[2017-Nov-NEW]SY0-501 VCE and PDF Dumps 166Q&As Free Share[ 135-144]

Discussion in 'CompTIA Certifications General' started by Archie Praed, Nov 7, 2017.

  1. Archie Praed

    Archie Praed Member
    Member

    Joined:
    Mar 28, 2016
    Messages:
    181
    Likes Received:
    19
    Hello Everyone, CompTIA Exam SY0-501 Questions Free Released Today! Following are some new questions:

    QUESTION 135
    A company wants to host a publicly available server that performs the following functions:
    Evaluates MX record lookup
    Can perform authenticated requests for A and AAA records
    Uses RRSIG
    Which of the following should the company use to fulfill the above requirements?

    A. DNSSEC
    B. SFTP
    C. nslookup
    D. dig

    Answer: C

    QUESTION 136
    Which of the following attack types BEST describes a client-side attack that is used to mandate an HTML iframe with JavaScript code via web browser?

    A. MITM
    B. xss
    C. SQLi

    Answer: B

    QUESTION 137
    A company has a data classification system with definitions for "Private" and public." The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary" Which of the following is the MOST likely reason the company added this data type?

    A. Reduced cost
    B. More searchable data
    C. Better data classification
    D. Expanded authority of the privacy officer

    Answer: B

    QUESTION 138
    A security administrator is developing training for corporate users on basic security principles for personal email accounts.
    Which of the following should be mentioned as the MOST secure way for password recovery?

    A. Utilizing a single Qfor password recovery
    B. Sending a PIN to a smartphone through text message
    C. Utilizing CAPTCHA to avoid brute force attacks
    D. Use a different e-mail address to recover password

    Answer: B

    QUESTION 139
    A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability.
    In order to prevent similar situations in the future, the company should improve which of the following?

    A. Change management procedures
    B. Job rotation policies
    C. Incident response management
    D. Least privilege access controls

    Answer: A

    QUESTION 140
    A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it.
    Which of the following should be done to prevent this scenario from occurring again in the future?

    A. Install host-based firewalls on all computers that have an email client installed
    B. Set the email program default to open messages in plain text
    C. Install end-point protection on all computers that access web email
    D. Create new email spam filters to delete all messages from that sender

    Answer: C

    QUESTION 141
    A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage.
    Which of the following should be implemented?

    A. Recovery agent
    B. Ocsp
    C. Crl
    D. Key escrow

    Answer: B

    QUESTION 142
    An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection.
    Which of the following AES modes of operation would meet this integrity-only requirement?

    A. HMAC
    B. PCBC
    C. CBC
    D. GCM
    E. CFB

    Answer: A

    QUESTION 143
    The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs.
    Which of the following is the best solution for the network administrator to secure each internal website?

    A. Use certificates signed by the company CA
    B. Use a signing certificate as a wild card certificate
    C. Use certificates signed by a public ca
    D. Use a self-signed certificate on each internal server

    Answer: D
    Explanation:
    This is a way to update all internal sites without incurring additional costs?
    To be a CA (Certificate Authority), you need an infrastructure that consists of considerable operational elements, hardware, software, policy frameworks and practice statements, auditing, security infrastructure and personnel.

    QUESTION 144
    A security program manager wants to actively test the security posture of a system.
    The system is not yet in production and has no uptime requirement or active user base.
    Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

    A. Peer review
    B. Component testing
    C. Penetration testing
    D. Vulnerability testing

    Answer: C
    Explanation:
    A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.


    New 400-101 VCE Dumps:

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     
  2. finbalor

    finbalor Member
    Member

    Joined:
    Jul 28, 2017
    Messages:
    95
    Likes Received:
    2
    Here, Dumps4download SY0-501 exam materials will help you pass your

    Dear visitor, you need to Register or Login to view links on Certify Chat.

    certification exam and get SY0-501 certification certificate. Our exam materials are written to the highest standards of technical accuracy. And

    Dear visitor, you need to Register or Login to view links on Certify Chat.

    pdf questions and answers are edited by experienced IT experts and have a 99.9% hit rate.
     
  3. candusmisheel

    candusmisheel Member
    Member

    Joined:
    Feb 12, 2018
    Messages:
    172
    Likes Received:
    1
    Validate your SY0-501 Exam learning and preparation with our most updated SY0-501 dumps. (Dumpspdf.com) has experienced IT experts who gather and approve a huge range of CompTIA SY0-501 Questions Answers for Certification seekers. Practicing our 100% updated SY0-501 Practice Tests is a guaranteed way towards your success in CompTIA

    Dear visitor, you need to Register or Login to view links on Certify Chat.

    .
     
    #3 candusmisheel, Mar 12, 2018
    Last edited: Mar 12, 2018
  4. just_imagine12

    Member

    Joined:
    Mar 11, 2018
    Messages:
    8
    Likes Received:
    0
    can you please share downloaded file
     
  5. Zaixkingg

    Zaixkingg Member
    Member

    Joined:
    Apr 19, 2018
    Messages:
    150
    Likes Received:
    62
    I took the CompTIA Security+ SY0-501 exam in 2018 and I passed it with good grades. I dont think the exam would have been so easy without practice all questions available in SY0-501 dumps pdf. I have recommend this

    Dear visitor, you need to Register or Login to view links on Certify Chat.

    to my colleagues who are trying to obtain the CompTIA Security+ certification
     
    bairstrowjhon likes this.
  6. John Wang

    John Wang Member
    Member

    Joined:
    May 9, 2018
    Messages:
    108
    Likes Received:
    0
    2018/November Braindump2go SY0-501 Exam Dumps with PDF and VCE New Updated Today! Following are some new SY0-501 Real Exam Questions:

    QUESTION 168
    An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack?


    A. Integer overflow attack
    B. Smurf attack
    C. Replay attack
    D. Buffer overflow attack
    E. Cross-site scripting attack


    Answer: C

    QUESTION 169
    An organization is moving its human resources system to a cloud services provider.
    The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?


    A. Two-factor authentication
    B. Account and password synchronization
    C. Smartcards with PINS
    D. Federated authentication


    Answer: D

    QUESTION 170
    The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?


    A. Implement deduplication at the network level between the two locations
    B. Implement deduplication on the storage array to reduce the amount of drive space needed
    C. Implement deduplication on the server storage to reduce the data backed up
    D. Implement deduplication on both the local and remote servers


    Answer: B

    QUESTION 171
    A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results.
    Which of the following is the best method for collecting this information?


    A. Set up the scanning system's firewall to permit and log all outbound connections
    B. Use a protocol analyzer to log all pertinent network traffic
    C. Configure network flow data logging on all scanning system
    D. Enable debug level logging on the scanning system and all scanning tools used.


    Answer: B

    QUESTION 172
    Which of the following best describes the initial processing phase used in mobile device forensics?


    A. The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device
    B. The removable data storage cards should be processed first to prevent data alteration when examining the mobile device
    C. The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined again
    D. The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.


    Answer: D

    QUESTION 173
    Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain.
    Which of the following tools would aid her to decipher the network traffic?


    A. Vulnerability Scanner
    B. NMAP
    C. NETSTAT
    D. Packet Analyzer


    Answer: D

    QUESTION 174
    An administrator is testing the collision resistance of different hashing algorithms. Which of the following is the strongest collision resistance test?


    A. Find two identical messages with different hashes
    B. Find two identical messages with the same hash
    C. Find a common has between two specific messages
    D. Find a common hash between a specific message and a random message


    Answer: A

    QUESTION 175
    The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administor has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled.
    Which of the following would further obscure the presence of the wireless network?


    A. Upgrade the encryption to WPA or WPA2
    B. Create a non-zero length SSID for the wireless router
    C. Reroute wireless users to a honeypot
    D. Disable responses to a broadcast probe request


    Answer: D
    Explanation:
    When “SSID broadcast” is disabled you can:
    1) Completely disable the sending of beacons
    2) Disable probe responses except in cases where the probe request was explicitly addressed to the correct SSID (ignore broadcast probe requests to the wildcard
    SSID) and was from an authorized client (apply MAC Address filtering), and even send a null SSID in the probe responses to those.


    QUESTION 176
    Which of the following should be used to implement voice encryption?


    A. SSLv3
    B. VDSL
    C. SRTP
    D. VoIP


    Answer: C

    QUESTION 177
    During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following?


    A. Application control
    B. Data in-transit
    C. Identification
    D. Authentication


    Answer: D

    QUESTION 178
    After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?


    A. Time-of-day restrictions
    B. Change management
    C. Periodic auditing of user credentials
    D. User rights and permission review


    Answer: D

    1.|2018 Latest SY0-501 Exam Dumps (PDF & VCE) 566Q&As Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.



    2.|2018 Latest SY0-501 Exam Questions & Answers Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     
  7. John Wang

    John Wang Member
    Member

    Joined:
    May 9, 2018
    Messages:
    108
    Likes Received:
    0
    More Braindump2go 2018/November New SY0-501 Real Exam Questions:

    QUESTION 179
    A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify:

    A. Performance and service delivery metrics
    B. Backups are being performed and tested
    C. Data ownership is being maintained and audited
    D. Risk awareness is being adhered to and enforced

    Answer: A

    QUESTION 180
    Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability?

    A. Calculate the ALE
    B. Calculate the ARO
    C. Calculate the MTBF
    D. Calculate the TCO

    Answer: A

    QUESTION 181
    A security administrator needs to implement a system that detects possible intrusions based upon a vendor provided list. Which of the following BEST describes this type of IDS?

    A. Signature based
    B. Heuristic
    C. Anomaly-based
    D. Behavior-based

    Answer: A

    QUESTION 182
    The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents?

    A. Implement protected distribution
    B. Empty additional firewalls
    C. Conduct security awareness training
    D. Install perimeter barricades

    Answer: C

    QUESTION 183
    Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced slowness and input lag and found text files that appear to contain pieces of her emails or online conversations with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?

    A. Ransomware
    B. Rootkit
    C. Backdoor
    D. Keylogger

    Answer: D

    QUESTION 184
    An information security specialist is reviewing the following output from a Linux server.

    Based on the above information, which of the following types of malware was installed on the server?

    A. Logic bomb
    B. Trojan
    C. Backdoor
    D. Ransomware
    E. Rootkit

    Answer: A

    QUESTION 185
    In terms of encrypting data, which of the following is BEST described as a way to safeguard password data by adding random data to it in storage?

    A. Using salt
    B. Using hash algorithms
    C. Implementing elliptical curve
    D. Implementing PKI

    Answer: A

    QUESTION 186
    A system administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement?

    A. Shared accounts
    B. Preshared passwords
    C. Least privilege
    D. Sponsored guest

    Answer: D

    QUESTION 187
    Which of the following would MOST likely appear in an uncredentialed vulnerability scan?

    A. Self-signed certificates
    B. Missing patches
    C. Auditing parameters
    D. Inactive local accounts

    Answer: D

    QUESTION 188
    A security analyst observes the following events in the logs of an employee workstation:

    Given the information provided, which of the following MOST likely occurred on the workstation?

    A. Application whitelisting controls blocked an exploit payload from executing.
    B. Antivirus software found and quarantined three malware files.
    C. Automatic updates were initiated but failed because they had not been approved.
    D. The SIEM log agent was not turned properly and reported a false positive.

    Answer: A

    QUESTION 189
    When identifying a company's most valuable assets as part of a BIA, which of the following should be the FIRST priority?

    A. Life
    B. Intellectual property
    C. Sensitive data
    D. Public reputation

    Answer: A


    1.|2018 Latest SY0-501 Exam Dumps (PDF & VCE) 566Q&As Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.



    2.|2018 Latest SY0-501 Exam Questions & Answers Download:

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     
  8. cillemong

    cillemong Member
    Member

    Joined:
    Nov 29, 2018
    Messages:
    88
    Likes Received:
    5
    If you want to succeed in CompTIA SY0-501Exam then you must get latest SY0-501dumps to prepare exam. Pass4surekey providing you latest SY0-501question answers. You just get SY0-501pdf with updated SY0-501exam questions. I am so happy to utilize SY0-501by Pass4surekey. I discovered this site like a supportive friend. I am so appreciative for their colleagues who made SY0-501due to their dumps I got my success without having any anxiety. SY0-501exam guide helps you to prepare in a proper way or exam and passing it in a better way for the sake of your time and money. I am assure you by getting sample questions from Pass4surekey then you don’t need any other source for preparing SY0-501certification exam because from here you can get verified SY0-501answers of each question that’s all from my side.

    Dear visitor, you need to Register or Login to view links on Certify Chat.

     

Share This Page