CompTIA SY0-501 Online Practice Questions and Exam Preparation

CompTIA SY0-501 Online Questions & Answers

• Question 491:

  Which of the following serves to warn users against downloading and installing pirated software on company devices?

  A. AUP
  B. NDA
  C. ISA
  D. BPA
  A. AUP

• Question 492:

  A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact?

  A. Launch an investigation to identify the attacking host
  B. Initiate the incident response plan
  C. Review lessons learned captured in the process
  D. Remove malware and restore the system to normal operation
  D. Remove malware and restore the system to normal operation

• Question 493:

  An organization has the following password policies:

  Passwords must be at least 16 characters long.

  Three tailed login attempts will lock the account (or live minutes.

  Passwords must have one uppercase letter, one lowercase letter, and one non- alphanumeric symbol.

  A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and

  suspicious logins are now being detected on the same server. Which of the following is MOST likely the issue, and what should be done?

  A. Some users have reset their account to a previously used password; implement a password history policy.
  B. Service accounts are being used to log onto the server; restrict service account permissions to read/ write.
  C. Single sign-on is allowing remote logins to the database server; disable single sign-on until it can be properly configured.
  D. Users are logging in after working hours; implement a time-of-day restriction for the database servers.
  D. Users are logging in after working hours; implement a time-of-day restriction for the database servers.

• Question 494:

  A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to defect the following message: "Special privileges assigned to new logon.' Several of these messages did not have a valid logon associated with the user before these privileges were assigned.

  Which of the following attacks is MOST likely being detected?

  A. Pass-the-hash
  B. Buffer overflow
  C. Cross-site scripting
  D. Session replay
  B. Buffer overflow

• Question 495:

  In which of the following situations would it be BEST to use a detective control type for mitigation?

  A. A company implemented a network load balancer to ensure 99 999% availability of its web application
  B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster
  C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department
  D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor not block, any traffic
  E. A company purchased liability insurance for flood protection on all capital assets
  A. A company implemented a network load balancer to ensure 99 999% availability of its web application

• Question 496:

  A network technician is designing a network for a small company. The network technician needs to implement an email server and web server that will be accessed by both internal employees and external customers. Which of the following would BEST secure the internal network and allow access to the needed servers?

  A. Implementing a site-to-site VPN for server access.
  B. Implementing a DMZ segment for the server.
  C. Implementing NAT addressing for the servers.
  D. Implementing a sandbox to contain the servers.
  B. Implementing a DMZ segment for the server.

• Question 497:

  A security analyst is checking log files and finds the following entries:

  

  Which of the following is MOST likely happening?

  A. A hacker attempted to pivot using the web server interface.
  B. A potential hacker could be banner grabbing to determine what architecture is being used.
  C. The DNS is misconfigured for the server's IP address.
  D. A server is experiencing a DoS, and the request is timing out,
  A. A hacker attempted to pivot using the web server interface.

• Question 498:

  An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood or an incident, while the horizontal axis indicates the impact.

  

  Which of the following is this table an example of?

  A. Internal threat assessment
  B. Privacy impact assessment
  C. Qualitative risk assessment
  D. Supply chain assessment
  C. Qualitative risk assessment

• Question 499:

  An organization has the following written policies:

  1.

  Users must request approval for non-standard software installation.

  2.

  Administrators will perform all software installations.

  3.

  Software must be installed from a trusted repository.

  A recent security audit identified crypto-currency software installed on one user's machine. There are no indications of compromise on this machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?

  A. The user's machine was infected with malware; implement the organization's incident response
  B. The user installed the software on the machine; implement technical controls to enforce the written policies
  C. The crypto-currency software was misidentified and is authorized; add the software to the organization's approved list
  D. Administrators downloaded the software from an untrusted repository; add a policy that requires integrity checking for all software.
  B. The user installed the software on the machine; implement technical controls to enforce the written policies

• Question 500:

  A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization's PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement to BEST meet these requirements? (Select two.)

  A. Install an X- 509-compliant certificate.
  B. Implement a CRL using an authorized CA.
  C. Enable and configure TLS on the server.
  D. Install a certificate signed by a public CA.
  E. Configure the web server to use a host header.
  A. Install an X- 509-compliant certificate.
  C. Enable and configure TLS on the server.