A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.An incident response analyst at a large corporation is reviewing proxy log data.
The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the
best NEXT step for the analyst to take?
A. Call the CEO directly to ensure awareness of the eventWhich of the following is an example of resource exhaustion?
A. A penetration tester requests every available IP address from a DHCP server.A network administrator was recently terminated. A few weeks later, the new administrator noticed unauthorized changes to several devices that are causing denial of services. Additionally, the administrator noticed an unusual connection from an external IP address to an internal server. Which of the following is the MOST likely cause of the problem?
A. SpywareWhich of the following scenarios BEST describes an implementation of non-repudiation?
A. A user logs into a domain workstation and access network file shares for another departmentA security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals?
A. Require the SFTP protocol to connect to the file server.Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?
A. Design weaknessWhen attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are:
A. escalating privilegeA user's laptop is experiencing general slowness following the user's return from an extended time out of the office. After a week, the security team looks at the laptop, but nothing appears out of order. The only noticeable issue is that svchost.exe keeps launching even after the security team kills the process. After running netstat, the team notes svchost.exe is listening on port 443. Using an IoC creation tool, a security analyst does the following:
OR-File MD5 contains adf321122abce28873aad3e12f262a12c AND PROCESS name contains svchost.exe PROCESS arguments does not contain -k AND FILENAME contains svchost.exe FILE DIRECTORY is not %system32%
Based on the IoCs created and the netstat output, which of the following types of malware is present?
A. BackdoorA contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?
A. Consult data disposition policies in the contract.Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.