• Home
  • Blogs
  • Prepare Top CompTIA SYO-501 Exam Study Guide Practice Questions Edition [Q257-Q276]

Prepare Top CompTIA SYO-501 Exam Study Guide Practice Questions Edition [Q257-Q276]

Share

Prepare Top CompTIA SYO-501 Exam Study Guide Practice Questions Edition

Go to SYO-501 Questions - Try SYO-501 dumps pdf 

NEW QUESTION 257
A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat.
@echo offasdhbawdhbasdhbawdhb
start notepad.exe
start notepad.exe
start calculator.exe
start calculator.exe
goto asdhbawdhbasdhbawdhb
Given the file contents and the system's issues, which of the following types of malware is present?

  • A. Rootkit
  • B. Virus
  • C. Logic bomb
  • D. Worm

Answer: C

 

NEW QUESTION 258
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords.
Which of the following technical controls would help prevent these policy violations? (Select TWO).

  • A. Password complexity
  • B. Password length
  • C. Password history
  • D. Password expiration
  • E. Password lockout

Answer: A,B

 

NEW QUESTION 259
A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information:

There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Choose two.)

  • A. Limit users to five attempted logons before they are locked out
  • B. Force users to change passwords the next time they log on
  • C. Generate password hashes using SHA-256
  • D. Require the web server to only use TLS 1.2 encryption
  • E. Start using salts to generate MD5 password hashes

Answer: B,E

 

NEW QUESTION 260
The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?

  • A. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed
  • B. Cloud-based antivirus solution, running as local admin, with push technology for definition updates
  • C. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs
  • D. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs

Answer: A

 

NEW QUESTION 261
The POODLE attack is an MITM exploit that affects:

  • A. TLS1.0 with CBC mode cipher
  • B. SSLv2.0 with CBC mode cipher
  • C. SSLv3.0 with ECB mode cipher
  • D. SSLv3.0 with CBC mode cipher

Answer: D

Explanation:
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode.
How To Protect your Server Against the POODLE SSLv3 Vulnerability On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.
Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection.
The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3.
Because this is a flaw with the protocol design, and not an implementation issue, every piece of software that uses SSLv3 is vulnerable.
To find out more information about the vulnerability, consult the CVE information found at CVE-2014-3566.
What is the POODLE Vulnerability?
The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-inthe-middle context to decipher the plain text content of an SSLv3 encrypted message.
Who is Affected by this Vulnerability?
This vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software that implements a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.
Some common pieces of software that may be affected are web browsers, web servers, VPN servers, mail servers, etc.
How Does It Work?
In short, the POODLE vulnerability exists because the SSLv3 protocol does not adequately check the padding bytes that are sent with encrypted messages.
Since these cannot be verified by the receiving party, an attacker can replace these and pass them on to the intended destination. When done in a specific way, the modified payload will potentially be accepted by the recipient without complaint.
An average of once out of every 256 requests will accepted at the destination, allowing the attacker to decrypt a single byte. This can be repeated easily in order to progressively decrypt additional bytes. Any attacker able to repeatedly force a participant to resend data using this protocol can break the encryption in a very short
amount of time.
How Can I Protect Myself?
Actions should be taken to ensure that you are not vulnerable in your roles as both a client and a server. Since encryption is usually negotiated between clients and servers, it is an issue that involves both parties.
Servers and clients should should take steps to disable SSLv3 support completely. Many applications use better encryption by default, but implement SSLv3 support as a fallback option.
This should be disabled, as a malicious user can force SSLv3 communication if both participants allow it as an acceptable method.

 

NEW QUESTION 262
Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerably signatures?

  • A. Preventive
  • B. Corrective
  • C. Compensating
  • D. Detective

Answer: D

 

NEW QUESTION 263
A government contracting company Issues smartphones lo employees lo enable access lo corporate resources. Several employees will need to travel to a foreign country (or business purposes and will require access lo their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

  • A. Disable push notification services.
  • B. Disable wipe.
  • C. Disable firmware OTA updates.
  • D. Disable location services.

Answer: C

 

NEW QUESTION 264
Which of the following encryption methods does PKI typically use to securely protect keys?

  • A. Obfuscation
  • B. Asymmetric
  • C. Elliptic curve
  • D. Digital signatures

Answer: B

Explanation:
https://blog.finjan.com/what-is-public-key-infrastructure-pki-and-how-is-it-used-in-cyber-security/

 

NEW QUESTION 265
A network technician is designing a network for a small company. The network technician needs to implement an email server and web server that will be accessed by both internal employees and external customers.
Which of the following would BEST secure the internal network and allow access to the needed servers?

  • A. Implementing NAT addressing for the servers.
  • B. Implementing a site-to-site VPN for server access.
  • C. Implementing a sandbox to contain the servers.
  • D. Implementing a DMZ segment for the server.

Answer: D

 

NEW QUESTION 266
A network administrator was concerned during an audit that users were able to use the same password the day after a password change policy took effect. The following settings are in place:
Which of the following settings would prevent users from able to immediately reuse the same passwords?

  • A. Password history of ten passwords
  • B. Complex passwords must be used
  • C. Password length greater than ten characters
  • D. Minimum password age of five days

Answer: D

 

NEW QUESTION 267
A systems administrator is reviewing the following information from a compromised server:

Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?

  • A. Apache
  • B. MySQL
  • C. TFTP
  • D. LSASS

Answer: A

 

NEW QUESTION 268
An organization wants to deliver streaming audio and video from its home office to remote locations all over the world. It wants the stream to be delivered securely and protected from intercept and replay attacks.
Which of the following protocols is BEST suited for this purpose?

  • A. S/MIME
  • B. SSH
  • C. SIP
  • D. SRTP

Answer: D

 

NEW QUESTION 269
Select correct certificate?

  • A. .der certificate
  • B. .cer certificate
  • C. .pfx certificate
  • D. .crt certificate

Answer: C

 

NEW QUESTION 270
A company recently updated its website to increase sales. The new website uses PHP forms for leads and provides a directory with sales staff and their phone numbers. A systems administrator is concerned with the new website and provides the following log to support the concern:

Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above?

  • A. Implementing account lockouts
  • B. Increasing the minimum password length from eight to ten characters
  • C. Changing the account standard naming convention
  • D. Discontinuing the use of privileged accounts

Answer: C

 

NEW QUESTION 271
Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment?

  • A. It restricts the access of the software to a contained logical space and limits possible damage.
  • B. It facilitates the analysis of possible malware by allowing it to run until resources are exhausted.
  • C. It eliminates the possibility of privilege escalation attacks against the local VM host.
  • D. It allows the software to run in an unconstrained environment with full network access.

Answer: B

 

NEW QUESTION 272
A company wants to host a publicly available server that performs the following functions:
Evaluates MX record lookup

Can perform authenticated requests for A and AAA records

Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

  • A. dig
  • B. nslookup
  • C. DNSSEC
  • D. SFTP

Answer: C

Explanation:
DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).

 

NEW QUESTION 273
Select the appropriate attack from each drop down list to label the corresponding illustrated attack.
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation

1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.
2: The Hoax in this question is designed to make people believe that the fake AV (anti- virus) software is genuine.
3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.
4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.
5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
References:
http://searchsecurity.techtarget.com/definition/spear-phishing
http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html
http://www.webopedia.com/TERM/P/pharming.html

 

NEW QUESTION 274
Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?

  • A. Encryption
  • B. Sandboxing
  • C. Fuzzing
  • D. Code signing

Answer: B

 

NEW QUESTION 275
A company's user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two.)

  • A. Replay
  • B. Rainbow tables
  • C. Pass the hash
  • D. Dictionary
  • E. Brute force

Answer: D,E

 

NEW QUESTION 276
......


High level topics covered by our practice test

This Web Simulator will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations. This Web Simulator is for Candidates that usually want to verify their ability when securing large organization.

The Web Simulator will also help candidates to understand better how CompTIA Security practice tests are fundamental to pass their final exam..


Where Does Security+ Lie on Professional CompTIA Certification Ladder?

In terms of cybersecurity certificates, this is the first certification that you should obtain to become a cybersecurity specialist. But if you squint hard enough, you will realize the new Security+ training is more than just an entry-level certificate, because it also qualifies learners for intermediate-level jobs in IT. Therefore, the CompTIA Security+ is among the most popular certificates that the vendor has to offer today. So, to earn it, you must pass only one exam - SY0-501 exam.

 

Free Security+ SYO-501 Exam Question: https://www.testkingit.com/CompTIA/latest-SYO-501-exam-dumps.html

Related Blogs

more
CompTIA SYO-501 Certification Practice Exam