CompTIA CompTIA Certifications SY0-501 Questions & Answers

• Question 181:

  When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are:

  A. escalating privilege

  B. becoming persistent

  C. fingerprinting

  D. pivoting

  Correct Answer: D

• Question 182:

  Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?

  A. Sandboxing

  B. Encryption

  C. Code signing

  D. Fuzzing

  Correct Answer: A

• Question 183:

  A network administrator needs to allocate a new network for the RandD group. The network must not be accessible from the Internet regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this?

  A. Configure the OS default TTL to 1

  B. Use NAT on the RandD network

  C. Implement a router ACL

  D. Enable protected ports on the switch

  Correct Answer: A

• Question 184:

  A security analyst conducts a manual scan on a known hardened host that identifies many non- compliant items. Which of the following BEST describe why this has occurred? (Select TWO)

  A. Privileged-user certificated were used to scan the host

  B. Non-applicable plugins were selected in the scan policy

  C. The incorrect audit file was used

  D. The output of the report contains false positives

  E. The target host has been compromised

  Correct Answer: BD

• Question 185:

  A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information. Which of the following should the administrator use? (Select TWO)

  A. TOPT

  B. SCP

  C. FTP over a non-standard pot

  D. SRTP

  E. Certificate-based authentication

  F. SNMPv3

  Correct Answer: CE

• Question 186:

  A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output:

  

  Given the above output, which of the following commands would have established the questionable socket?

  A. traceroute 8.8.8.8

  B. ping -1 30 8.8.8.8 -a 600

  C. nc -1 192.168.5.1 -p 9856

  D. pskill pid 9487

  Correct Answer: C

• Question 187:

  A security analyst is acquiring data from a potential network incident. Which of the following evidence is the analyst MOST likely to obtain to determine the incident?

  A. Volatile memory capture

  B. Traffic and logs

  C. Screenshots

  D. System image capture

  Correct Answer: B

• Question 188:

  A user typically works remotely over the holidays using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the case?

  A. The certificate has expired

  B. The browser does not support SSL

  C. The user's account is locked out

  D. The VPN software has reached the seat license maximum

  Correct Answer: A

• Question 189:

  When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited for this goal?

  A. Infrastructure

  B. Platform

  C. Software

  D. Virtualization

  Correct Answer: A

• Question 190:

  A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The main culprit of CPU utilization is the antivirus program. Which of the following issue could occur if left unresolved? (Select TWO)

  A. MITM attack

  B. DoS attack

  C. DLL injection

  D. Buffer overflow

  E. Resource exhaustion

  Correct Answer: BE