SY0-501 Online Practice Questions and Answers

During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the following BEST explains why the tester is doing this?

A. To determine if the network routes are improperly forwarding request packets

B. To identify the total number of hosts and determine if the network can be victimized by a DoS attack

C. To identify servers for subsequent scans and further investigation

D. To identify the unresponsive hosts and determine if those could be used as zombies in a follow-up scan.

A security administrator is implementing a SIEM and needs to ensure events can be compared against each other based on when the events occurred and were collected. Which of the following does the administrator need to implement to ensure this can be accomplished?

A. TOTP

B. TKJP

C. NTP

D. HOTP

Which of the following is the BEST example of a reputation impact identified during a risk assessment?

A. A bad software patch taking down the production systems.

B. A misconfigured firewall exposing intellectual properly to the internet.

C. An attacker defacing the e-commerce portal.

D. Malware collecting credentials for company bank accounts.

An organization's Chief Information Officer (CIO) read an article that identified leading hacker trends and attacks, one of which is the alteration of URLs to IP addresses resulting in users being redirected to malicious websites. To reduce the chance of this happening in the organization, which of the following secire protocols should be implemented?

A. DNSSEC

B. IPSec

C. LDAPS

D. HTTPS

A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:

*

Employees must provide an alternate work location (i.e., a home address).

*

Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed. Which of the following BEST describes the MDM options the company is using?

A.

Geofencing, content management, remote wipe, containerization, and storage segmentation

B.

Content management, remote wipe, geolocation, context-aware authentication, and containerization

C.

Application management, remote wipe, geofencing, context-aware authentication, and containerization

D.

Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption

A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns?

A. Sideloading

B. Full device encryption

C. Application management

D. Containerization

An attack that is using interference as its main attack to impede network traffic is which of the following?

A. Introducing too much data to a targets memory allocation

B. Utilizing a previously unknown security flaw against the target

C. Using a similar wireless configuration of a nearby network

D. Inundating a target system with SYN requests

A security administrator found the following piece of code referenced on a domain controller's task scheduler:

$var = GetDomainAdmins If $var != `fabio' SetDomainAdmins = NULL With which of the following types of malware is the code associated?

A. RAT

B. Backdoor

C. Logic bomb

D. Crypto-malware

An organization's employees currently use three different sets of credentials to access multiple internal resources. Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?

A. Transitive trust

B. Single sign-on

C. Federation

D. Secure token

An incident response analyst at a large corporation is reviewing proxy data log. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?

A. Call the CEO directly to ensure awareness of the event

B. Run a malware scan on the CEO's workstation

C. Reimage the CEO's workstation

D. Disconnect the CEO's workstation from the network