June/2021 Latest Braindump2go SY0-501 Exam Dumps with PDF and VCE Free Updated Today! Following are some new SY0-501 Real Exam Questions!
QUESTION 1430
Which of the following is a type of attack in which a hacker leverages previously obtained packets to gam access to a wireless network?
A. Replay attack
B. ARP poisoning
C. Bluesnarfing
D. IP spoofing
Answer: A
QUESTION 1431
Which of the following is a characteristic unique to a Type 1 hypervisor?
A. Memory is directly controlled by the hypervisor
B. There is support for two or more operating systems to run simultaneously
C. It has the ability to pass through peripheral devices to the guest operating systems
D. Snapshots of the guest operating systems can be taken
Answer: C
QUESTION 1432
Which of the following explains the importance of patching servers in a test environment?
A. It identifies potential availability and stability issues before they affect production systems
B. It prioritizes the security of the organizations critical internal systems before the external systems are secured
C. It facilitates the update of the organization’s secure baselines before impacting production.
D. It shortens the time to patch production systems by working out issues in the test and staging environments
Answer: A
QUESTION 1433
A systems administrator performing routine maintenance notices a user’s profile is sending GET requests to an external IP address. Which of the following BEST fits this IOC?
A. Logic bomb
B. Trojan
C. Bots
D. Key logger
Answer: C
QUESTION 1434
An employee of a large payroll company has a machine that recently started locking up randomly with greatly increased processor consumption.
Which of the following is the FIRST action an analyst should lake to investigate this potential loC?
A. Actively monitor traffic from the system to see if there is some form of command and control
B. Capture a memory dump of the system for further evaluation of malicious processes
C. Reimage the machine from a known-good image and get it back to the employee
D. Take a full disk image of the filesystem to analyze files for possible malicious activity.
Answer: D
QUESTION 1435
A large organization has recently noticed an increase in the number of corporate mobile devices that are being lost. These mobile devices are used exclusively for on-campus communication at the organization’s international headquarters using the wireless network Per the organization’s policy the devices should not be taken off campus. The security team must find a solution that will encourage users to leave the devices on campus. Which of the following is the BEST solution?
A. Geofencing
B. Remote wipe
C. Tethering
D. Mobile device management
Answer: D
QUESTION 1436
An administrator is trying to inspect SSL traffic to evaluate rf it has a malicious code injection. The administrator is planning to use the inspection features of a firewall solution. Which of the following should be done after the implementation of the firewall solution?
A. Export the certificate chain to the WAF
B. Store all private keys in the DMZ escrow server
C. Generate the new firewall certificate and import it to all the user’s endpoints
D. Import the private certificate of each user to the firewall
Answer: A
QUESTION 1437
During a recent security audit, an organization discovered that server configurations were changed without documented approval. The investigators have confirmed that configuration changes require elevated permissions, and the investigation has failed to identify specific user accounts that are making the configuration changes.
Which of the following is MOST likely occurring?
A. Users have been sharing superuser account passwords
B. Privileged accounts are being used by systems administrators
C. Intruders have compromised the servers and enabled guest accounts
D. Administrators are logging in to the servers using service accounts
Answer: A
QUESTION 1438
A security administrator is reviewing the following report from an organization’s patch management system that has only wired workstations which are utilized daily:
Which of the following is the GREATEST security concern for the administrator?
A. The browser version on ACCT-1 is newer than the rest.
B. The status of ACCT-1 is not accurately reported
C. SALES-2 does not have the finance application installed
D. ACCT-2 is no longer connecting from the organization’s network
Answer: B
QUESTION 1439
An analyst is trying to obtain a signed certificate from a CA by pasting a public key into the CA’s web request form; however it does not work and an error is generated.
Which of the following does the analyst need to paste into the web request form?
A. A private key
B. A CSR
C. The OID
D. A certificate Chain
Answer: C
QUESTION 1440
An organization is collecting logs from its critical infrastructure and a large number of the events are common system activities with identical logs. This is causing the SI EM to consume a large amount of disk space, which may result in the organization having to purchase additional disks to store the logs. Which of the following should the organization do to help mitigate this problem?
A. Enable event deduplication
B. Enable log correlation
C. Enable log aggregation
D. Enable log filtering.
Answer: C
QUESTION 1441
Which of the following BEST describes a defense-in-depth strategy?
A. A security administrator places a web server behind two firewalls from two different vendors with only ports 80 and 443 open
B. The security architect scans servers daily with a vulnerability scanner and conducts weekly penetration-testing exercises
C. The security team configures an application-whitelisting program on endpoints and installs NIDS.
D. Outbound traffic travels through a proxy and a stateful firewall with ports 80 and 443 open
Answer: C
QUESTION 1442
A security analyst wants to obfuscate some code and decides to use ROT13.
Which of the following is an example of the text “HELLO WORLD” in ROT13?
A. DLROWOLLEH
B. URYYB JBEYQ
C. KHOOR ZRUOG
D. QYEBJ BYYRU
Answer: B
QUESTION 1443
During an assessment a security analyst was asked to use a service account to perform a vulnerability scan against the main application server.
Which of the following BEST classifies this type of test?
A. Non-intrusive test
B. Credentialed test
C. Escalation of privilege test
D. Initial exploitation test
Answer: B
QUESTION 1444
Joe a user visited a banking website from a saved bookmark and logged in with his credentials After logging in. Joe discovered he could not access any resources and none of his account information would display. The next day, the bank called to report his account had been compromised. Which of the following MOST likely would have prevented this from occurring?
A. SSH
B. TLS
C. LDAPS
D. DNSSEC
Answer: B
QUESTION 1445
Passive reconnaissance during a penetration test consists of:
A. open-source intelligence gathering
B. social engineering to obtain target information
C. non-intrusive vulnerability scanning
D. probing the target network in a methodical manner
Answer: A
QUESTION 1446
Which of the following has a direct impact on whether a company can meet the RTO?
A. MTTR
B. MTBF
C. ARO
D. RPO
Answer: A
QUESTION 1447
A security administrator learns that Pll, which was gathered by the organization, has been found in an open forum.
As a result, several C-level executives found their identities were compromised and they were victims of a recent whaling attack.
Which of the following would prevent these problems in the future? (Select TWO)
A. Implement a reverse proxy
B. Implement an email DLP
C. Implement a spam filter
D. Implement a host-based firewall
E. Implement a HI DS
Answer: BC
QUESTION 1448
A government contractor has a security requirement that any service in use must not be accessible by a non-governmental agency.
The contractor is trying to reduce costs by moving the on-premises virtual servers to the cloud in a single-tenant environment.
Which of the following would BEST meet the requirements?
A. Public PaaS
B. Public SaaS
C. Public laaS
D. Private PaaS
E. Private SaaS
F. Private laaS
Answer: F
QUESTION 1449
A security analyst just discovered that developers have access to production systems that are used for deployment and troubleshooting.
One developer, who recently left the company abused this access to obtain sensitive information.
Which of the following is the BEST account management strategy to prevent this from reoccurring?
A. Perform an account review and ensure least privilege is being followed for production access
B. Implement multifactor authentication for accessing production systems
C. Configure jump boxes and prevent access to production from any other system
D. Set up time-of-day restrictions that prevent access to production systems during business hours
E. Modify the AUP to prohibit developers from accessing production systems
Answer: E
QUESTION 1450
Following a breach, a forensic analyst reviewed system logs and determined that an attacker used an unknown account with elevated privileges on a computer to access organization files.
Which of the following MOST likely occurred to allow the attacker to access the files?
A. The attacker renamed a domain administrator account on the computer and used it to access the files
B. The attacker used Metasploit to identify the location of the organization’s files and access them
C. The attacker used an active default administrator account to create new accounts with rights to access the files
D. The attacker used a pass-the-hash attack to access the network location and access the files
Answer: C
QUESTION 1451
Which of the following BEST represent detective controls? (Select TWO)
A. Security guard
B. Camera
C. Mantrap
D. Bollards
E. Fencing
Answer: AB
QUESTION 1452
A computer forensics analyst collected a thumb drive that contained a single file with 500 pages of text.
To ensure the file maintains its confidentiality, which of the following should the analyst use?
A. SHA
B. AES
C. SLA
D. NOA
Answer: B
QUESTION 1453
A security analyst is conducting a vulnerability scan and comes across a scheduled task that runs a batch script.
The analyst sees the following text when viewing the batch script s contents:
Which of the following is the MOST likely reason for the analyst to flag this task?
A. The credentials are not encrypted
B. The files are being sent to a public share
C. The wildcard parameters are incorrectly set
D. The password does not meet the minimum requirements
Answer: A
QUESTION 1454
An organization has defined secure baselines for all servers and applications.
Before any servers or applications are placed into production they must be reviewed for compliance deviations.
Which of the following actions would streamline the process and provide more consistent results?
A. Purchase a vulnerability scanner and upgrade the signatures to include compliance items based on the organization’s secure configuration baselines
B. Perform penetration testing against every server and generate automated reports that can be reviewed by all application and server teams
C. Implement a configuration scanner that automatically reviews every server and application against the established baselines
D. Use a network scanner to identify non-compliant ports and services and have the server and application teams review the results independently
Answer: C
QUESTION 1455
Two companies need to exchange a large number of confidential files Both companies run high availability UTM devices.
They do not want to use email systems to exchange the data Since the data needs to be exchanged in both directions, which of the following solutions should a security analyst recommend7
A. Configuring the remote access feature on both UTMs
B. Configuring an FTP server in one company
C. Establishing a site-to-site VPN between the two companies
D. Exchanging data by using a free cloud-storage product
Answer: C
QUESTION 1456
A network administrator at a bank needs to create zones that will prevent an attacker from freely traversing the network in the event of a perimeter firewall breach.
The zones should allow the bank tellers to communicate with each other but prevent them from accessing Internet resources.
Which of the following should the network administrator implement?
A. Air gaps
B. A DMZ
C. A VPN
D. Proxies
Answer: B
QUESTION 1457
After receiving an alert regarding an anomaly in network traffic spikes a secunty analyst discovered a web server has a web-enabled application.
The application was recently installed and was being used by a group of developers that shared a set of default credentials.
During a switch migration, the server was unintentionally plugged into a switchport that was configured for DMZ access.
The analysis provided evidence showing the server was being accessed from international IP addresses via the web-enabled application and used to process and print shipping labels.
Which of the following would prevent this from happening?
A. Ensure the server operating system is part of the patch management process
B. Disable default usernames/passwords and unnecessary ports
C. Use DLP to prevent the use of USB printers and drives on the server
D. Implement NAT between the DMZ and the internal network
Answer: D
QUESTION 1458
A bank with high-profile customer accounts is concerned about collusion and fraud occurring between staff and customers at a specific branch.
Which of the following best practices would help detect any fraudulent activities?
A. Acceptable use policy
B. Continuous network monitoring
C. Job rotation
D. Least privilege
E. Separation of duties
Answer: C
QUESTION 1459
Which of the following cryptographic algorithms can be used for full-disk encryption?
A. AES
B. SHA-256
C. PBKDF2
D. RSA
Answer: A
QUESTION 1460
Before providing digital evidence for a case, a security analyst performed a full disk image of the compromised server using a forensic tool and asked a law enforcement officer to provide an in-person written confirmation of receipt. The security analyst was MOST interested in?
A. avoiding the volatility of the data
B. maintaining the chain of custody
C. confirming the legal hold
D. having a recovery point
Answer: B
QUESTION 1461
Which of the following must be updated prior to conducting weekly cyber hygiene scans of a network?
A. WIDS settings
B. Rainbow tables
C. Antivirus definitions
D. Vulnerability signatures
Answer: D
QUESTION 1462
A business sector is highly competitive and safeguarding trade secrets and critical information is paramount. On a seasonal basis an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock. Which of the following account management practices are the BEST ways to manage these accounts? (Select TWO)
A. Employ time-of-day restrictions
B. Employ password complexity
C. Employ a random key generator strategy
D. Employ an account expiration strategy
E. Employ a password lockout policy
Answer: AD
Resources From:
1.2021 Latest Braindump2go SY0-501 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/sy0-501.html
2.2021 Latest Braindump2go SY0-501 PDF and SY0-501 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1Mto9aYkbmrvlHB5IFqCx-MuIqEVJQ9Yu?usp=sharing
3.2021 Free Braindump2go SY0-501 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/SY0-501-PDF-Dumps(1424-1448).pdf
https://www.braindump2go.com/free-online-pdf/SY0-501-VCE-Dumps(1449-1472).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!