CompTIA CompTIA Certifications SY0-501 Questions & Answers

• Question 1321:

  When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:

  A. system sprawl

  B. end-of-life systems

  C. resource exhaustion

  D. a default configuration

  Correct Answer: B

• Question 1322:

  A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Select two.)

  A. The portal will function as a service provider and request an authentication assertion.

  B. The portal will function as an identity provider and issue an authentication assertion.

  C. The portal will request an authentication ticket from each network that is transitively trusted.

  D. The back-end networks will function as an identity provider and issue an authentication assertion.

  E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.

  F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

  Correct Answer: AB

• Question 1323:

  An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?

  A. PEAP

  B. EAP

  C. WPA2

  D. RADIUS

  Correct Answer: A

  EAP by itself is only an authentication framework.

  PEAP (Protected Extensible Authentication Protocol) fully encapsulates EAP and is designed to work within a TLS (Transport Layer Security) tunnel that may be encrypted but is authenticated. The primary motivation behind the creation of

  PEAP was to help correct the deficiencies discovered within EAP since that protocol assumes that the communications channel is protected. As a result, when EAP messages are able to be discovered in the "clear" they do not provide the

  protection that was assumed when the protocol was originally authored.

  PEAP, EAP-TTLS, and EAP-TLS "protect" inner EAP authentication within SSL/TLS sessions.

• Question 1324:

  Which of the following network vulnerability scan indicators BEST validates a successful, active scan?

  A. The scan job is scheduled to run during off-peak hours.

  B. The scan output lists SQL injection attack vectors.

  C. The scan data identifies the use of privileged-user credentials.

  D. The scan results identify the hostname and IP address.

  Correct Answer: D

• Question 1325:

  After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package. The systems administrator reviews the output below:

  

  Based on the above information, which of the following types of malware was installed on the user's computer?

  A. RAT

  B. Keylogger

  C. Spyware

  D. Worm

  E. Bot

  Correct Answer: A

  A RAT's installation mechanism is usually attached to a legitimate program. RATs are commonly hidden within games or other small programs, as well as in email attachments that users download. Imposters are able to customize RAT features, such as when and where to launch the Trojan. Intruders eventually trigger the server program on the victim's computer. Then, the RAT runs invisibly on the victim's computer and allows the intruder to gain remote access and control of the infected computer.

• Question 1326:

  Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

  A. Privilege escalation

  B. Pivoting

  C. Process affinity

  D. Buffer overflow

  Correct Answer: A

• Question 1327:

  A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?

  A. Botnet

  B. Ransomware

  C. Polymorphic malware

  D. Armored virus

  Correct Answer: A

• Question 1328:

  Which of the following technologies employ the use of SAML? (Select two.)

  A. Single sign-on

  B. Federation

  C. LDAP

  D. Secure token

  E. RADIUS

  Correct Answer: AB

• Question 1329:

  Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

  A. Buffer overflow

  B. MITM

  C. XSS

  D. SQLi

  Correct Answer: C

• Question 1330:

  An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?

  A. Capture and document necessary information to assist in the response.

  B. Request the user capture and provide a screenshot or recording of the symptoms.

  C. Use a remote desktop client to collect and analyze the malware in real time.

  D. Ask the user to back up files for later recovery.

  Correct Answer: A