SY0 501 July01
Terms in this set (55)
which of the following best describes an important security advantage yielded by implementing vendor diversity?
ann, a user, states that her machine has been behaving erratically over the past week. she has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversation with co workers. the technician runs a standard virus scan but detects nothing. which of the following types of malware has infected the machine?
which of the following controls allows a security guard to perform a post-incident review?
a security engineer is configuring a wireless network with EAP-TLS. which of the following activities is a requirement for this configuration
deploying certificates to endpoint devices
a dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. the company then discovers it information is posted online. which of the following methods would have most likely prevented the data being exposed?
using magnetic fields to erase the data
a new security administrator ran a vulnerability scanner for the first time and caused a system outage. which of the following types of scans most likely caused the outage?
intrusive non-credentialed scan
which of the following encryption does PKI typically use to securely protect keys?
a penetration tester harvests potential usernames from a social networking site. the penetration tester then uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on network server. which of the following methods is the penetration tester most likely using?
an organization wants to upgrade its enterprise wide desktop computer solution. the organization currently has 500 PC's active on the network. the chief information security officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. which of the following is a security benefit of implementing an imaging solution?
it provides a consistent baseline.
after an identified security breach, an analyst is tasked to initiate the IR process. which of the following is the next step the analyst should take?
a security analyst launches the task manager on a server with poor performance, and notices private bytes are being exhausted and the application pool is constantly recycling. which of the following best describes the cause of negative impact to application availability?
which of the following should a security analyst perform first to determine the vulnerabilities of a legacy system?
a company is evaluating cloud providers to reduce the cost of its internal IT operation. the company's aging system are unable to keep up with customer demand. which of the following cloud models will the company most likely select?
which of the following is a deployment concept that can be used to ensure only the required OS access is exposed to software applications?
a department head of a university resigned on the first day of spring semester. it was subsequently determined that the department head deleted numerous files and directories from the server based home directory while the campus was closed. which of the following policies or procedures could help prevented this from occurring?
an organization wants to utilize a common, internet based third party provider for authorization and authentication. the provider uses a technology based on OAuth 2,0 to provide required services. to which of the following technologies is the provider referring?
Ann is the IS manager for several new systems in which the classifications of the systems' data are being
decided. She is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification?
a network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. which of the following should be implemented if the administrator does not want to provide the wireless password or certificate to the employee?
an incident involving a workstation that is potentially infected with a virus has occurred. the workstation may have sent confidential data to an unknown internet server. which of the following should a security analyst do first?
make a copy of everything in memory of the workstation
An actor downloads and runs a program against a corporate login page. The program imports a list of
usernames and passwords, looking for a successful attempt. Which of the following terms BEST describes the
actor in this situation?
which of the following describes the key difference between vishing and phishing attacks?
vishing attacks are accomplished using telephony services.
As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BEST help to accomplish this?
implement containerization of company data
A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network. Which of the following is the MOST likely method used to gain access to the other host?
an organization's employees currently use three different sets of credentials to access multiple internal resources. management wants to make this process less complex. which of the following would be the best option to meet this goal?
single sign on
which of the following best describes a network-based attack that can allow an attacker to take full control of vulnerable host?
which of the following would be considered multifactor authentication
strong password and fingerprint
an administrator is configuring a wireless network. security policy states that deprecated cryptography should not be used when there is an alternative choice. which of the following should the administrator use for the wireless network's cryptographic protocol?
after a security incident, management is meeting with involved employees to document the incident and its aftermath. which of the following best describes this phase of the incident response process?
A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach. Which of the following is MOST likely the cause?
which of the following allows an auditor to test propriety-software compiled code for security flaws?
a security administrator wants to implement a logon script that will prevent MITM on the local LAN. which of the following commands should the security administrator implement within the script to accomplish this task?
arp -s 192.168.1.1 00-3a-dl-fa-b1-06
after attempting to harden a web server, a security analyst needs to determine if an application remains vulnerable to SQL injection attacks. which of the following would be best to assist the analyst in making this determination?
a vice president at a manufacturing organization is concerned about desktops being connected to the network. employees need to log onto the desktops local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. which of the following is the best way to accomplish this?
create a separate VLAN for the desktops
a user receives an email from an ISP indicating malicious traffic coming from the user's home network is detected. the traffic appears to be linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an internet attack. the only linux device on the network is a home surveillance camera system. which of the following best describes what is happening?
the camera system is infected with a bot.
which of the following is the proper order for logging a user into a system from the first step to the last step?
identification, authentication, authorization
To determine the ALE of a particular risk, which of the following must be calculated? (Select TWO).
Systems administrators and key support staff come together to simulate a hypothetical interruption of service. the team updates the disaster recovery processes and documentation after meeting. which of the following describes the teams efforts?
a new system design will include local user tables and password files managed by the systems administrators, an external permissions tree managed by an access control team, and an external auditing infrastructure managed by security team. which of the following is managed by the security team?
which of the following components of printers and MFDs are most likely to be used as vectors of compromise if they are improperly configured?
while troubleshooting a client application connecting to the network, the security administrator notices the following error: certificate is not valid. which of the following is the best way to check if the digital certificate is valid?
A security specialist must confirm file backups match the original copy. which of the following should the security specialist use to accomplish objective?
a security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. the technician initiates a system scan. the scan results illustrate that the disk space on several servers has reached capacity. the scan also indicates that incoming internet traffic to the servers has increased. which of the following is the most likely cause of the decreased disk space?
logs and events anomalies
company A has required company B. company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. company B, however, cannot be merged into company A's domain infrastructure. which of the following would allow the two companies to access one another's resources?
the poodle attack is a MITM that affects
SSLv2.0 with CBC mode cipher
the Chief Information Officer (CIO) asks an employee to remove the confidential data stored on end of life company laptops prior to recycling them. which of the following is the best way to accomplish this?
degauss the hard drive
which of the following is the best reason for salting a password hash before it is stored in a database?
to protect passwords from being saved in readable format
with which of the following authentication concepts is a gait analysis most closely associated?
something you do
which of the following differentiates a collision attack from a rainbow attack?
a rainbow table attack performs a hash lookup
while working on an incident, joe, a technician, finishes restoring the OS and applications on a workstation from the original media. Joe is about to begin copying the user's files back onto the hard drive. which of the following incident response steps is joe working on now?
a company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of comission. which of the following is an element of a BIA that is being addressed?
identification of critical systems
a company has two wireless networks utilizing captive portals. some employees report getting a trust error in their browsers when connecting to one of the networks. both captive portals are using the same server certificate for authentication, but the analyst notices the following differences between two certificate details:
geotrust global CA
which of the following would resolve the problem?
use a trust model
a security engineer wants to implement a site-to-site VPN that require SSL certificates for mutual authentication. which of the following should the engineer implement if the design requires client MAC addresses to be visible across the channel?
transport mode VPN IPsec
An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?
outgoing emails containing usually large image files
while trying to manage a firewall's ACL, a security administrator (user 3) receives an "access denied" error. the manager reviews the following information:
Security_admins: User 1, User2
ACL Read: Security_admins
ACL Write: Security_admins
which of the following is preventing the administrator from managing the firewall?
group based access control
a technician suspects that a system has been compromised. the technician reviews the following log entry:
WARNING - hash mismatch: C\Window\SysWOW\user32.dll
WARNING - hash mismatch: C\Window\SysWOW64\kernel132.dll
based solely on the above information, which of the following types of malware is most likely installed on the system?
YOU MIGHT ALSO LIKE...
Security+ SY0-401 Practice Exam 2
OTHER SETS BY THIS CREATOR
sy0 501 Sept01
THIS SET IS OFTEN IN FOLDERS WITH...
SEC+ Exam - SY0-501 version1
501 Security Plus
SEC+ 501 Question Bank