Last Updated on July 19, 2021 by InfraExam
SY0-501 : CompTIA Security+ Certification : Part 48
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:
- perform attribution to specific APTs and nation-state actors.
- anonymize any PII that is observed within the IoC data.
- add metadata to track the utilization of threat intelligence reports.
- assist companies with impact assessments based on the observed data.
After patching computers with the latest application security patches/updates; users are unable to open certain applications. Which of the following will correct the issue?
- Modifying the security policy for patch management tools
- Modifying the security policy for HIDS/HIPS
- Modifying the security policy for DLP
- Modifying the security policy for media control
A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices?
- Storage segmentation
- USB OTG
A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?
- Vulnerability feeds
- Trusted automated exchange of indicator information
- Structured threat information expression
- Industry information-sharing and collaboration groups
A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited resources is BEST categorized as a:
- script kiddie
Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of security controls, due to differences between the time of commitment and the time of execution?
- Buffer overflow
- DLL injection
- Pointer dereference
- Race condition
A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to customers who visit the company’s chain of cafés. The coffee company has provided no requirements other than that customers should be granted access after registering via a web form and accepting the terms of service. Which of the following is the MINIMUM acceptable configuration to meet this single requirement?
- Captive portal
- WPA with PSK
- Open WiFi
An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?
- The vulnerability scan output
- The security logs
- The baseline report
- The correlation of events
A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?
A security analyst runs a monthly file integrity check on the main web server. When analyzing the logs, the analyst observed the following entry:
No OS patches were applied to this server during this period. Considering the log output, which of the following is the BEST conclusion?
- The cmd.exe was executed on the scanned server between the two dates. An incident ticket should be created.
- The iexplore.exe was executed on the scanned server between the two dates. An incident ticket should be created.
- The cmd.exe was updated on the scanned server. An incident ticket should be created.
- The iexplore.exe was updated on the scanned server. An incident ticket should be created.
A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Choose two.)
- Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 22
- Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 80
- Permit 10.10.10.0/24 192.168.1.15/24 –p udp –dport 21
- Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 443
- Permit 10.10.10.0/24 192.168.1.15/24 –p tcp –dport 53
- Permit 10.10.10.0/24 192.168.1.15/24 –p udp –dport 53
A small enterprise decides to implement a warm site to be available for business continuity in case of a disaster. Which of the following BEST meets its requirements?
- A fully operational site that has all the equipment in place and full data backup tapes on site
- A site used for its data backup storage that houses a full-time network administrator
- An operational site requiring some equipment to be relocated as well as data transfer to the site
- A site staffed with personnel requiring both equipment and data to be relocated there in case of disaster.
Which of the following algorithms would be used to provide non-repudiation of a file transmission?
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?
A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a document on the desktop has disappeared and in its place is an odd filename with no icon image. When clicking on this icon, the user receives a system notification that it cannot find the correct program to use to open this file. Which of the following types of malware has MOST likely targeted this workstation?
- Remote-access Trojan
A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than creating users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?
- The manufacturing company is the service provider, and the cloud company is the identity provider.
- The manufacturing company is the authorization provider, and the cloud company is the service provider.
- The manufacturing company is the identity provider, and the cloud company is the OAuth provider.
- The manufacturing company is the identity provider, and the cloud company is the service provider.
- The manufacturing company is the service provider, and the cloud company is the authorization provider.
Which of the following are the BEST selection criteria to use when assessing hard drive suitability for time-sensitive applications that deal with large amounts of critical information? (Choose two.)
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?
- Create an OCSP
- Generate a CSR
- Create a CRL
- Generate a .pfx file.
A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as ‘Troj.Generic’. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company’s network?