CompTIA CompTIA Certifications SY0-501 Questions & Answers

• Question 841:

  A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again?

  A. Risk assessment

  B. Chain of custody

  C. Lessons learned

  D. Penetration test

  Correct Answer: B

• Question 842:

  A Security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

  A. S/MIME

  B. DLP

  C. IMAP

  D. HIDS

  Correct Answer: D

  An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.

• Question 843:

  After being alerted to potential anomalous activity related to trivial DNS lookups, a security analyst looks at the following output of implemented firewall rules:

  

  The analyst notices that the expected policy has no hit count for the day. Which of the following MOST likely occurred?

  A. Data execution prevention is enabled

  B. The VLAN is not trunked properly

  C. There is a policy violation for DNS lookups

  D. The firewall policy is misconfigured

  Correct Answer: D

• Question 844:

  A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

  A. Transitive access

  B. Spoofing

  C. Man-in-the-middle

  D. Replay

  Correct Answer: C

• Question 845:

  A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the

  expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.

  Which of the following has the administrator been tasked to perform?

  A. Risk transference

  B. Penetration test

  C. Threat assessment

  D. Vulnerability assessment

  Correct Answer: D

• Question 846:

  An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure are the receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks?

  A. Tailgating

  B. Shoulder surfing

  C. Impersonation

  D. Hoax

  Correct Answer: C

• Question 847:

  A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report?

  A. Architecture evaluation

  B. Baseline reporting

  C. Whitebox testing

  D. Peer review

  Correct Answer: D

• Question 848:

  A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue?

  A. Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability

  B. Recommend classifying each application into like security groups and segmenting the groups from one another

  C. Recommend segmenting each application, as it is the most secure approach

  D. Recommend that only applications with minimal security features should be segmented to protect them

  Correct Answer: B

• Question 849:

  An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?

  A. Use a honeypot

  B. Disable unnecessary services

  C. Implement transport layer security

  D. Increase application event logging

  Correct Answer: B

• Question 850:

  A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the

  application cannot re-enable the setting without the knowledge of the user.

  Which of the following mobile device capabilities should the user disable to achieve the stated goal?

  A. Device access control

  B. Location based services

  C. Application control D. GEO-Tagging

  Correct Answer: D