A Chief Executive Officer (CEO) is staying at a hotel during a business trip. The hotel's wireless network does not show a lock symbol. Which of the following precautions should the CEO take? (Choose two.)
A. Change the connection type to WPA2
B. Change TKIP to CCMP
C. Use a VPN
D. Tether to a mobile phone
E. Create a tunnel connection with EAP-TTLS
The Chief Information Officer (CIO) has decided to add two-factor authentication along with the use of passwords when logging on to the network. Which of the following should be implemented to BEST accomplish this requirement?
A. Require users to enter a PIN
B. Require users to set complex passwords
C. Require users to insert a smart card when logging on
D. Require the system to use a CAPTCHA
A security analyst is implementing mobile device security for a company. To save money, management has decided on a BYOD model. The company is most concerned with ensuring company data will not be exposed if a phone is lost or stolen. Which of the following techniques BEST accomplish this goal? (Choose two.)
A. Containerization
B. Full device encryption
C. Geofencing
D. Remote wipe
E. Application management
F. Storage segmentation
Which of the following is an algorithm family that was developed for use cases in which power consumption and lower computing power are constraints?
A. Elliptic curve
B. RSA
C. Diffie-Hellman
D. SHA
An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements:
Soft copy PII must be encrypted.
Hard copy PII must be placed in a locked container.
Soft copy PHI must be encrypted and audited monthly.
Hard copy PHI must be placed in a locked container and inventoried monthly.
Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer (CSO).
While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take?
A. Put the document back in the cabinet, lock the cabinet, and report the incident to the CSO
B. Take custody of the document, secure it at a desk, and report the incident to the CSO
C. Take custody of the document and immediately report the incident to the CSO
D. Put the document back in the cabinet, inventory the contents, lock the cabinet, and report the incident to the CSO
An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?
A. The date is past the certificate expiration; reset the system to the current time and see if the connection still fails
B. The remote server cannot support SHA-256; try another hashing algorithm like SHA-1 and see if the application can connect
C. AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach
D. SSL is not the correct protocol to use in this situation; change to TLS and try the client-server connection again
Ann, a user, reports she is receiving emails that appear to be from organizations to which she belongs, but the emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does this describe?
A. A hacker is using Ann's social media information to create a spear phishing attack
B. The DNS servers for the organizations have been hacked and are pointing to malicious sites
C. The company's mail system has changed the organization's links to point to a proxy server for security
D. Ann's computer is infected with adware that has changed the email links
A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use?
A. Diameter
B. SAML
C. Kerberos
D. CHAP
An organization has the following password policies:
Passwords must be at least 16 characters long.
A password cannot be the same as any previous 20 passwords.
Three failed login attempts will lock the account for five minutes.
Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and
suspicious logins are now being detected on a completely separate server.
Which of the following is MOST likely the issue and the best solution?
A. Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.
B. The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
C. User passwords are not sufficiently long or complex; the organization should increase the complexity and length requirements for passwords.
D. The trust relationship between the two servers has been compromised; the organization should place each server on a separate VLAN.
A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?
A. Implement complex passwords
B. Use SSH for remote access
C. Configure SNMPv2 for device management
D. Use TFTP to copy device configuration
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.