SY0-501 Exam Questions

A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions, and registry values known to be associated with system vulnerabilities. W...

A security analyst is updating a BIA document. The security analyst notices the support vendor's time to replace a server hard drive went from eight hours to two hours. Given these...

Which of the following could help detect trespassers in a secure facility? (Select TWO)

The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems. The help desk is receive reports that users are exp...

A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another serve...

Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these require...

The POODLE attack is an MITM exploit that affects:

To determine the ALE of a particular risk, which of the following must be calculated? (Select TWO).

Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Select TWO)

Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security. Which of the...

A security administrator needs to address the following audit recommendations for a public-facing SFTP server: Users should be restricted to upload and download files to their own...

An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the...

Which of the following is commonly done as part of a vulnerability scan?

A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company's aging systems are unable to keep up with customer demand. Which of the follo...

After a security incident, management is meeting with involved employees to document the incident and its aftermath. Which of the following BEST describes this phase of the inciden...

A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender's private key? (S...

A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING - hash mismatch: C:\Window\SysWOW64\user32.dll WARNING - hash mism...

As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BEST help to accompl...

A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach. Which of the following is MOST likely the cause?

An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server. Which of...

A manager wants to distribute a report to several other managers with the company. Some of them reside in remote locations that are not connected to the domain but have a local ser...

A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a...

An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help c...

A member of the admins group reports being unable to modify the "changes" file on a server. The permissions on the file are as follows: Permissions User Group File -rwxrw-r--+ Admi...

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: c:\nslookup -querytype=MX...

A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services. The scan reports include the following critical-r...

Company A agrees to provide perimeter protection, power, and environmental support with measurable goals for Company B, but will not be responsible for user authentication or patch...

A company is deploying smartphones for its mobile salesforce. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer d...

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate...

An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30- day patching policy. Which of the following BEST maximizes the protectio...

An organization identifies a number of hosts making outbound connections to a known malicious IP over port TCP 80. The organization wants to identify the data being transmitted and...

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerabi...

A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which...

During a routine vulnerability assessment, the following command was successful: Which of the following vulnerabilities is being exploited?

A forensic investigator has run into difficulty recovering usable files from a SAN drive. Which of the following SAN features might have caused the problem?

A company offers SaaS, maintaining all customers' credentials and authenticating locally. Many large customers have requested the company offer some form of federation with their e...

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements...

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization's incident r...

A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses th...

A security architect has convened a meeting to discuss an organization's key management policy. The organization has a reliable internal key management system, and some argue that...

After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of confidential information. The company places the greatest i...

A security manager is creating an account management policy for a global organization with sales personnel who must access corporate network resources while traveling all over the...

A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities we...

A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?

Ann is the IS manager for several new systems in which the classification of the systems' data are being decided. She is trying to determine the sensitivity level of the data being...

Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?

A systems administrator wants to generate a self-signed certificate for an internal website. Which of the following steps should the systems administrator complete prior to install...

A security analyst has received the following alert snippet from the HIDS appliance: PROTOCOL SIG SRC.PORT DST.PORT TCP XMAS SCAN 192.168.1.1:1091 192.168.1.2:8891 TCP XMAS SCAN 19...

Which of the following controls allows a security guard to perform a post-incident review?

Attackers have been using revoked certificates for MITM attacks to steal credentials from employees of Company.com. Which of the following options should Company.com implement to m...