An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing?
A. Pivoting
B. Exfiltration of data
C. Social engineering
D. Passive reconnaissance
A government organization recently contacted three different vendors to obtain cost quotes for a desktop PC refresh. The quote from one of the vendors was significantly lower than the other two and was selected for the purchase. When the PCs arrived, a technician determined some NICs had been tampered with. Which of the following MOST accurately describes the security risk presented in this situation?
A. Hardware root of trust
B. UEFI
C. Supply chain
D. TPM
E. Crypto-malware
F. ARP poisoning
A company is examining possible locations for a hot site. Which of the following considerations is of MOST concern if the replication technology being used is highly sensitive to network latency?
A. Connection to multiple power substations
B. Location proximity to the production site
C. Ability to create separate caged space
D. Positioning of the site across international borders
A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat. @echo off :asdhbawdhbasdhbawdhb start notepad.exe start notepad.exe start calculator.exe start calculator.exe goto asdhbawdhbasdhbawdhb Given the file contents and the system's issues, which of the following types of malware is present?
A. Rootkit
B. Logic bomb
C. Worm
D. Virus
A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the public- facing servers in the domain. Which of the following is a secure solution that is the MOST cost effective?
A. Create and install a self-signed certificate on each of the servers in the domain.
B. Purchase a load balancer and install a single certificate on the load balancer.
C. Purchase a wildcard certificate and implement it on every server.
D. Purchase individual certificates and apply them to the individual servers.
The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?
A. Insider threat
B. Social engineering
C. Passive reconnaissance
D. Phishing
A company moved into a new building next to a sugar mil. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces?
A. Foundational
B. Man-made
C. Environmental
D. Natural
Which of the following is an example of federated access management?
A. Windows passing user credentials on a peer-to-peer network
B. Applying a new user account with a complex password
C. Implementing a AAA framework for network access
D. Using a popular website login to provide access to another website
A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker would. Which of the following would BEST enable the analyst to complete the objective?
A. Perform a non-credentialed scan.
B. Conduct an intrusive scan.
C. Attempt escalation of privilege.
D. Execute a credentialed scan.
Which of the following is unique to a stream cipher?
A. It encrypt 128 bytes at a time.
B. It uses AES encryption.
C. It performs bit-level encryption.
D. It is used in HTTPS.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.