CompTIA CompTIA Certifications SY0-501 Questions & Answers

• Question 761:

  Which of the following implements two-factor authentication on a VPN?

  A. Username, password, and source IP

  B. Public and private keys

  C. HOTP token and logon credentials

  D. Source and destination IP addresses

  Correct Answer: A

  What is the process for logging in?

  Setting up two-factor authentication for a user for the first time:

  1.

  A user will go to the URL given to them by OT support and enter their username and password.

  2.

  After logging in, they'll be prompted to input their phone number and verify it with a simple phone call or text message.

  3.

  The next step is to install Duo Mobile, a smartphone app that generates passcodes and supports Duo Push (on iPhone and Android).

  4.

  After installing the app, it needs to be activated in order to be linked to the user's account.

  5.

  Lastly, the user is shown a success message and the login prompt that they'll normally see when logging in.

  To connect via VPN using two-factor authentication after set-up:

  Go to the URL and login with their username and password.

  1.

  Choose which authentication method: Duo Push, phone call, text or passcode.

  2.

  If they choose Duo Push, a notification will be sent to their phone. They simply have to select the "Approve" button to redirect their browser to the SSL VPN ser-vice homepage.

  3.

  Then they can launch "Tunnel Mode" to direct traffic through their VPN.

  4.

  See What are the authentication choices? for more information on how each method works.

• Question 762:

  A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:

  *

  Employees must provide an alternate work location (i.e., a home address).

  *

  Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed. Which of the following BEST describes the MDM options the company is using?

  A.

  Geofencing, content management, remote wipe, containerization, and storage segmentation

  B.

  Content management, remote wipe, geolocation, context-aware authentication, and containerization

  C.

  Application management, remote wipe, geofencing, context-aware authentication, and containerization

  D.

  Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption

  Correct Answer: C

• Question 763:

  After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

  A. Multifactor authentication

  B. Something you can do

  C. Biometrics

  D. Two-factor authentication

  Correct Answer: B

  https://www.androidcentral.com/android-home-screen-gestures

• Question 764:

  Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of security controls, due to differences between the time of commitment and the time of execution?

  A. Buffer overflow

  B. DLL injection

  C. Pointer dereference

  D. Race condition

  Correct Answer: C

  Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program

  misbehavior or from becoming serious security vulnerabilities.

  DLL injection is a technique which allows an attacker to run arbitrary code in the context of the address space of another process. If this process is running with excessive privileges then it could be abused by an attacker in order to execute

  malicious code in the form of a DLL file in order to elevate privileges.

• Question 765:

  A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:

  *

  The VPN must support encryption of header and payload.

  *

  The VPN must route all traffic through the company's gateway. Which of the following should be configured on the VPN concentrator?

  A.

  Full tunnel

  B.

  Transport mode

  C.

  Tunnel mode

  D.

  IPSec

  Correct Answer: A

• Question 766:

  An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

  A. It allows for the sharing of digital forensics data across organizations.

  B. It provides insurance in case of a data breach.

  C. It provides complimentary training and certification resources to IT security staff.

  D. It certifies the organization can work with foreign entities that require a security clearance.

  E. It assures customers that the organization meets security standards.

  Correct Answer: E

• Question 767:

  A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes server resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

  A. Upgrade the bandwidth available into the datacenter.

  B. Migrate to a geographically dispersed cloud datacenter.

  C. Implement a hot-site failover location.

  D. Switch to a complete SaaS offering to customers.

  E. Implement a challenge response test on all end-user queries.

  Correct Answer: C

• Question 768:

  A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

  A. SIEM

  B. DLP

  C. CASB

  D. SWG

  Correct Answer: C

• Question 769:

  An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

  A. The baseline

  B. The endpoint configurations

  C. The adversary behavior profiles

  D. The IPS signatures

  Correct Answer: D

• Question 770:

  A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types Is an IDS?

  A. Corrective

  B. Physical

  C. Detective

  D. Administrative

  Correct Answer: C