SY0-501 Dumps

SY0-501 Real Exam Dumps Questions and answers 101-110

Get Full Version of the Exam

Question No.101

A datacenter recently experienced a breach. When access was gained, an RF device was used to access an air-gapped and locked server rack. Which of the following would Best prevent this type of attack?

  1. Faraday cage

  2. Smart cards

  3. infrared detection

  4. Alarms

Correct Answer: A

Question No.102

During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident?

  1. The finding is a false positive and can be disregarded

  2. The Struts module needs to be hardened on the server

  3. The Apache software on the server needs to be patched and updated

  4. The server has been compromised by malware and needs to be quarantined.

Correct Answer: A

Question No.103

Audit logs from a small company#39;s vulnerability scanning software show the following findings: Destinations scanned:



Server001 – Internal human resources payroll server Server101 – Internet-facing web server


Server201 – SQL server for Server101


Server301 – Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found:




Server001 – Vulnerable to buffer overflow exploit that may allow attackers to install software Server101 – Vulnerable to buffer overflow exploit that may allow attackers to install software Server201 – OS updates not fully current



Server301 – Accessible from internal network without the use of jumpbox Server301 – Vulnerable to highly publicized exploit that can elevate user privileges

Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?

  1. Server001

  2. Server101

  3. Server201

  4. Server301

Correct Answer: B

Question No.104

A security analyst receives an alert from a WAF with the following payload: var data= quot;lt;test test testgt;quot; lt;../../../../../../etc/passwdgt;quot;

Which of the following types of attacks is this?

  1. Cross-site request forgery

  2. Buffer overflow

  3. SQL injection

  4. JavaScript data insertion

  5. Firewall evasion scipt

Correct Answer: D

Question No.105

As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?

  1. Black box

  2. Regression

  3. White box

  4. Fuzzing

Correct Answer: C

Question No.106

Which of the following occurs when the security of a web application relies on JavaScript for input validation?

  1. The integrity of the data is at risk.

  2. The security of the application relies on antivirus.

  3. A host-based firewall is required.

  4. The application is vulnerable to race conditions.

Correct Answer: A

Question No.107

A system administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement?

  1. Shared accounts

  2. Preshared passwords

  3. Least privilege

  4. Sponsored guest

Correct Answer: D

Question No.108

A penetration tester finds that a company#39;s login credentials for the email client were client being sent in clear text. Which of the following should be done to provide encrypted logins to the email server?

  1. Enable IPSec and configure SMTP.

  2. Enable SSH and LDAP credentials.

  3. Enable MIME services and POP3.

  4. Enable an SSL certificate for IMAP services.

Correct Answer: D

Question No.109

A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application#39;s full life cycle. Which of the following software development methodologies is the development team using?

  1. Waterfall

  2. Agile

  3. Rapid

  4. Extreme

Correct Answer: B

Question No.110

Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transported. Which of the following BEST describes the attack vector used to infect the devices?

  1. Cross-site scripting

  2. DNS poisoning

  3. Typo squatting

  4. URL hijacking

Correct Answer: C

Get Full Version of SY0-501 Dumps

Leave a Reply

Your email address will not be published. Required fields are marked *