Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information obtained from service banners?
A. False positive
B. Passive reconnaissance
C. Access violation D. Privilege escalation
A systems administrator needs to integrate multiple IoT and small embedded devices into the company's wireless network securely. Which of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network?
A. WPS
B. WPA
C. EAP-FAST
D. 802.1X
A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to:
*
Enter long lines of code and special characters
*
Crash the system
*
Gain unauthorized access to the internal application server
*
Map the internal network
The development team has stated they will need to rewrite a significant portion of the code used, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim?
A.
Content fileting
B.
WAF
C.
TLS
D.
IPS/IDS
E.
UTM
Which of the following control types would a backup of server data provide in case of a system issue?
A. Corrective
B. Deterrent
C. Preventive
D. Detective
The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the "From" section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident?
A. Domain hijacking
B. SPF not enabled
C. MX records rerouted
D. Malicious insider
Two companies are enabling TLS on their respective email gateways to secure communications over the Internet. Which of the following cryptography concepts is being implemented?
A. Perfect forward secrecy
B. Ephemeral keys
C. Domain validation
D. Data in transit
A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Choose two.)
A. Priveleged accounts
B. Password reuse restrictions
C. Password complexity requirements
D. Password recovery
E. Account disablement
Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?
A. Design weakness
B. Zero-day
C. Logic bomb
D. Trojan
A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?
A. Use a degausser to sanitize the drives.
B. Remove the platters from the HDDs and shred them.
C. Perform a quick format of the HDD drives.
D. Use software to zero fill all of the hard drives.
A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate potential vulnerabilities, which of the following BEST accomplishes this objective?
A. Use application whitelisting.
B. Employ patch management.
C. Disable the default administrator account.
D. Implement full-disk encryption.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.