An organization uses multifactor authentication to restrict local network access. It requires a PIV and a PIN. Which of the following factors is the organization using?
A. Something you have; something you are
B. Something you know, something you do
C. Something you do, something you are
D. Something you have, something you know
A dumpster diver was able 10 retrieve hard drives from a competitor's trash bin. After installing the and hard drives and running common date recovery software. Sensitive information was recovered. In which of the following ways did the competitor apply media sanitation?
A. Pulverizing
B. Degaussing
C. Encrypting
D. Formatting
An organization uses simulated phishing attacks on its users to better prepare them to recognize actual phishing attacks and get them accustomed to reporting the attacks to the security team. This is an example of:
A. baselining
B. user training
C. stress testing
D. continuous monitoring
An organization has the following password policies:
Passwords must be at least 16 characters long.
Three tailed login attempts will lock the account (or live minutes.
Passwords must have one uppercase letter, one lowercase letter, and one non- alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on the same server. Which of the following is MOST likely the issue, and what should be done?
A. Some users have reset their account to a previously used password; implement a password history policy.
B. Service accounts are being used to log onto the server; restrict service account permissions to read/ write.
C. Single sign-on is allowing remote logins to the database server; disable single sign-on until it can be properly configured.
D. Users are logging in after working hours; implement a time-of-day restriction for the database servers.
An attacker has gained control of several systems on the Internet and is using them to attach a website, causing it to stop responding to legitimate traffic. Which of the following BEST describes the attack?
A. MITM
B. DNS poisoning
C. Buffer overflow
D. DDoS
An organization is looking to build its second head ofce in another city. which has a history of ooding with an average of two oods every `I00 years. The estimated building cost is $1 million. and the estimated damage due to flooding is half of the buildings cost. Given this information, which of the following is the SLE?`
A. $50,000
B. $200000
C. $500,000
D. $1.000000
An organization has the following password policies:
Passwords must be at least 16 characters long.
A password cannot be the same as any previous 20 passwords.
Three failed login attempts will lock the account for five minutes.
Passwords must have one uppercase letter, one lowercase letter, and one non- alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on a completely separate server. Which of the following is MOST likely the issue and the best solution?
A. Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.
B. The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
C. User passwords are not sufficiently long or complex: the organization should increase the complexity and length requirements for passwords.
D. The trust relationship between the two servers has been compromised: the organization should place each server on a separate VLAN.
A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting m the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings?
A. Identification
B. Lessons learned
C. Recovery
D. Preparation
E. Eradication
An organization requires that all workstations he issued client computer certicates from the organization`s PKI. Which of the following congurations should be implemented?
A. EAP-PEAP
B. LEAP
C. EAP-TLS
D. EAP-FAST/MSCHAPv2
E. EAP-MD5
The security office has had reports of increased tailgating in the datacenter. Which of the following controls should security put in place?
A. Mantrap
B. Cipher lock
C. Fingerprint scanner
D. Badge reader
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.