SY0-501 Real Exam Dumps Questions and answers 121-130

Get Full Version of the Exam

Question No.121

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

  1. The firewall should be configured to prevent user traffic form matching the implicit deny rule.

  2. The firewall should be configured with access lists to allow inbound and outbound traffic.

  3. The firewall should be configured with port security to allow traffic.

  4. The firewall should be configured to include an explicit deny rule.

Correct Answer: A

Question No.122

An employer requires that employees use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:

  1. Something you have.

  2. Something you know.

  3. Something you do.

  4. Something you are.

Correct Answer: A

Question No.123

A wireless network uses a RADIUS server that is connected to an authenticator, which in turn connects to a supplicant. Which of the following represents the authentication architecture in use?

  1. Open systems authentication

  2. Captive portal

  3. RADIUS federation D. 802.1x

Correct Answer: D

Question No.124

An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use?

  1. FTPS

  2. SFTP

  3. SSL

  4. LDAPS

Correct Answer: C

Question No.125

A company hired a third-party firm to conduct as assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that has a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor. Which of the following BEST describes the reason why the vulnerability exists?

  1. Default configuration

  2. End-of-life

  3. Weak cipher suite

  4. Zero-day threats

Correct Answer: B

Question No.126

A black hat hacker is enumerating a network and wants to remain convert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being convert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

  1. The vulnerability scanner is performing an authenticated scan.

  2. The vulnerability scanner is performing local file integrity checks.

  3. The vulnerability scanner is performing in network sniffer mode.

  4. The vulnerability scanner is performing banner grabbing.

Correct Answer: C

Question No.127

The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective?

  1. Authentication

  2. HVAC

  3. Full-disk encryption

  4. File integrity checking

Correct Answer: B

Question No.128

Which of the following AES modes of operation provide authentication? (Select two.)

  1. CCM

  2. CBC

  3. GCM

  4. DSA

  5. CFB

Correct Answer: AC

Question No.129

A vulnerability scanner that uses its running service#39;s access level to better assess vulnerabilities across multiple assets within an organization is performing a:

  1. Credentialed scan.

  2. Non-intrusive scan.

  3. Privilege escalation test.

  4. Passive scan.

Correct Answer: A

Question No.130

A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

  1. Open wireless network and SSL VPN

  2. WPA using a preshared key

  3. WPA2 using a RADIUS back-end for 802.1x authentication

  4. WEP with a 40-bit key

Correct Answer: C

Get Full Version of SY0-501 Dumps