CompTIA SY0-501 Online Practice Questions and Exam Preparation

CompTIA SY0-501 Online Questions & Answers

• Question 1011:

  Which of the following best describes the initial processing phase used in mobile device forensics?

  A. The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device
  B. The removable data storage cards should be processed first to prevent data alteration when examining the mobile device
  C. The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined again
  D. The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.
  D. The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.

• Question 1012:

  Which of the following is the MOST significant difference between intrusive and non-intrusive vulnerability scanning?

  A. One uses credentials, but the other does not
  B. One has a higher potential for disrupting system operations.
  C. One allows systems to activate firewall countermeasures.
  D. One returns service banners, including running versions
  B. One has a higher potential for disrupting system operations.

• Question 1013:

  An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

  A. The baseline
  B. The endpoint configurations
  C. The adversary behavior profiles
  D. The IPS signatures
  D. The IPS signatures

• Question 1014:

  A security administrator begins assessing a network with software that checks for available exploits against a known database, using both credentials and external scripts. A report will be compiled and used to confirm patching levels. This is an example of:

  A. penetration testing
  B. fuzzing
  C. static code analysis
  D. vulnerability scanning
  D. vulnerability scanning

• Question 1015:

  The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and server. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

  A. Install a NIDS device at the boundary.
  B. Segment the network with firewalls.
  C. Update all antivirus signatures daily.
  D. Implement application blacklisting.
  B. Segment the network with firewalls.

• Question 1016:

  Given the following output:

  [Missing the output]

  Which of the following BEST describes the scanned environment?

  A. A host was identified as a web server that is hosting multiple domains.
  B. A host was scanned, and web-based vulnerabilities were found.
  C. A connection was established to a domain, and several redirect connections were identified.
  D. A web shell was planted in company corn's content management system.
  B. A host was scanned, and web-based vulnerabilities were found.

• Question 1017:

  Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data?

  A. Symmetric algorithm
  B. Hash function
  C. Digital signature
  D. Obfuscation
  A. Symmetric algorithm

• Question 1018:

  An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements:

  Soft copy PII must be encrypted.

  Hard copy PII must be placed in a locked container.

  Soft copy PHI must be encrypted and audited monthly.

  Hard copy PHI must be placed in a locked container and inventoried monthly.

  Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer (CSO).

  While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take?

  A. Put the document back in the cabinet, lock the cabinet, and report the incident to the CSO
  B. Take custody of the document, secure it at a desk, and report the incident to the CSO
  C. Take custody of the document and immediately report the incident to the CSO
  D. Put the document back in the cabinet, inventory the contents, lock the cabinet, and report the incident to the CSO
  A. Put the document back in the cabinet, lock the cabinet, and report the incident to the CSO

• Question 1019:

  Select the appropriate attack from each drop down list to label the corresponding illustrated attack Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

  Hot Area:

  

  

  ---

  1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization,seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to

  come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source

  of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

  2: The Hoax in this question is designed to make people believe that the fake AV (antivirus) software is genuine.

  3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he

  or she will profit.

  4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

  Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website,

  however, is bogus and set up only to steal the information the user enters on the page.

  5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit

  spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct

  Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain

  spoofing.

  References: http://searchsecurity.techtarget.com/definition/spear-phishing http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html http://www.webopedia.com/TERM/P/pharming.html

• Question 1020:

  A member of the IR team has identified an infected computer.

  Which of the following IR phases should the team member conduct NEXT?

  A. Eradication
  B. Recovery
  C. Lessons learned
  D. Containment
  D. Containment