Your success in CompTIA SY0-501 is our sole target and we develop all our SY0-501 braindumps in a way that facilitates the attainment of this target. Not only is our SY0-501 study material the best you can find, it is also the most detailed and the most updated. SY0-501 Practice Exams for CompTIA SY0-501 are written to the highest standards of technical accuracy.
Q9. A user clicked an email link that led to a website than infected the workstation with a virus. The virus encrypted all the network shares to which the user had access. The virus was not deleted or blocked by the company’s email filter, website filter, or antivirus. Which of the following describes what occurred?
A. The user’s account was over-privileged.
B. Improper error handling triggered a false negative in all three controls.
C. The email originated from a private email server with no malware protection.
D. The virus was a zero-day attack.
Answer: A
Q10. Which of the following encryption methods does PKI typically use to securely project keys?
A. Elliptic curve
B. Digital signatures
C. Asymmetric
D. Obfuscation
Answer: B
Q11. A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.)
A. Generate an X.509-compliant certificate that is signed by a trusted CA.
B. Install and configure an SSH tunnel on the LDAP server.
C. Ensure port 389 is open between the clients and the servers using the communication.
D. Ensure port 636 is open between the clients and the servers using the communication.
E. Remote the LDAP directory service role from the server.
Answer: B,D
Q12. Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select two.)
A. Password expiration
B. Password length
C. Password complexity
D. Password history
E. Password lockout
Answer: A,D
Q13. When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:
A. system sprawl
B. end-of-life systems
C. resource exhaustion
D. a default configuration
Answer: B
Q14. An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?
A. Certificate pinning
B. Certificate stapling
C. Certificate chaining
D. Certificate with extended validation
Answer: A
Q15. When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?
A. Owner
B. System
C. Administrator
D. User
Answer: C
Q16. Users report the following message appears when browsing to the company’s secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Select two.)
A. Verify the certificate has not expired on the server.
B. Ensure the certificate has a .pfx extension on the server.
C. Update the root certificate into the client computer certificate store.
D. Install the updated private key on the web server.
E. Have users clear their browsing history and relaunch the session.
Answer: A,C