Get Full Version of the Exam
http://www.EnsurePass.com/SY0-501.html
Question No.111
An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:
Which of the following would be the BEST method to prevent similar audit findings in the future?
-
Implement separation of duties for the payroll department.
-
Implement a DLP solution on the payroll and human resources servers.
-
Implement rule-based access controls on the human resources server.
-
Implement regular permission auditing and reviews.
Correct Answer: A
Question No.112
Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)
-
To prevent server availability issues
-
To verify the appropriate patch is being installed
-
To generate a new baseline hash after patching
-
To allow users to test functionality
-
To ensure users are trained on new functionality
Correct Answer: AD
Question No.113
An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:
Which of the following vulnerabilities is present?
-
Bad memory pointer
-
Buffer overflow
-
Integer overflow
-
Backdoor
Correct Answer: B
Question No.114
Which of the following cryptography algorithms will produce a fixed-length, irreversible output?
-
AES
-
3DES
-
RSA
-
MD5
Correct Answer: D
Question No.115
A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)
-
ALE
-
AV
-
ARO
-
EF
-
ROI
Correct Answer: BD
Question No.116
A security analyst observes the following events in the logs of an employee workstation:
Given the information provided, which of the following MOST likely occurred on the workstation?
-
Application whitelisting controls blocked an exploit payload from executing.
-
Antivirus software found and quarantined three malware files.
-
Automatic updates were initiated but failed because they had not been approved.
-
The SIEM log agent was not turned properly and reported a false positive.
Correct Answer: A
Question No.117
Which of the following would MOST likely appear in an uncredentialed vulnerability scan?
-
Self-signed certificates
-
Missing patches
-
Auditing parameters
-
Inactive local accounts
Correct Answer: D
Question No.118
After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?
-
Recovery
-
Identification
-
Preparation
-
Documentation
-
Escalation
Correct Answer: B
Question No.119
Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?
-
Isolating the systems using VLANs
-
Installing a software-based IPS on all devices
-
Enabling full disk encryption
-
Implementing a unique user PIN access functions
Correct Answer: A
Question No.120
A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)
-
Ping
-
Ipconfig
-
Tracert
-
Netstat
-
Dig
-
Nslookup
Correct Answer: BC
Get Full Version of the Exam
SY0-501 Dumps
SY0-501 VCE and PDF