SY0-501 Exam Questions

A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking around the building. The guard also noticed strange white markings...

A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator during the IKE phase?

A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks. Which of the following is...

Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited?

Users report the following message appears when browsing to the company's secure site: This website cannot be trusted. Which of the following actions should a security analyst take...

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of...

A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope,...

Two users need to send each other emails over unsecured channels. The system should support the principle of non-repudiation. Winch of the following should be used to sign the user...

Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and secur...

Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users' ema...

Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her...

An administrator discovers the following log entry on a server: Nov 12 2013 00:23:45 httpd[2342]: GET /app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow Which...

A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures...

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment?

A system administrator needs to implement 802.1x whereby when a user logs into the network, the authentication server communicates to the network switch and assigns the user to the...

Which of the following types of cloud Infrastructures would allow several organizations with similar structures and interests to realize shared storage and resources?

A security administrator has found a hash m the environment known to belong to malware. The administrator then finds this file to be in the preupdate area of the OS, which indicate...

Which of the following implements two-factor authentication?

A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee?

A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the domain controller, the systems administrator needs to provide the dom...

A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions the penetration tester is performing?

When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:

An organization's internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to...

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technician must ensure the OS settings are hardened. Which of the follow...

Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate...

A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contact...

A user has attempted to access data at a higher classification level than the user's account is currency authorized to access. Which of the following access control models has been...

A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead, the company decides to purchase insurance to cover the cost o...

An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, impact of similar incidents. Which of the following would assist Comp...

After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package. The systems administr...

Drag and Drop Questions A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensi...

Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the eng...

A company wants to host a publicly available server that performs the following functions: Evaluates MX record lookup Can perform authenticated requests for A and AAA records Uses...

Which of the following attack types BEST describes a client-side attack that is used to mandate an HTML iframe with JavaScript code via web browser?

A company has a data classification system with definitions for "Private" and public." The company's security policy outlines how data should be protected based on type. The compan...

A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST...

A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each...

A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the emai...

A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the followin...

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operati...

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to...

A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of...

A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called "Purchasing", however, the purchasing...

A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use...

A Security engineer is configuring a system that requires the X 509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Wh...

When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select TWO).

When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

A systems administrator is reviewing the following information from a compromised server: Given the above information, which of the following processes was MOST likely exploited vi...