CompTIA CompTIA Certifications SY0-501 Questions & Answers

• Question 721:

  When considering loT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered?

  A. Difficult-to-update firmware

  B. Tight integration to existing systems

  C. IP address exhaustion

  D. Not using industry standards

  Correct Answer: B

• Question 722:

  Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?

  A. Sandbox

  B. Honeypot

  C. GPO

  D. DMZ

  Correct Answer: A

• Question 723:

  Which of the following algorithms would be used to provide non-repudiation of a file transmission?

  A. AES

  B. RSA

  C. MD5

  D. SHA

  Correct Answer: C

  Non-repudiation is the ability to prove that the file uploaded and the file downloaded are identical. Non-repudiation is an essential part of any secure file transfer solution End-to-end file non-repudiation is the ability to prove who uploaded a specific file, who downloaded it, and that the file uploaded and the file downloaded are identical. It is a security best practice and required by Federal Information Security Management Act (FISMA), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accounta-bility Act (HIPAA), Sarbanes-Oxley Act (SOX), and others. The ability to provide end-to-end file non-repudiation is an essential part of any secure file transfer solution because it provides the following benefits.

  *

  Guarantees the integrity of the data being transferred

  *

  Plays a valuable forensic role if a dispute arises about the file

  *

  Provides a capability that is required for Guaranteed Delivery Providing end-to-end file non-repudiation requires using a secure file transfer server that can perform all of the following activities:

  *

  Authenticate each user who uploads or downloads a file

  *

  Check the integrity of each file when uploaded and downloaded

  *

  Compare the server and client-generated integrity check results

  *

  Associate and log the authentication and check results The cryptographically valid SHA1 and MD5 algorithms are widely used to do file integri-ty checking. SHA1 is the stronger of these, and is approved for file integrity checking under US Federal Information Processing Standard FIPS 140-2. MOVEit secure file transfer server and MOVEit Automation MFT automation server each have built-in FIPS 140-2 validated cryptographic modules that include the SHA1 and MD5 algorithms, which they use for file integrity checking.

• Question 724:

  A security administrator is implementing a new WAF solution and has placed some of the web servers behind the WAF, with the WAF set to audit mode. When reviewing the audit logs of external requests and posts to the web servers, the

  administrator finds the following entry:

  Based on this data, which of the following actions should the administrator take?

  A. Alert the web server administrators to a misconfiguration

  B. Create a blocking policy based on the parameter values

  C. Change the parameter name 'Account_Name' identified in the log.

  D. Create an alert to generate emails for abnormally high activity.

  Correct Answer: D

• Question 725:

  If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using?

  A. RSA

  B. 3DES

  C. DSA

  D. SHA-2

  Correct Answer: D

• Question 726:

  A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

  A. A reverse proxy

  B. A decryption certificate

  C. A split-tunnel VPN

  D. Load-balanced servers

  Correct Answer: B

  By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting

  the server from exposure by having clients pass through the WAF before reaching the server.

  A WAF operates through a set of rules often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF comes in part from the speed and ease with which policy

  modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.

• Question 727:

  An incident response analyst at a large corporation is reviewing proxy log data.

  The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the

  best NEXT step for the analyst to take?

  A. Call the CEO directly to ensure awareness of the event

  B. Run a malware scan on the CEO's workstation

  C. Reimage the CEO's workstation

  D. Disconnect the CEO's workstation from the network.

  Correct Answer: D

• Question 728:

  Which of the following are the BEST selection criteria to use when assessing hard drive suitability for time-sensitive applications that deal with large amounts of critical information? (Select TWO).

  A. MTBF

  B. MTTR

  C. SLA

  D. RTO

  E. MTTF

  F. RPO

  Correct Answer: AB

• Question 729:

  Which of the following is a technical preventive control?

  A. Two-factor authentication

  B. DVR-supported cameras

  C. Acceptable-use MOTD

  D. Syslog server

  Correct Answer: A

• Question 730:

  A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again?

  A. Risk assessment

  B. Chain of custody

  C. Lessons learned

  D. Penetration test

  Correct Answer: B