2021 SYO-501 dumps review - Professional Quiz Study Materials

SYO-501 Test Prep Training Practice Exam Questions Practice Tests

What's CompTIA SY0-501 Exam Outline?

The CompTIA SY0-501 exam content covers the following topics:

• Cryptography together with PKI (12%);
• Risk Management (14%);
• Tools as well as Technologies (22%);
• Architecture & Design (15%);
• Vulnerabilities, Threats, and Attacks (21%).
• Access Management and Identity (16%);

The CompTIA SY0-501 test consists of up to 90 questions and the students will have exactly 90 minutes to clear all of them. However, doing so may be a challenge even for an expert as the questions will be in multiple-choice and performance-based formats. The minimum passing score is 750 points (100-900). This exam can be taken in Simplified Chinese, Portuguese, Japanese, or English and costs $349 for US residents. Also, note that there is a newer version of this test available for taking, which has the same exam format and features but covers the advanced and updated content. It is coded, SY0-601, and starting November 12, 2020, will be launched to qualify students for the already mentioned CompTIA Security+ certification. For more information about this new exam and the entire Security+ learning path, you can visit the CompTIA website.

 

NEW QUESTION 76
Which of the following algorithms would be used to provide non-repudiation of a file transmission?

• A. AES
• B. SHA
• C. RSA
• D. MD5

Answer: D

Explanation:
Non-repudiation is the ability to prove that the file uploaded and the file downloaded are identical.
Non-repudiation is an essential part of any secure file transfer solution End-to-end file non-repudiation is the ability to prove who uploaded a specific file, who downloaded it, and that the file uploaded and the file downloaded are identical. It is a security best practice and required by Federal Information Security Management Act (FISMA), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accounta-bility Act (HIPAA), Sarbanes-Oxley Act (SOX), and others.
The ability to provide end-to-end file non-repudiation is an essential part of any secure file transfer solution because it provides the following benefits.
* Guarantees the integrity of the data being transferred
* Plays a valuable forensic role if a dispute arises about the file
* Provides a capability that is required for Guaranteed Delivery
Providing end-to-end file non-repudiation requires using a secure file transfer server that can perform all of the following activities:
* Authenticate each user who uploads or downloads a file
* Check the integrity of each file when uploaded and downloaded
* Compare the server and client-generated integrity check results
* Associate and log the authentication and check results
The cryptographically valid SHA1 and MD5 algorithms are widely used to do file integri-ty checking. SHA1 is the stronger of these, and is approved for file integrity checking under US Federal Information Processing Standard FIPS 140-2. MOVEit secure file transfer server and MOVEit Automation MFT automation server each have built-in FIPS 140-2 validated cryptographic modules that include the SHA1 and MD5 algorithms, which they use for file integrity checking.

 

NEW QUESTION 77
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation

Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader Safe is a hardware/physical security measure Mantrap can be used to control access to sensitive areas. CCTV can be used as video surveillance.
Biometric reader can be used to control and prevent unauthorized access. Locking cabinets can be used to protect backup media, documentation and other physical artifacts.

 

NEW QUESTION 78
An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it. The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks. Which of the following should the administrator implement?

• A. Kerberos
• B. NTLMv2
• C. Shibboleth
• D. TACACS+

Answer: A

 

NEW QUESTION 79
A security analyst believes an employee's workstation has been compromised. The analyst reviews the system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look suspicious.
One of the files contains the following commands:

Which of the following types of malware was used?

• A. Spyware
• B. Logic bomb
• C. Backdoor
• D. Worm

Answer: C

 

NEW QUESTION 80
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?

• A. backup and restoration plans
• B. Single point of failure
• C. Mission-essential function
• D. Identification of critical systems

Answer: C

Explanation:
The BIA is composed of the following three steps: Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime.

 

NEW QUESTION 81
Exercising various programming responses for the purpose of gaming insight into a system's security posture without exploiting the system is BEST described as.

• A. passive security control testing.
• B. control gap analysis
• C. non-intrusive scanning
• D. peer-conducted code review.

Answer: C

 

NEW QUESTION 82
An information security analyst needs to work with an employee who can answer questions about how data for a specific system is used in the business. The analyst should seek out an employee who has the role of:

• A. systems administrator
• B. owner
• C. privacy officer
• D. steward

Answer: A

 

NEW QUESTION 83
A security analyst monitors the syslog server and notices the following
pinging 10.25.27.31 with 65500 bytes of data Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Which of the following attacks is occurring?

• A. Memory leak
• B. Buffer overflow
• C. Null pointer deference
• D. Integer overflow

Answer: B

 

NEW QUESTION 84
A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset types?
Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation
Company Manages Smart Phone
Screen Lock
Strong Password
Device Encryption
Remote Wipe
GPS Tracking
Pop-up blocker
Data Center Terminal Server
Cable Locks
Antivirus
Host Based Firewall
Proximity Reader
Sniffer
Mantrap

 

NEW QUESTION 85
A security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential.
Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message? (Select TWO).

• A. Label the email as "Confidential."
• B. Digitally sign the message.
• C. Encrypt the message.
• D. Hash the message.
• E. Perform key exchange with the recipient.

Answer: B,C

 

NEW QUESTION 86
An information security specialist is reviewing the following output from a Linux server.

Based on the above information, which of the following types of malware was installed on the server? /local/

• A. Rootkit
• B. Trojan
• C. Backdoor
• D. Logic bomb
• E. Ransomware

Answer: D

 

NEW QUESTION 87
A security analyst, while doing a security scan using packet c capture security tools, noticed large volumes of data images of company products being exfiltrated to foreign IP addresses. Which of the following is the FIRST step in responding to scan results?

• A. Chain of custody
• B. Incident identification
• C. Capture system image
• D. Implement mitigation

Answer: D

 

NEW QUESTION 88
An information security specialist is reviewing the following output from a Linux server.

Based on the above information, which of the following types of malware was installed on the server?

• A. Rootkit
• B. Trojan
• C. Backdoor
• D. Logic bomb
• E. Ransomware

Answer: D

 

NEW QUESTION 89
An office manager found a folder that included documents with various types of data relating to corporate clients. The office manager notified the data included dates of birth, addresses, and phone numbers for the clients. The office manager then reported this finding to the security compliance officer. Which of the following portions of the policy would the security officer need to consult to determine if a breach has occurred?

• A. PHI
• B. PII
• C. Public
• D. Private

Answer: B

 

NEW QUESTION 90
A user clicked an email link that led to a website that infected the workstation with a virus.
The virus encrypted all the network shares to which the user had access. The virus was not detected or blocked by the company's email filter, website filter, or antivirus.
Which of the following describes what occurred?

• A. The virus was a zero-day attack
• B. Improper error handling triggered a false negative in all three controls
• C. The email originated from a private email server with no malware protection

Answer: A

 

NEW QUESTION 91
An incident response manager has started to gather all the facts related to a SIEM alert showing multiple systems may have been compromised.
The manager has gathered these facts:
The breach is currently indicated on six user PCs

One service account is potentially compromised

Executive management has been notified

In which of the following phases of the IRP is the manager currently working?

• A. Containment
• B. Identification
• C. Eradication
• D. Recovery

Answer: B

 

NEW QUESTION 92
A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician's notes indicate the machines has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior?

• A. Session hijacking
• B. Logic bomb
• C. Rootkit
• D. Crypto-malware

Answer: C

 

NEW QUESTION 93
While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

• A. Apply MAC filtering.
• B. Physically check each system.
• C. Conduct a ping sweep.
• D. Deny Internet access to the "UNKNOWN" hostname.

Answer: C

 

NEW QUESTION 94
A number of employees report that parts of an ERP application are not working. The systems administrator reviews the following information from one of the employee workstations:
Execute permission denied: financemodule.dll
Execute permission denied: generalledger.dll
Which of the following should the administrator implement to BEST resolve this issue while minimizing risk and attack exposure?

• A. Whitelist the affected libraries
• B. Update the application blacklist
• C. Verify the DLL's file integrity
• D. Place the affected employees in the local administrator's group

Answer: A

 

NEW QUESTION 95
Which of the following Is a resiliency strategy that allows a system to automatically adapt to workload changes?

• A. Redundancy
• B. Elasticity
• C. Fault tolerance
• D. High availability

Answer: B

 

NEW QUESTION 96
Recently several employees were victims of a phishing email that appeared to originate from the company president. The email claimed the employees would be disciplined if they did not click on a malicious link in the message.
Which of the following principles of social engineering made this attack successful?

• A. Spamming
• B. Scarcity
• C. Social proof
• D. Authority

Answer: D

 

NEW QUESTION 97
Poor inventory control practices can lead to undetected and potentially catastrophic system exploitation due to:

• A. missing SIEM threat feed updates.
• B. license exhaustion as a result of protecting more devices.
• C. diversion of capital funds to cover leased equipment costs.
• D. control gaps resulting from unmanaged hosts.

Answer: D

 

NEW QUESTION 98
......

CompTIA SYO-501 Exam Syllabus Topics:

Topic	Details
Topic 1	Participate in Risk Mitigation Activities Operate with an Awareness of Applicable Policies, Law, and Regulation
Topic 2	Install and Configure Systems to Devices
Topic 3	Install and Configure Systems to Networks
Topic 4	Perform Threat Analysis and Respond with Appropriate Mitigation Techniques
Topic 5	Install and Configure Systems to Secure Applications
Topic 7	Perfrom the Tasks to Support the Priciples of Confidentiality, Integrity and Availability

 

Exam Questions Answers Braindumps SYO-501 Exam Dumps PDF Questions: https://www.vce4dumps.com/SYO-501-valid-torrent.html