The Best CompTIA SYO-501 Study Guides and Dumps of 2022 [Q91-Q114]

The Best CompTIA SYO-501 Study Guides and Dumps of 2022

Top CompTIA SYO-501 Exam Audio Study Guide! Practice Questions Edition

NEW QUESTION 91
Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions:
Shut down all network shares.

Run an email search identifying all employees who received the malicious message.

Reimage all devices belonging to users who opened the attachment.

Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process?

A. Containment
B. Lessons learned
C. Recovery
D. Eradication

Answer: C

NEW QUESTION 92
A security analyst is hardening a large-scale wireless network. The primary requirements are the following:
* Must use authentication through EAP-TLS certificates
* Must use an AAA server
* Must use the most secure encryption protocol
Given these requirements, which of the following should the analyst implement and recommend? (Choose two.)

A. CCMP
B. 802.3
C. WPA2-PSK
D. TKIP
E. LDAP
F. 802.1X

Answer: C,F

NEW QUESTION 93
Company A has acquired Company B.
Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A's domain infrastructure. Which of the following methods would allow the two companies to access one another's resources?

A. Federation
B. Attestation
C. Single sign-on
D. Kerberos

Answer: A

NEW QUESTION 94
A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at :ne same time. Which of the following is the BEST control to address this audit finding?

A. Proximity cards
B. Biometrics
C. Mantrap
D. Faraday cage

Answer: C

NEW QUESTION 95
A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFI- enabled baby monitor while the baby's parents were sleeping.
Which of the following BEST describes how the intruder accessed the monitor?

A. WiFi signal strength
B. Default configuration
C. Outdated antivirus
D. Social engineering

Answer: B

NEW QUESTION 96
A buffer overflow can result in:

A. loss of data caused by unauthorized command execution.
B. privilege escalation caused by TPN override.
C. reduced key strength due to salt manipulation.
D. repeated use of one-time keys.

Answer: B

NEW QUESTION 97
Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network.
Which of the following scan types is Joe performing?

A. White box
B. Gray box
C. Authenticated
D. Automated

Answer: B

NEW QUESTION 98
After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?

A. Documentation
B. Preparation
C. Identification
D. Escalation
E. Recovery

Answer: C

NEW QUESTION 99
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements:
* Allow authentication from within the United States anytime
* Allow authentication if the user is accessing email or a shared file system
* Do not allow authentication if the AV program is two days out of date
* Do not allow authentication if the location of the device is in two specific countries Given the requirements, which of the following mobile deployment authentication types is being utilized?

A. Two-factor authentication
B. Context-aware authentication
C. Biometric authentication
D. Geofencing authentication

Answer: B

NEW QUESTION 100
Hotspot Question
A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

NEW QUESTION 101
A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

Answer:

Explanation:

Explanation:
When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts.
Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation.

NEW QUESTION 102
A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Select TWO).

A. Privileged accounts
B. Account disablement
C. Password complexity requirements
D. Password recovery
E. Password reuse restrictions

Answer: B,C

NEW QUESTION 103
An information security specialist is reviewing the following output from a Linux server.

Based on the above information, which of the following types of malware was installed on the server?

A. Trojan
B. Backdoor
C. Rootkit
D. Ransomware
E. Logic bomb

Answer: E

NEW QUESTION 104
Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further confirmed that Joe still has his badge and it was last used to exit the facility. Which of the following access control methods is MOST appropriate for preventing such occurrences in the future?

A. Access control where the credentials cannot be used except when the associated badge is in the facility
B. Access control where employee's access permissions is based on the job title
C. Access control system where badges are only issued to cleared personnel
D. Access control where system administrators may limit which users can access their systems

Answer: A

NEW QUESTION 105
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader Safe is a hardware/physical security measure Mantrap can be used to control access to sensitive areas. CCTV can be used as video surveillance.
Biometric reader can be used to control and prevent unauthorized access. Locking cabinets can be used to protect backup media, documentation and other physical artifacts.

NEW QUESTION 106
An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

A. ARO
B. ALE
C. RPO
D. SLE

Answer: D

NEW QUESTION 107
A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead, the company decides to purchase insurance to cover the cost of any potential loss.
Which of the following is the company doing?

A. Avoiding the risk
B. Migrating the risk
C. Transferring the risk
D. Accepting the risk

Answer: C

NEW QUESTION 108
A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?

A. The certificate was self signed, and the CA was not imported by employees or customers
B. The valid period for the certificate has passed, and a new certificate has not been issued
C. The root CA has revoked the certificate of the intermediate CA
D. The key escrow server has blocked the certificate from being validated

Answer: B

NEW QUESTION 109
A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements:
Which of the following should the administrator implement to meet the above requirements? (Select three.)

A. Implement usage auditing and review.
B. Enable account lockout thresholds.
C. Perform regular permission audits and reviews.
D. Create a standard naming convention for accounts.
E. Implement time-of-day restrictions.
F. Eliminate shared accounts.
G. Copy logs in real time to a secured WORM drive.

Answer: A,C,F

NEW QUESTION 110
Drag and drop the correct protocol to its default port.

Answer:

Explanation:

Explanation:
FTP uses TCP port 21. Telnet uses port 23.
SSH uses TCP port 22.
All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).
Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). SMTP uses TCP port 25.
Port 69 is used by TFTP.
SNMP makes use of UDP ports 161 and 162.
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

NEW QUESTION 111
A company is terminating an employee for misbehavior.
Which of the following steps is MOST important in the process of disengagement from this employee?

A. Obtain a list of passwords used by the employee.
B. Have the employee sign an NDA before departing.
C. Have the employee surrender company identification.
D. Generate a report on outstanding projects the employee handled.

Answer: B

NEW QUESTION 112
An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

A. SaaS
B. CASB
C. IaaS
D. PaaS

Answer: B

Explanation:
Explanation
Security Broker (CASB) gives you both visibility into your entire cloud stack and the security automation tool your IT team needs.

NEW QUESTION 113
For each of the given items, select the appropriate authentication category from the drop down choices.
Select the appropriate authentication type for the following items: