SY0-501 Online Practice Questions and Answers

A security analyst is diagnosing an incident in which a system was compromised from an external IP address.

The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?

A. tracert

B. netstat

C. ping

D. nslookup

A database backup schedule consists of weekly full backups performed on Saturday at 12:00 a.m. and daily differential backups also performed at 12:00 a.m. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery?

A. 1

B. 2

C. 3

D. 4

Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed?

A. Administrative

B. Corrective

C. Deterrent

D. Compensating

During certain vulnerability scanning scenarios, it is possible for the target system to react in unexpected ways. This type of scenario is MOST commonly known as:

A. intrusive testing

B. a buffer overflow

C. a race condition

D. active reconnaissance

A user is unable to obtain an IP address from the corporate DHCP server. Which of the following is MOST likely the cause?

A. Default configuration

B. Resource exhaustion

C. Memory overflow

D. Improper input handling

A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the

expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.

Which of the following has the administrator been tasked to perform?

A. Risk transference

B. Penetration test

C. Threat assessment

D. Vulnerability assessment

A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Select TWO).

A. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 22

B. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 80

C. Permit 10.10.10.0/24192.168.1.15/24 -p udp --dport 21

D. Permit 10.10.10.0/24 0.0.0.0-p tcp --dport 443

E. Permit 10.10.10.0/24 192.168.1.15/24 -p tcp --dport 53

F. Permit 10.10.10.0/24 192.168.1.15/24 -p udp --dport 53

Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being aware of the interception and potential modification to the communications?

A. Spear phishing

B. Main-in-the-middle

C. URL hijacking

D. Transitive access

During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue?

A. Network mapping

B. Vulnerability scan

C. Port Scan

D. Protocol analysis

Which of the following BEST distinguishes Agile development from other methodologies in terms of vulnerability management?

A. Cross-functional teams

B. Rapid deployments

C. Daily standups

D. Peer review

E. Creating user stories