SY0 501 Flashcards
To determine the ALE of a particular risk, which of the following must be calculated? (Select TWO).
A. ARO B. ROI C. RPO D. SLE E. RTO Correct Answer: AD
QUESTION 2
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?
A. Put the desktops in the DMZ.
B. Create a separate VLAN for the desktops.
C. Air gap the desktops.
D. Join the desktops to an ad-hoc network.
Correct Answer: C
QUESTION 3
After attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks. Which of the following would BEST assist the analyst in making this determination?
A. tracert
B. Fuzzer C. nslookup D. Nmap
E. netcat
Correct Answer: B
QUESTION 4
A technician receives a device with the following anomalies:
Frequent pop-up ads
Show response-time switching between active programs Unresponsive peripherals
The technician reviews the following log file entries:
File Name Source MD5 Status
antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe 7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F 77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped
Target MD5
Based on the above output, which of the following should be reviewed?
A. The web application firewall B. The file integrity check C. The data execution prevention D. The removable media control Correct Answer: B
QUESTION 5
An active/passive configuration has an impact on:
A. confidentiality B. integrity
C. availability
D. non-repudiation
Correct Answer: C
QUESTION 6
Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A’s domain infrastructure. Which of the following methods would allow the two companies to access one another’s resources?
A. Attestation
B. Federation
C. Single sign-on
D. Kerberos
Correct Answer: B
QUESTION 7
A procedure differs from a policy in that it:
A. is a high-level statement regarding the company’s position on a topic.
B. sets a minimum expected baseline of behavior.
C. provides step-by-step instructions for performing a task.
D. describes adverse actions when violations occur.
Correct Answer: C
QUESTION 8
A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?
A. Phishing B. Man-in-the-middle C. Tailgating D. Watering hole E. Shoulder surfing Correct Answer: C
QUESTION 9
Which of the following encryption methods does PKI typically use to securely protect keys?
A. Elliptic curve B. Digital signatures C. Asymmetric D. Obfuscation Correct Answer: C
QUESTION 10
A department head at a university resigned on the first day of spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this form occurring?
A. Time-of-day restrictions B. Permissions auditing and review C. Offboarding D. Account expiration Correct Answer: C
QUESTION 11
An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. the Chief Information Security Officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. Which of the following is a security benefit of implementing an imaging solution?
A. it allows for faster deployment B. it provides a consistent baseline C. It reduces the number of vulnerabilities D. It decreases the boot time Correct Answer: B
QUESTION 12
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?
A. Botnet
B. Ransomware
C. Polymorphic malware D. Armored virus
Correct Answer: A
QUESTION 13
An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement?
A. Tunnel mode B. Transport mode C. AH-only mode D. ESP-only mode Correct Answer: A
QUESTION 14
A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?
A. Setting up a TACACS+ server
B. Configuring federation between authentication servers
C. Enabling TOTP
D. Deploying certificates to endpoint devices
Correct Answer: D
QUESTION 15
Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability?
A. Install an antivirus definition patch B. Educate the workstation users C. Leverage server isolation D. Install a vendor-supplied patch E. Install an intrusion detection system Correct Answer: D
QUESTION 16
A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an unauthorized user is logging into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network:
Hostname IP Address MAC MAC Filter DadPC 192.168.1.15 00:1D:1A:44:17:B5 On
MomPC 192.168.1.15 21:13:D6:C5:42:A2 Off
JuniorPC 192.168.2.16 42:A7:D1:25:11:52 On Unknown 192.168.1.18 10:B3:22:1A:FF:21 Off
Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?
A. Apply MAC filtering and see if the router drops any of the systems
B. Physically check each of the authorized systems to determine if they are logged onto the network
C. Deny the “unknown” host because the hostname is not known and MAC filtering is not applied to this host
D. Conduct a ping sweep of each of the authorized systems and see if an echo response is received
Correct Answer: A
QUESTION 17
The POODLE attack is an MITM exploit that affects:
A. TLS1.0 with CBC mode cipher B. SSLv2.0 with CBC mode cipher C. SSLv3.0 with CBC mode cipher D. SSLv3.0 with ECB mode cipher Correct Answer: C
QUESTION 18
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users’ email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO)
A. Disable the compromised accounts
B. Update WAF rules to block social networks
C. Remove the compromised accounts with all AD groups
D. Change the compromised accounts’ passwords
E. Disable the open relay on the email server
F. Enable sender policy framework
Correct Answer: EF
QUESTION 19
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)
A. Public key B. Shared key C. Elliptic curve D. MD5 E. Private key F. DES Correct Answer: AE
QUESTION 20
Which of the following allows an auditor to test proprietary-software compiled code for security flaws?
A. Fuzzing B. Static review C. Code signing D. Regression testing Correct Answer: A
QUESTION 21
Which of the following s the BEST reason to run an untested application is a sandbox?
A. To allow the application to take full advantage of the host system’s resources and storage
B. To utilize the host systems antivirus and firewall applications instead of running it own protection
C. To prevent the application from acquiring escalated privileges and accessing its host system
D. To increase application processing speed so the host system can perform real-time logging
Correct Answer: C
QUESTION 22
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select THREE)
A. S/MIME B. SSH
C. SNMPv3 D. FTPS
E. SRTP F. HTTPS G. LDAPS
Correct Answer: BDF
QUESTION 23
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?
A. Mission-essential function B. Single point of failure C. backup and restoration plans D. Identification of critical systems Correct Answer: A
QUESTION 24
Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?
A. Ransomware B. Rootkit
C. Backdoor
D. Keylogger
Correct Answer: D
