CompTIA CompTIA Certifications SY0-501 Questions & Answers

• Question 401:

  In determining when it may be necessary to perform a credentialed scan against a system instead of a noncredentialed scan, which of the following requirements is MOST likely to influence this decision?

  A. The scanner must be able to enumerate the host OS of devices scanned.

  B. The scanner must be able to footprint the network.

  C. The scanner must be able to check for open ports with listening services.

  D. The scanner must be able to audit file system permissions

  Correct Answer: D

• Question 402:

  A security analyst is working on a project that requires the implementation of a stream cipher. Which of the following should the analyst use?

  A. Hash function

  B. Elliptic curve

  C. Symmetric algorithm

  D. Public key cryptography

  Correct Answer: C

• Question 403:

  A company recently replaced its unsecure email server with a cloud-based email and collaboration solution that is managed and insured by a third party. Which of the following actions did the company take regarding risks related to its email and collaboration services?

  A. Transference

  B. Acceptance

  C. Mitigation

  D. Deterrence

  Correct Answer: A

• Question 404:

  A security administrator is reviewing the following network capture:

  

  Which of the following malware is MOST likely to generate the above information?

  A. Keylogger

  B. Ransomware

  C. Logic bomb

  D. Adware

  Correct Answer: A

• Question 405:

  A network administrator adds an ACL to allow only HTTPS connections form host 192.168.2.3 to web server 192.168.5.2. After applying the rule, the host is unable to access the server. The network administrator runs the output and notices the configuration below:

  

  Which of the following rules would be BEST to resolve the issue?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 406:

  A datacenter recently experienced a breach. When access was gained, an RF device was used to access an air-gapped and locked server rack. Which of the following would BEST prevent this type of attack?

  A. Faraday cage

  B. Smart cards

  C. Infrared detection

  D. Alarms

  Correct Answer: A

• Question 407:

  While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?

  A. Vulnerability scanner

  B. Offline password cracker

  C. Packet sniffer

  D. Banner grabbing

  Correct Answer: C

• Question 408:

  A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST:

  A. maintain the chain of custody.

  B. preserve the data.

  C. obtain a legal hold.

  D. recover data at a later time.

  Correct Answer: B

• Question 409:

  A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username "gotcha" and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)

  A. Logic bomb

  B. Backdoor

  C. Keylogger

  D. Netstat

  E. Tracert

  F. Ping

  Correct Answer: BD

• Question 410:

  Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target?

  A. Reconnaissance

  B. Initial exploitation

  C. Pivoting

  D. Vulnerability scanning

  E. White box testing

  Correct Answer: A