SY0-501 Exam Questions

After attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks. Which of the following would BEST assi...

A company is allowing a BYOD policy for its staff. Which of the following is a best practice that can decrease the risk of users jailbreaking mobile devices?

Which of the following describes the key difference between vishing and phishing attacks?

Which of the following should a security analyst perform FIRST to determine the vulnerabilities of a legacy system?

Which of the following components of printers and MFDs are MOST likely to be used as vectors of compromise if they are improperly configured?

A hacker has a packet capture that contains: ....Joe Smith.........E289F21CD33E4F57890DDEA5CF267ED2.. ...Jane.Doe...........AD1FAB10D33E4F57890DDEA5CF267ED2.. ....John.Key............

A user downloads and installs an MP3 converter, and runs the application. Upon running the application, the antivirus detects a new port in a listening state. Which of the followin...

An attacker exploited a vulnerability on a mail server using the code below. <HTML><body onload=document.location.replace "URL:" +"document.location) ; /> </body> </HTML> Which of...

A security analyst is securing smartphones and laptops for a highly mobile workforce. Priorities include: Remote wipe capabilities Geolocation services Patch management and reporti...

A technician receives a device with the following anomalies: Frequent pop-up ads Show response-time switching between active programs Unresponsive peripherals The technician review...

A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the domain controller, the systems administrator needs to provide the dom...

An organization plans to implement multifactor authentication techniques within the enterprise network architecture. Each authentication factor is expected to be a unique control....

Upon entering an incorrect password, the logon screen displays a message informing the user that the password does not match the username provided and is not the required length of...

Which of the following s the BEST reason to run an untested application is a sandbox?

An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wire...

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

A security analyst observes the following events in the logs of an employee workstation: 1/23 1:07:16 865 Access to C:\Users\user\temp\oasdfkh.hta has been restricted by your admin...

A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan...

A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The main culprit of CPU utilization is the antivirus program. Which of the follow...

Which of the following is used to validate the integrity of data?

A user typically works remotely over the holidays using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. W...

When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that...

A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the...

A security analyst is acquiring data from a potential network incident. Which of the following evidence is the analyst MOST likely to obtain to determine the incident?

A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket establish...

A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuratio...

A security analyst conducts a manual scan on a known hardened host that identifies many non- compliant items. Which of the following BEST describe why this has occurred? (Select TW...

Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?

A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the Internet regardless of the network firewall or other external...

To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed?

When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are:

The help desk received a call after hours from an employee who was attempting to log into the payroll server remotely. When the help desk returned the call the next morning, the em...

An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the followi...

A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFI- enabled baby monitor while the baby's parents were sleeping. Which of the fol...

A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificat...

Which of the following refers to the term used to restore a system to its operational state?

A Chief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critica...

An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which...

An active/passive configuration has an impact on:

Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

Which of the following would provide additional security by adding another factor to a smart card?

A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal log...

Which of the following uses precomputed hashes to guess passwords?

A systems administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of...

In determining when it may be necessary to perform a credentialed scan against a system instead of a non- credentialed scan, which of the following requirements is MOST likely to i...

A security administrator receives an alert from a third-party vendor that indicates a certificate that was installed in the browser has been hijacked at the root of a small public...

A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees co...

A security analyst is investigating a potential reach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the busin...

Joe, a salesman, was assigned to a new project that requires him to travel to a client site. While waiting for a flight, Joe, decides to connect to the airport wireless network wit...

A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of c...