UDP is to send small packets of information.
The application is responsible for acknowledging the correct reception of the dat a.
Port 22 is used by both SSH and SCP with UDP.
Port 443 is used for secure web connections?
HTTPS and is a TCP port.
Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication between 10.4.255.10/24 (Accounting) and 10.4.255.101 (Administrative server1) Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2 (server2) Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication between: 10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1) 10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2)
NEW QUESTION 257
A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST?
- A. Export the Internet history.
- B. Back up the pictures directory for further inspection.
- C. Create a hash of the hard drive.
- D. Save a copy of the case number and date as a text file in the root directory.
Answer: C
NEW QUESTION 258
A staff member contacts the help desk because the staff member's device is currently experiencing the following symptoms:
- Long delays when launching applications
- Timeout errors when loading some websites
- Errors when attempting to open local Word documents and photo files
- Pop-up messages in the task bar stating that antivirus is out-of-date
- VPN connection that keeps timing out, causing the device to lose
connectivity
Which of the following BEST describes the root cause of these symptoms?
- A. A patch has been incorrectly applied to the device and is causing issues with the wireless adapter on the device.
- B. The user has disabled the antivirus software on the device, and the hostchecker for the VPN is preventing access.
- C. The device is infected with crypto-malware, and the files on the device are being encrypted.
- D. The proxy server for accessing websites has a rootkit installed, and this is causing connectivity issues.
Answer: C
NEW QUESTION 259
A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures?
- A. Recovery procedures
- B. Escalation procedures
- C. Lessons learned
- D. Table top exercises
Answer: D
NEW QUESTION 260
A security professional wants to test a piece of malware that was isolated on a user's computer to document its effect on a system. Which of the following is the FIRST step the security professional should take?
- A. Harden the machine.
- B. Open the file and run it.
- C. Create a sandbox on the machine.
- D. Create a secure baseline of the system state.
Answer: D
NEW QUESTION 261
An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP.
Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?
- A. Increase application event logging
- B. Implement transport layer security
- C. Use a honeypot
- D. Disable unnecessary services
Answer: D
NEW QUESTION 262
Which of the following serves to warn users against downloading and installing pirated software on company devices?
- A. AUP
- B. ISA
- C. NDA
- D. BPA
Answer: A
NEW QUESTION 263
A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
- A. Kerberos services
- B. NTLM services
- C. CHAP services
- D. LDAP services
Answer: A
Explanation:
Only Kerberos that can do Mutual Auth and Delegation.
NEW QUESTION 264
A system's administrator has finished configuring firewall ACL to allow access to a new web server.
The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server:
The company's internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?
- A. Implicit deny
- B. Misconfigured firewall
- C. Default configuration
- D. Clear text credentials
Answer: D
NEW QUESTION 265
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.
Answer:
Explanation:
Explanation
Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader Safe is a hardware/physical security measure Mantrap can be used to control access to sensitive areas. CCTV can be used as video surveillance.
Biometric reader can be used to control and prevent unauthorized access. Locking cabinets can be used to protect backup media, documentation and other physical artifacts.
NEW QUESTION 266
A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information:
There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Choose two.)
- A. Start using salts to generate MD5 password hashes
- B. Require the web server to only use TLS 1.2 encryption
- C. Limit users to five attempted logons before they are locked out
- D. Generate password hashes using SHA-256
- E. Force users to change passwords the next time they log on
Answer: A,E
NEW QUESTION 267
......
SY0-501 Deluxe Study Guide with Online Test Engine: https://www.pass4leader.com/CompTIA/SY0-501-exam.html
NEW 2022 Certification Sample Questions SY0-501 Dumps & Practice Exam: https://drive.google.com/open?id=1thRxBIGc9bUS-oI0Cp90v14eNVqqnWc1