CompTIA SY0-501 Online Practice Questions and Exam Preparation

CompTIA SY0-501 Online Questions & Answers

• Question 221:

  A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack?

  A. The DLL of each application should be set individually
  B. All calls to different DLLs should be hard-coded in the application
  C. Access to DLLs from the Windows registry should be disabled
  D. The affected DLLs should be renamed to avoid future hijacking
  B. All calls to different DLLs should be hard-coded in the application

• Question 222:

  An organization is setting up a satellite office and wishes to extend the corporate network to the new site. Which of the following is the BEST solution to allow the users to access corporate resources while focusing on usability and security?

  A. Federated services
  B. Single sign-on
  C. Site-to-site VPN
  D. SSL accelerators
  C. Site-to-site VPN

• Question 223:

  The POODLE attack is an MITM exploit that affects: A. TLS1.0 with CBC mode cipher

  B. SSLv2.0 with CBC mode cipher
  C. SSLv3.0 with CBC mode cipher
  D. SSLv3.0 with ECB mode cipher
  C. SSLv3.0 with CBC mode cipher

• Question 224:

  A security analyst is attempting to identify vulnerabilities in a customer's web application without impacting the system or its dat Which of the following BEST describes the vulnerability scanning concept performed?

  A. Aggressive scan
  B. Passive scan
  C. Non-credentialed scan
  D. Compliance scan
  B. Passive scan

• Question 225:

  A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on binaries prior to transmission over untrusted media. Which of the following BEST describes the action performed by this type of application?

  A. Hashing
  B. Key exchange
  C. Encryption
  D. Obfusication
  D. Obfusication

• Question 226:

  A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?

  A. Put the desktops in the DMZ.
  B. Create a separate VLAN for the desktops.
  C. Air gap the desktops.
  D. Join the desktops to an ad-hoc network.
  C. Air gap the desktops.

• Question 227:

  A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst interested?

  A. Sandboxing
  B. Staging
  C. DMZ
  D. Honeypot
  A. Sandboxing

• Question 228:

  Which of the following are the BEST selection criteria to use when assessing hard drive suitability for time-sensitive applications that deal with large amounts of critical information? (Select TWO).

  A. MTBF
  B. MTTR
  C. SLA
  D. RTO
  E. MTTF
  F. RPO
  A. MTBF
  B. MTTR

• Question 229:

  Which of the following should identify critical systems and components?

  A. MOU
  B. BPA
  C. ITCP
  D. BCP
  D. BCP

• Question 230:

  A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify:

  A. Performance and service delivery metrics
  B. Backups are being performed and tested
  C. Data ownership is being maintained and audited
  D. Risk awareness is being adhered to and enforced
  A. Performance and service delivery metrics