CompTIA SY0-501 Online Practice Questions and Exam Preparation

CompTIA SY0-501 Online Questions & Answers

• Question 381:

  A cryptographer has developed a new proprietary hash function for a company and solicited employees to test the function before recommending its implementation. An employee takes the plaintext version of a document and hashes it, then changes the original plaintext document slightly and hashes it, and continues repeating this process until two identical hash values are produced from two different documents. Which of the following BEST describes this cryptographic attack?

  A. Brute force
  B. Known plaintext
  C. Replay
  D. Collision
  D. Collision

• Question 382:

  Which of the following is a resiliency strategy that allows a system to automatically adapt to workload changes?

  A. Fault tolerance
  B. Redundancy
  C. Elasticity
  D. High availability
  C. Elasticity

• Question 383:

  A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following?

  A. Change management procedures
  B. Job rotation policies
  C. Incident response management
  D. Least privilege access controls
  A. Change management procedures

• Question 384:

  A hacker has a packet capture that contains:

  

  Which of the following tools will the hacker use against this type of capture?

  A. Password cracker
  B. Vulnerability scanner
  C. DLP scanner
  D. Fuzzer
  A. Password cracker

• Question 385:

  Penetration testing is distinct from vulnerability scanning primarily because penetration testing:

  A. leverages credentialed scanning to obtain persistence
  B. involves multiple active exploitation techniques
  C. relies exclusively on passive exploitation attempts for pivoting
  D. relies on misconfiguration of security controls
  B. involves multiple active exploitation techniques

• Question 386:

  A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and Identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

  A. A non-disclosure agreement
  B. Least privilege
  C. An acceptable use policy
  D. Off boarding
  B. Least privilege

• Question 387:

  A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent downloads are becoming problematic. Which of the following would BEST suit the administrator's needs?

  A. OCSP
  B. CSR
  C. Key escrow
  D. CA
  A. OCSP

• Question 388:

  A datacenter engineer wants to ensure an organization's servers have high speed and high redundancy and can sustain the loss of two physical disks in an array. Which of the following RAID configurations should the engineer implement to deliver this functionality?

  A. RAID 0
  B. RAID 1
  C. RAID 5
  D. RAID 10
  E. RAID 50
  D. RAID 10

• Question 389:

  A forensic investigator has run into difficulty recovering usable files from a SAN drive. Which of the following SAN features might have caused the problem?

  A. Storage multipaths
  B. Deduplication
  C. iSCSI initiator encryption
  D. Data snapshots
  B. Deduplication

• Question 390:

  An administrator is disposing of media that contains sensitive information. Which of the following will provide the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?

  A. Wipe the hard drive.
  B. Shred the hard drive.
  C. Sanitize all of the data.
  D. Degauss the hard drive.
  B. Shred the hard drive.