SY0-501 Exam Questions

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help...

An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer da...

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following sho...

Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being aware of the intercept...

A security administrator wishes to implement a secure a method of file transfer when communicating with outside organizations. Which of the following protocols would BEST facilitat...

A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office buil...

After correctly configuring a new wireless enabled thermostat to control the temperature of the company's meeting room, Joe, a network administrator determines that the thermostat...

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a (n):

A company is planning to encrypt the files in several sensitive directories of a file server with a symmetric key. Which of the following could be used?

Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for...

Which of the following are MOST susceptible to birthday attacks?

Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conduc...

A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support non- rep...

Given the log output: Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45] [localport: 23] at 00:15:23:431 CET Sun Mar 15 2015 Whi...

The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain f...

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the following should the s...

In an effort to reduce data storage requirements, a company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algo...

A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organ...

A product manager is concerned about continuing operations at a facility located in a region undergoing significant political unrest. After consulting with senior management, a dec...

Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to B...

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the following can be imp...

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits,...

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company's public facing website in the DMZ....

The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following?

Which of the following is commonly used for federated identity management across multiple organizations?

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacke...

A security administrator has been asked to implement a VPN that will support remote access over IPSEC. Which of the following is an encryption algorithm that would meet this requir...

A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos?

Which of the following can affect electrostatic discharge in a network operations center?

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?

A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company...

A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an...

An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant ov...

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because...

A security administrator determined that users within the company are installing unapproved software. Company policy dictates that only certain applications may be installed or ran...

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their...

A website administrator has received an alert from an application designed to check the integrity of the company's website. The alert indicated that the hash value for a particular...

An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exc...

Many employees are receiving email messages similar to the one shown below: From IT department To employee Subject email quota exceeded username and password to increase your email...

A security analyst is reviewing the following packet capture of an attack directed at a company's server located in the DMZ: Which of the following ACLs provides the BEST protectio...

The IT department needs to prevent users from installing untested applications. Which of the following would provide the BEST solution?

An attack that is using interference as its main attack to impede network traffic is which of the following?

An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of key...

Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was abl...

During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to d...

When generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm?

The administrator installs database software to encrypt each field as it is written to disk. Which of the following describes the encrypted data?

Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain?