A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services. The scan reports include the following critical-rated vulnerability:
Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0) Threat actor: any remote user of the web server Confidence: certain Recommendation: apply vendor patches
Which of the following actions should the security analyst perform FIRST?
A. Escalate the issue to senior management.A company was recently audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
A. HTTPSWhen generating a request for a new x.509 certificate for securing a website, which of the following is the MOST appropriate hashing algorithm?
A. RC4A new PKI is being built at a company, but the network administrator has concerns about spikes of traffic occurring twice a day due to clients checking the status of the certificates. Which of the following should be implemented to reduce the spikes in traffic?
A. CRLDuring a penetration test, Joe, an analyst, contacts the target's service desk Impersonating a user, he attempts to obtain assistance with resetting an email password. Joe claims this needs to be done as soon as possible, as he is the vice president of sales and does not want to contact the Chief Operations Officer (COO) for approval, since the COO is on vacation. When challenged. Joe reaffirms that he needs this done immediately, and threatens to contact the service desk supervisor over the issue. Which of the following social engineering principles is Joe employing in this scenario'? (Select TWO).
A. IntimidationA security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted?
A. Non-credentialedA Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO?
A. VPNWhich of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?
A. PrivateSeveral workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability?
A. Install an antivirus definition patchWhich of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled?
A. Full backupNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.