SY0-501 Real Exam Dumps Questions and answers 61-70

Get Full Version of the Exam

Question No.61

Which of the following threat actors is MOST likely to steal a company#39;s proprietary information to gain a market edge and reduce time to market?

  1. Competitor

  2. Hacktivist

  3. Insider

  4. Organized crime.

Correct Answer: A

Question No.62

Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?

  1. Private

  2. Hybrid

  3. Public

  4. Community

Correct Answer: D

Question No.63

A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals?

  1. Require the SFTP protocol to connect to the file server.

  2. Use implicit TLS on the FTP server.

  3. Use explicit FTPS for connections.

  4. Use SSH tunneling to encrypt the FTP traffic.

Correct Answer: C

Question No.64

Which of the following types of keys is found in a key escrow?

  1. Public

  2. Private

  3. Shared

  4. Session

Correct Answer: B

Question No.65

A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions the penetration tester is performing?

  1. URL hijacking

  2. Reconnaissance

  3. White box testing

  4. Escalation of privilege

Correct Answer: B

Question No.66


Drag and drop the correct protocol to its default port.


Correct Answer:


Question No.67

Which of the following network vulnerability scan indicators BEST validates a successful, active scan?

  1. The scan job is scheduled to run during off-peak hours.

  2. The scan output lists SQL injection attack vectors.

  3. The scan data identifies the use of privileged-user credentials.

  4. The scan results identify the hostname and IP address.

Correct Answer: D

Question No.68

A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format?

  1. PFX

  2. PEM

  3. DER

  4. CER

Correct Answer: B

Question No.69

A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?

  1. Vulnerability scanning

  2. Penetration testing

  3. Application fuzzing

  4. User permission auditing

Correct Answer: A

Question No.70

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

  1. Privilege escalation

  2. Pivoting

  3. Process affinity

  4. Buffer overflow

Correct Answer: A

Get Full Version of SY0-501 Dumps