CompTIA SY0-501 Online Practice Questions and Exam Preparation

CompTIA SY0-501 Online Questions & Answers

• Question 1241:

  A security analyst is diagnosing an incident in which a system was compromised from an external IP address.

  The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?

  A. tracert
  B. netstat
  C. ping
  D. nslookup
  B. netstat

• Question 1242:

  The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9. and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following:

  

  Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

  A. Request the application team to allow TCP port 87 to listen on 10.17.36.5.
  B. Request the network team to open port 1433 from 10.13.136.9 to 10.17.36.5.
  C. Request the network team to turn of IPS for 10.13.136.8 going to 10.17.36.5.
  D. Request the application team to reconfigure the application and allow RPC communication.
  B. Request the network team to open port 1433 from 10.13.136.9 to 10.17.36.5.

• Question 1243:

  An organization's Chief Information Officer (CIO) read an article that identified leading hacker trends and attacks, one of which is the alteration of URLs to IP addresses resulting in users being redirected to malicious websites. To reduce the chance of this happening in the organization, which of the following secire protocols should be implemented?

  A. DNSSEC
  B. IPSec
  C. LDAPS
  D. HTTPS
  A. DNSSEC

• Question 1244:

  Joe, a user, has been trying to send Ann, a different user, an encrypted document via email. Ann has not received the attachment but is able to receive the header information. Which of the following is MOST likely preventing Ann from receiving the encrypted file?

  A. Unencrypted credentials
  B. Authentication issues
  C. Weak cipher suite
  D. Permission issues
  B. Authentication issues

• Question 1245:

  A network administrator is trying to provide the most resilient hard drive configuration in a server. With five hard drives which of the following is the MOST fault-tolerant configuration?

  A. RAID 1
  B. RAID 5
  C. RAID 6
  D. RAID 10
  B. RAID 5

• Question 1246:

  A penetration tester was able to connect to a company's internal network and perform scans and staged attacks for the duration of the testing period without being noticed. The SIEM did not alert the security team to the presence of the penetration tester's devices on the network. Which of the following would provide the security team with notification in a timely manner?

  A. Implement rogue system detection and sensors.
  B. Create a trigger on the IPS and alert the security team when unsuccessful logins occur.
  C. Decrease the correlation threshold for alerts on the SIEM.
  D. Run a credentialed vulnerability scan
  A. Implement rogue system detection and sensors.

• Question 1247:

  A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?

  A. Mission-essential function
  B. Single point of failure
  C. backup and restoration plans
  D. Identification of critical systems
  A. Mission-essential function

• Question 1248:

  When choosing a hashing algorithm for storing passwords in a web database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?

  A. HMAC provides hardware acceleration, thus speeding up authentication
  B. HMAC adds a transport layer handshake, which improves authentication
  C. HMAC-MD5 can be decrypted faster, speeding up performance
  D. HMAC-MD5 is more resistant to brute forcing
  B. HMAC adds a transport layer handshake, which improves authentication

• Question 1249:

  A security analyst is hardening a WiFi infrastructure.

  The primary requirements are the following:

  The infrastructure must allow staff to authenticate using the most secure method.

  The infrastructure must allow guests to use an "open" WiFi network that logs valid email addresses before granting access to the Internet.

  Given these requirements, which of the following statements BEST represents what the analyst should recommend and configure?

  A. Configure a captive portal for guests and WPS for staff.
  B. Configure a captive portal for staff and WPA for guests.
  C. Configure a captive portal for staff and WEP for guests.
  D. Configure a captive portal for guest and WPA2 Enterprise for staff
  D. Configure a captive portal for guest and WPA2 Enterprise for staff

• Question 1250:

  A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting m the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings?

  A. Identification
  B. Lessons learned
  C. Recovery
  D. Preparation
  E. Eradication
  B. Lessons learned