SY0 501

Question 1

To determine the ALE of a particular risk, which of the following must be calculated? (Select TWO).

Answer 1

A. ARO 
B. ROI 
C. RPO 
D. SLE 
E. RTO
Correct Answer: AD

Question 2

QUESTION 2
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?

Answer 2

A. Put the desktops in the DMZ.
B. Create a separate VLAN for the desktops.
C. Air gap the desktops.
D. Join the desktops to an ad-hoc network.
Correct Answer: C

Question 3

QUESTION 3
After attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks. Which of the following would BEST assist the analyst in making this determination?

Answer 3

A. tracert
B. Fuzzer C. nslookup D. Nmap
E. netcat
Correct Answer: B

Question 4

QUESTION 4
A technician receives a device with the following anomalies:

Frequent pop-up ads
Show response-time switching between active programs Unresponsive peripherals
The technician reviews the following log file entries:
File Name Source MD5 Status
antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe 7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F 77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped
Target MD5
Based on the above output, which of the following should be reviewed?

Answer 4

A. The web application firewall
B. The file integrity check
C. The data execution prevention
D. The removable media control
Correct Answer: B

Question 5

QUESTION 5

An active/passive configuration has an impact on:

Answer 5

A. confidentiality B. integrity
C. availability
D. non-repudiation
Correct Answer: C

Question 6

QUESTION 6
Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A’s domain infrastructure. Which of the following methods would allow the two companies to access one another’s resources?

Answer 6

A. Attestation
B. Federation
C. Single sign-on

D. Kerberos
Correct Answer: B

Question 7

QUESTION 7

A procedure differs from a policy in that it:

Answer 7

A. is a high-level statement regarding the company’s position on a topic.
B. sets a minimum expected baseline of behavior.
C. provides step-by-step instructions for performing a task.
D. describes adverse actions when violations occur.
Correct Answer: C

Question 8

QUESTION 8
A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?

Answer 8

A. Phishing
B. Man-in-the-middle
C. Tailgating
D. Watering hole
E. Shoulder surfing
Correct Answer: C

Question 9

QUESTION 9

Which of the following encryption methods does PKI typically use to securely protect keys?

Answer 9

A. Elliptic curve
B. Digital signatures
C. Asymmetric
D. Obfuscation
Correct Answer: C

Question 10

QUESTION 10
A department head at a university resigned on the first day of spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this form occurring?

Answer 10

A. Time-of-day restrictions
B. Permissions auditing and review
C. Offboarding
D. Account expiration
Correct Answer: C

Question 11

QUESTION 11
An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. the Chief Information Security Officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. Which of the following is a security benefit of implementing an imaging solution?

Answer 11

A. it allows for faster deployment
B. it provides a consistent baseline
C. It reduces the number of vulnerabilities
D. It decreases the boot time
Correct Answer: B

Question 12

QUESTION 12
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?

Answer 12

A. Botnet
B. Ransomware
C. Polymorphic malware D. Armored virus
Correct Answer: A

Question 13

QUESTION 13
An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement?

Answer 13

A. Tunnel mode
B. Transport mode
C. AH-only mode
D. ESP-only mode
Correct Answer: A

Question 14

QUESTION 14
A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?

Answer 14

A. Setting up a TACACS+ server
B. Configuring federation between authentication servers
C. Enabling TOTP
D. Deploying certificates to endpoint devices
Correct Answer: D

Question 15

QUESTION 15
Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability?

Answer 15

A. Install an antivirus definition patch
B. Educate the workstation users
C. Leverage server isolation
D. Install a vendor-supplied patch
E. Install an intrusion detection system
Correct Answer: D

Question 16

QUESTION 16
A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an unauthorized user is logging into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network:
Hostname IP Address MAC MAC Filter DadPC 192.168.1.15 00:1D:1A:44:17:B5 On
MomPC 192.168.1.15 21:13:D6:C5:42:A2 Off

JuniorPC 192.168.2.16 42:A7:D1:25:11:52 On Unknown 192.168.1.18 10:B3:22:1A:FF:21 Off
Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?

Answer 16

A. Apply MAC filtering and see if the router drops any of the systems
B. Physically check each of the authorized systems to determine if they are logged onto the network
C. Deny the “unknown” host because the hostname is not known and MAC filtering is not applied to this host
D. Conduct a ping sweep of each of the authorized systems and see if an echo response is received
Correct Answer: A

Question 17

QUESTION 17

The POODLE attack is an MITM exploit that affects:

Answer 17

A. TLS1.0 with CBC mode cipher
B. SSLv2.0 with CBC mode cipher
C. SSLv3.0 with CBC mode cipher
D. SSLv3.0 with ECB mode cipher
Correct Answer: C

Question 18

QUESTION 18
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users’ email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO)

Answer 18

A. Disable the compromised accounts
B. Update WAF rules to block social networks
C. Remove the compromised accounts with all AD groups
D. Change the compromised accounts’ passwords
E. Disable the open relay on the email server
F. Enable sender policy framework
Correct Answer: EF

Question 19

QUESTION 19
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)

Answer 19

A. Public key
B. Shared key
C. Elliptic curve
D. MD5
E. Private key
F. DES
Correct Answer: AE

Question 20

QUESTION 20

Which of the following allows an auditor to test proprietary-software compiled code for security flaws?

Answer 20

A. Fuzzing
B. Static review
C. Code signing
D. Regression testing
Correct Answer: A

Question 21

QUESTION 21

Which of the following s the BEST reason to run an untested application is a sandbox?

Answer 21

A. To allow the application to take full advantage of the host system’s resources and storage
B. To utilize the host systems antivirus and firewall applications instead of running it own protection
C. To prevent the application from acquiring escalated privileges and accessing its host system
D. To increase application processing speed so the host system can perform real-time logging
Correct Answer: C

Question 22

QUESTION 22
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select THREE)

Answer 22

A. S/MIME B. SSH
C. SNMPv3 D. FTPS
E. SRTP F. HTTPS G. LDAPS
Correct Answer: BDF

Question 23

QUESTION 23
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?

Answer 23

A. Mission-essential function
B. Single point of failure
C. backup and restoration plans
D. Identification of critical systems
Correct Answer: A

Question 24

QUESTION 24
Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?

Answer 24

A. Ransomware B. Rootkit
C. Backdoor
D. Keylogger
Correct Answer: D

Question 25

QUESTION 25
A security analyst is attempting to identify vulnerabilities in a customer’s web application without impacting the system or its data. Which of the following BEST describes the vulnerability scanning concept performed?

Answer 25

A. Aggressive scan
B. Passive scan
C. Non-credentialed scan
D. Compliance scan

Question 26

QUESTION 26
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?

Answer 26

A. L2TP with MAC filtering
B. EAP-TTLS
C. WPA2-CCMP with PSK
D. RADIUS federation
Correct Answer: D

Question 27

QUESTION 27
A user receives an email from ISP indicating malicious traffic coming from the user’s home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening?

Answer 27

A. The camera system is infected with a bot.
B. The camera system is infected with a RAT.
C. The camera system is infected with a Trojan.
D. The camera system is infected with a backdoor.
Correct Answer: A

Question 28

QUESTION 28
A company has developed a business critical system for its core automation process with a software vendor. Which of the following can provide access to the source code if the licensor declares bankruptcy?

Answer 28

QUESTION 28
A company has developed a business critical system for its core automation process with a software vendor. Which of the following can provide access to the source code if the licensor declares bankruptcy?

Question 29

QUESTION 29
An administrator is configuring a wireless network. Security policy states that deprecated cryptography should not be used when there is an alternative choice. Which of the following should the administrator use for the wireless network’s cryptographic protocol?

Answer 29

A. MD5
B. RC4
C. TKIP
D. CCMP
E. Diffie-Hellman
Correct Answer: D

Question 30

QUESTION 30
A security analyst is securing a PACS. One of the requirements is network isolation with no access to the Internet or networked computers. Given this scenario, which of the following should the analyst implement to BEST address this requirement?

Answer 30

A. Set up a firewall rule blocking ports 80 and 443.
B. Set up an air-gapped environment.
C. Set up a router and configure an ACL.
D. Set up a segmented VLAN.
Correct Answer: B

Question 31

QUESTION 31

Which of the following are the primary differences between an incremental and differential backup? (Select TWO).

Answer 31

A. Incremental backups take more time to complete.
B. Incremental backups take less time to complete.
C. Differential backups only back up files since the last full backup.
D. Differential backups use less disk space on the storage drive.
E. Incremental backups are less secure than differential backups.
F. Differential backups are faster than incremental backups.
Correct Answer: BC

Question 32

QUESTION 32

When developing an application, executing a preconfigured set of instructions is known as:

Answer 32

B. code signing.
C. a stored procedure.
D. infrastructure as code.

Question 33

QUESTION 33
A group of developers is collaborating to write software for a company. The developers need to work in subgroups and restrict access to their modules. Which of the following access control methods is considered user-centric?

Answer 33

A. Role-based B. Mandatory C. Rule-based D. Discretionary

Correct Answer: D