SY0-501 Real Exam Dumps Questions and answers 111-120

Get Full Version of the Exam

Question No.111

An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:


Which of the following would be the BEST method to prevent similar audit findings in the future?

  1. Implement separation of duties for the payroll department.

  2. Implement a DLP solution on the payroll and human resources servers.

  3. Implement rule-based access controls on the human resources server.

  4. Implement regular permission auditing and reviews.

Correct Answer: A

Question No.112

Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)

  1. To prevent server availability issues

  2. To verify the appropriate patch is being installed

  3. To generate a new baseline hash after patching

  4. To allow users to test functionality

  5. To ensure users are trained on new functionality

Correct Answer: AD

Question No.113

An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:


Which of the following vulnerabilities is present?

  1. Bad memory pointer

  2. Buffer overflow

  3. Integer overflow

  4. Backdoor

Correct Answer: B

Question No.114

Which of the following cryptography algorithms will produce a fixed-length, irreversible output?

  1. AES

  2. 3DES

  3. RSA

  4. MD5

Correct Answer: D

Question No.115

A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)

  1. ALE

  2. AV

  3. ARO

  4. EF

  5. ROI

Correct Answer: BD

Question No.116

A security analyst observes the following events in the logs of an employee workstation:


Given the information provided, which of the following MOST likely occurred on the workstation?

  1. Application whitelisting controls blocked an exploit payload from executing.

  2. Antivirus software found and quarantined three malware files.

  3. Automatic updates were initiated but failed because they had not been approved.

  4. The SIEM log agent was not turned properly and reported a false positive.

Correct Answer: A

Question No.117

Which of the following would MOST likely appear in an uncredentialed vulnerability scan?

  1. Self-signed certificates

  2. Missing patches

  3. Auditing parameters

  4. Inactive local accounts

Correct Answer: D

Question No.118

After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?

  1. Recovery

  2. Identification

  3. Preparation

  4. Documentation

  5. Escalation

Correct Answer: B

Question No.119

Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?

  1. Isolating the systems using VLANs

  2. Installing a software-based IPS on all devices

  3. Enabling full disk encryption

  4. Implementing a unique user PIN access functions

Correct Answer: A

Question No.120

A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)

  1. Ping

  2. Ipconfig

  3. Tracert

  4. Netstat

  5. Dig

  6. Nslookup

Correct Answer: BC

Get Full Version of SY0-501 Dumps