Practice Exam 1: SY0-501

The 80 multiple-choice questions provided here help you determine how prepared you are for the actual exam and which topics you need to review further. Write down your answers on a separate sheet of paper so that you can take this exam again if necessary. Compare your answers against the answer key that appears on the book’s accompanying website. Following the answer key are detailed explanations for each question. Additional practice exams can be found on the accompanying Pearson website,

1. As a security administrator, you must be constantly vigilant and always be aware of the security posture of your systems. Which of the following supports this goal?

A. Establishing baseline reporting

B. Disabling unnecessary services

C. Training staff on security policies

D. Installing anti-malware applications

2. Your network has a DHCP server, AAA server, LDAP server, and e-mail server. Instead of authenticating wireless connections locally at the WAP, you want to utilize RADIUS for the authentication process. When you configure the WAP’s authentication screen, what server should you point to, and which port should you use?

A. The DHCP server and port 67

B. The AAA server and port 1812

C. The LDAP server and port 389

D. The e-mail server and port 143

3. What is it known as when traffic to a website is redirected to another, illegitimate site?

A. Phishing

B. Whaling

C. Pharming

D. Spim

4. Which of the following protocols operates at the highest layer of the OSI model?

A. IPsec




5. What can happen if access mechanisms to data on an encrypted USB hard drive are not implemented correctly?

A. Data on the USB drive can be corrupted.

B. Data on the hard drive can be vulnerable to log analysis.

C. The security controls on the USB drive can be bypassed.

D. User accounts can be locked out.

6. The helpdesk department for your organization reports that there are increased calls from clients reporting malware-infected computers. Which of the following steps of incident response is the most appropriate as a first response?

A. Recovery

B. Lessons learned

C. Identification

E. Containment

F. Eradication

7. You want to secure data passing between two points on an IP network. What is the best method to protect from all but the most sophisticated APTs?

A. Transport encryption

B. Key escrow

C. Block ciphers

D. Stream ciphers

8. You are analyzing why the incident response team of your organization could not identify a recent incident that occurred. Review the following e-mail and then answer the question that follows.

E-mail from the incident response team:

A copyright infringement alert was triggered by IP address at 02: 30: 01 GMT.
After reviewing the following logs for IP address we cannot correlate and identify the incident.
- 02: 25: 23
- 02: 30: 15
- 03: 30: 01
- 03: 31: 08

Why couldn’t the incident response team identify and correlate the incident?

A. The logs are corrupt.

B. The chain of custody was not properly maintained.

C. Incident time offsets were not accounted for.

D. Traffic logs for the incident are not available.

9. A security administrator for your organization utilized a heuristic system to detect an anomaly in a desktop computer’s baseline. The admin was able to detect an attack even though the signature-based IDS and antivirus software did not detect it. Upon further review, it appears that the attacker had downloaded an executable file on the desktop computer from a USB port and executed it, triggering a privilege escalation. What type of attack has occurred?

A. Directory traversal

B. XML injection

C. Zero day

D. Baiting

10. The security administrator has added the following information to a SOHO router:

PERMIT 00:1C:C0:A2:56:18
DENY 01:23:6D:A9:55:EC

Now, a mobile device user reports a problem connecting to the network. What is preventing the user from connecting?

A. Port filtering has been implemented.

B. IP address filtering has been implemented.

C. Hardware address filtering has been implemented.

D. WPA2-PSK requires a supplicant on the mobile device.

11. Which of the following can be implemented in hardware or software to protect a web server from XSS attacks?

A. Flood guard


C. URL content filter


12. Your organization has suffered from several data leaks as a result of social engineering attacks that were conducted over the phone. Your boss wants to reduce the risk of another leak by incorporating user training. Which of the following is the best method for reducing data leaks?

A. Social media and BYOD

B. Acceptable use

C. Information security awareness

D. Data handling and disposal

13. A security administrator is required to submit a new CSR to a CA. What is the first step?

A. Generate a new private key based on AES

B. Generate a new public key based on RSA

C. Generate a new public key based on AES

D. Generate a new private key based on RSA

14. Bob wants to send an encrypted e-mail to Alice. Which of the following will Alice need to use to verify the validity of Bob’s certificate? (Select the two best answers.)

A. Bob’s private key

B. Alice’s private key

C. The CA’s private key

D. Bob’s public key

E. Alice’s public key

F. The CA’s public key

15. What are LDAP and Kerberos commonly used for?

A. To sign SSL wildcard certificates

B. To utilize single sign-on capabilities

C. To perform queries on a directory service

D. To store usernames and passwords in a FIM system

16. Your server room has most items bolted down to the floor, but some items—such as network testing tools—can be easily removed from the room. Which security control can you implement to allow for automated notification of the removal of an item from the server room?

A. Environmental monitoring


C. EMI shielding


17. Your organization uses a SOHO wireless router all-in-one device. The network has five wireless BYOD users and two web servers that are wired to the network. What should you configure to protect the servers from the BYOD users’ devices? (Select the two best answers.)

A. Implement EAP-TLS

B. Change the default HTTP port

C. Create a VLAN for the servers

D. Deny incoming connections to the outside router interface

E. Disable physical ports

F. Create an ACL to access the servers

18. You have been tasked with blocking DNS requests and zone transfers coming from outside IP addresses. You analyze your organization’s firewall and note that it implements an implicit allow and currently has the following ACL configured for the external interface:

permit TCP any any 80
permit TCP any any 443

Which of the following rules would accomplish your goal? (Select the two best answers.)

A. Change the implicit rule to an implicit deny

B. Remove the current ACL

C. Add the following ACL at the top of the current ACL:

deny TCP any any 53

D. Add the following ACL at the bottom of the current ACL:

deny ICMP any any 53

E. Apply the current ACL to all interfaces of the firewall

F. Add the following ACL at the bottom of the current ACL:

deny IP any any 53

19. An employee of your organization was escorted off of the premises for suspicion of fraudulent activity, but the employee had been working for two hours before leaving. You have been asked to find out what files have changed since last night’s integrity scan. Which protocols could you use to perform your task? (Select the two best answers.)

A. MD5





F. Blowfish

20. Alice has read and write access to a database. Bob, her subordinate, only has read access. Alice needs to leave to go to a conference. Which access control type should you implement to trigger write access for Bob when Alice is not onsite?

A. Discretionary access control

B. Mandatory access control

C. Rule-based access control

D. Role-based access control

E. Attribute-based access control

21. An attacker gained access to your server room by physically removing the proximity reader from the wall near the entrance. This caused the electronic locks on the door to release. Why did the locks release?

A. The proximity reader was improperly installed.

B. The system used magnetic locks and the locks became demagnetized.

C. The system was designed to fail-open for life safety.

D. The system was installed in a fail-close configuration.

22. Which of the following offer the best protection against brute-forcing passwords? (Select the two best answers.)

A. MD5


C. Bcrypt




23. On Monday, all employees of your organization report that they cannot connect to the corporate wireless network, which uses 802.1X with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the most likely cause of the problem?

A. The Remote Authentication Dial-In User Service certificate has expired.

B. The DNS server is overwhelmed with connections and is unable to respond to queries.

C. There have been too many incorrect authentication attempts and this caused users to be temporarily disabled.

D. The company IDS detected a wireless attack and disabled the wireless network.

24. The organization you work for, a video streaming company, hired a security consultant to find out how customer credit card information was stolen. He determined that it was stolen while in transit from gaming consoles. What should you implement to secure this data in the future?

A. Firmware updates


C. TCP Wrapper


25. In a scenario where data integrity is crucial to the organization, which of the following is true about input validation regarding client/server applications?

A. It must rely on the user’s knowledge of the application.

B. It should be performed on the server side.

C. It should be performed on the client side only.

D. It must be protected by SSL.

26. In an environment where the transmission and storage of PII data needs to be encrypted, what methods should you select? (Select the two best answers.)







27. Your organization is attempting to reduce risk concerning the use of unapproved USB devices to copy files. What could you implement as a security control to help reduce risk?



C. Content filtering

D. Auditing

28. Alice wishes to send a file to Bob using a PKI. Which of the following types of keys should Alice use to sign the file?

A. Alice’s private key

B. Alice’s public key

C. Bob’s public key

D. Bob’s private key

29. Which of the following techniques supports availability when considering a vendor-specific vulnerability in critical industrial control systems?

A. Verifying that antivirus definitions are up to date

B. Deploying multiple firewalls at the network perimeter

C. Incorporating diversity into redundant design

D. Enforcing application whitelists

30. To achieve multifactor security, what should you implement to accompany password usage and smart cards?

A. Badge readers

B. Passphrases

C. Hard tokens

D. Fingerprint readers

31. Which port and transport mechanism protocol must be opened on a firewall to allow incoming SFTP connections?

A. 21 and UDP

B. 22 and UDP

C. 21 and TCP

D. 22 and TCP

32. Users in your organization receive an e-mail encouraging them to click a link to obtain exclusive access to the newest version of a popular smartphone. What is this an example of?

A. Trust

B. Intimidation

C. Scarcity

D. Familiarity

33. You have been tasked by your boss with calculating the annualized loss expectancy (ALE) for a $5000 server that crashes often. In the past year, the server crashed 10 times, requiring a reboot each time, which resulted in a 10% loss of functionality. What is the ALE of the server?

A. $500

B. $5000

C. $10,000

D. $50,000

34. A security administrator analyzed the following logs:

[02: 15: 11]Successful Login: 045
[02: 15: 16]Unsuccessful Login: 067 RDP
[02: 15: 16]Unsuccessful Login: 072 RDP
[02: 15: 16]Unsuccessful Login: 058 RDP
[02: 15: 16]Unsuccessful Login: 094 RDP

What should the security administrator implement as a mitigation method against further attempts?

A. System log monitoring


C. Hardening

D. Reporting

35. What are the best ways for a web programmer to prevent website application code from being vulnerable to XSRF attacks? (Select the two best answers.)

A. Validate input on the client and the server side

B. Ensure HTML tags are enclosed within angle brackets

C. Permit URL redirection

D. Restrict the use of special characters in form fields

E. Use a web proxy to pass website requests between the user and the application

36. Which of the following is a step in deploying a WPA2-Enterprise wireless network?

A. Install a DHCP server on the authentication server

B. Install a digital certificate on the authentication server

C. Install an encryption key on the authentication server

D. Install a token on the authentication server

37. Which of the following is used to validate whether trust is in place and accurate by retuning responses of “good,” “unknown,” or “revoked”?





38. You have found vulnerabilities in your SCADA system. Unfortunately, changes to the SCADA system cannot be made without vendor approval, which can take months to obtain. Which of the following is the best way to protect the SCADA system in the interim?

A. Install a firewall in the SCADA network

B. Update AV definitions on the SCADA system

C. Deploy a NIPS at the edge of the SCADA network

D. Enable auditing of accounts on the SCADA system

39. Your organization’s server uses a public, unencrypted communication channel. You are required to implement protocols that allow clients to securely negotiate encryption keys with the server. What protocols should you select? (Select the two best answers.)



C. Steganography

D. Diffie-Hellman

E. Symmetric encryption

40. Your Internet café operates a public wireless hotspot. Which of the following should you implement?

A. Disable the SSID

B. Open system authentication

C. MAC filter

D. Reduce the power level

41. There is an important upcoming patch to be released. You are required to test the installation of the patch a dozen times before the patch is distributed to the public. What should you perform to test the patching process quickly and often?

A. Create a virtualized sandbox and utilize snapshots

B. Create an image of a patched PC and replicate it to the servers

C. Create an incremental backup of an unpatched PC

D. Create a full disk image to restore after each installation

42. Which of the following is the greatest security risk of two or more companies working together under a memorandum of understanding?

A. An MoU between two parties cannot be held to the same legal standards as a SLA.

B. MoUs are generally loose agreements that do not have strict guidelines governing the transmission of sensitive data.

C. Budgetary considerations may not have been written into the MoU.

D. MoUs have strict policies concerning services performed between entities.

43. An administrator configures Unix accounts to authenticate to a non-Unix server on the internal network. The configuration file incorporates the following information: DC=ServerName and DC=COM. Which service is being used?





44. Your organization (ABC-Services Corp.) has three separate wireless networks used for varying purposes. You conducted a site survey and found the following information from your scans:

SSID – State – Channel – Level
ABC-WAP1 – Connected – 1 – 80 dbm
ABC-WAP2 – Connected – 6 – 90 dbm
ABC-WAP3 – Connected – 11 – 75 dbm
ABC-WAP4 – Connected – 4 – 65 dbm

What is occurring here?

A. Jamming

B. Packet sniffing

C. Near field communication

D. Rogue access point

45. Which of the following is vulnerable to spoofing?



C. Enabled SSID

D. MAC filtering

46. Your organization has decided to move large sets of sensitive data to a SaaS cloud provider in order to limit storage and infrastructure costs. Your CIO requires that both the cloud provider and your organization have a clear understanding of the security controls that will be implemented to protect the sensitive data. What kind of agreement is this?



C. MoU


47. Which of the following is a type of malware that is difficult to reverse engineer?

A. Logic bomb

B. Worm

C. Backdoor

D. Armored virus

48. Why would you deploy a wildcard certificate?

A. To extend the renewal date of the certificate

B. To reduce the burden of certificate management

C. To increase the certificate’s encryption key length

D. To secure the certificate’s private key

49. In the event of a short-term power loss to the server room, what should be powered on first in order to establish DNS services?

A. Apache server

B. Exchange server


D. BIND server

50. Which of the following are the best options when it comes to increasing the security of passwords? (Select the two best answers.)

A. Password age

B. Password expiration

C. Password complexity

D. Password history

E. Password length

51. You are in the middle of the information gathering stage of the planning and deployment of a role-based access control model. Which of the following is most likely required?

A. Clearance levels of personnel

B. Rules under which certain systems can be accessed

C. Group-based privileges already in place

D. Matrix of job titles with required privileges

52. Your organization has several conference rooms with wired RJ45 jacks that are used by employees and guests. The employees need to access internal organizational resources, but the guests only need to access the Internet. Which of the following should you implement?

A. VPN and IPsec

B. 802.1X and VLANs

C. Switches and a firewall

D. NAT and DMZ

53. Which of the following is a secure wireless authentication method that uses a RADIUS server for the authenticating?





54. While running a new network line, you find an active network switch above the ceiling tiles of the CEO’s office with cables going in various directions. What attack is occurring?

A. Impersonation

B. MAC flooding

C. Packet sniffing

D. Spear phishing

55. A security auditing consultant has completed a security assessment and gives the following recommendations:

1. Implement fencing and additional lighting around the perimeter of the building.

2. Digitally sign new releases of software.

Categorically, what is the security consultant recommending? (Select the two best answers.)

A. Encryption

B. Availability

C. Confidentiality

D. Safety

E. Fault tolerance

F. Integrity

56. In the event that a mobile device is stolen, what two security controls can prevent data loss? (Select the two best answers.)


B. Asset tracking

C. Screen locks

D. Inventory control

E. Full device encryption

57. What is the technique of adding text to a password when it is hashed?

A. Rainbow tables

B. Symmetric cryptography


D. Salting

58. What port and transport mechanism does TFTP use by default?

A. 68 and TCP

B. 69 and TCP

C. 68 and UDP

D. 69 and UDP

59. Your boss has tasked you with ensuring that reclaimed space on a hard drive has been sanitized while the computer is in use. What job should you perform?

A. Individual file encryption

B. Full disk encryption

C. Cluster tip wiping

D. Storage retention

60. The IT director asks you to verify that the organization’s virtualization technology is implemented securely. What should you do?

A. Verify that virtual machines are multihomed

B. Perform penetration testing on virtual machines

C. Subnet the network so that each virtual machine is on a different network segment

D. Verify that virtual machines have the latest updates and patches installed

61. You have been commissioned by a customer to implement a network access control model that limits remote users’ network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you implementing?

A. Role-based access control

B. Mandatory access control

C. Discretionary access control

D. Rule-based access control

62. You review the system logs for your organization’s firewall and see that an implicit deny is within the ACL. Which is an example of an implicit deny?

A. When an access control list is used as a secure way of moving traffic from one network to another.

B. Implicit deny will deny all traffic from one network to another.

C. Items not specifically given access are denied by default.

D. Everything will be denied because of the implicit deny.

63. You suspect that files are being illegitimately copied to an external location. The file server that the files are stored on does not have logging enabled. Which log should you access to find out more about the files that are being copied illegitimately?

A. DNS log

B. Firewall log

C. Antivirus log

D. System log

64. You look through some graphic files and discover that confidential information has been encoded into the files. These files are being sent to a sister company outside your organization. What is this an example of?

A. Confidentiality

B. Cryptography

C. Digital signature

D. Steganography

65. You are designing the environmental controls for a server room that contains several servers and other network devices. What roles will an HVAC system play in this environment? (Select the two best answers.)

A. Shield equipment from EMI

B. Provide isolation in case of a fire

C. Provide an appropriate ambient temperature

D. Maintain appropriate humidity levels

E. Vent fumes from the server room

66. The IT director recommends that you require your service provider to give you an end-to-end traffic performance guarantee. What document will include this guarantee?

A. Chain of custody



D. Incident response procedures

67. The IT director asks you to create a solution to protect your network from Internet-based attacks. The solution should include pre-admission security checks and automated remediation and should also integrate with existing network infrastructure devices. Which of the following solutions should you implement?




D. Subnetting

68. Your network is an Active Directory domain controlled by a Windows Server domain controller. The Finance group has read permission to the Reports and History shared folders and other shared folders. The Accounting group has read and write permissions to the Reports, AccountRecs, and Statements shared folders. Several users are members of both the Finance and Accounting groups. All the folders are located on a file server. The Everyone group is granted the Full Control NTFS permission for each folder through inheritance, but non-administrative users do not have the right to log on locally at the server. Access to the shared folders is managed through share permissions. It is determined that the Finance group should no longer have read access to the Reports folder. This change should not affect access permissions granted through membership in other groups. What is the best solution to the problem?

A. Deny the read permission to the Finance group for the Reports folder

B. Deny the read permission individually for each member of the Finance group for the Reports folder

C. Remove the read permission from the Finance group for the Reports folder

D. Delete the Finance group

69. Your network is a Windows domain controlled by a Windows Server domain controller. Your goal is to configure user access to file folders shared to the network. In your organization, directory access is dependent upon a user’s role in the organization. You need to keep to a minimum the administrative overhead needed to manage access security. You need to be able to quickly modify a user’s permissions if that user is assigned to a different role. A user can be assigned to more than one role within the organization. What solutions should you implement? (Select the two best answers.)

A. Create security groups and assign access permissions based on organizational roles

B. Place users in OUs based on organizational roles

C. Create an OU for each organizational role and link GPOs to each OU

D. Place users’ computers in OUs based on user organizational roles

E. Assign access permission explicitly by user account

70. You are in charge of your organization’s backup plan. You need to make sure that the data backups are available in case of a disaster. However, you need to keep the plan as inexpensive as possible. Which of the following solutions should you implement?

A. Implement a hot site

B. Implement a cold site

C. Back up data to removable media and store a copy offsite

D. Implement a remote backup solution

71. You are in charge of recycling computers. Some of the computers have hard drives that contain personally identifiable information (PII). What should be done to the hard drive before it is recycled?

A. The hard drive should be sanitized.

B. The hard drive should be reformatted.

C. The hard drive should be destroyed.

D. The hard drive should be stored in a safe area.

72. Your LAN is isolated from the Internet by a perimeter network. You suspect that someone is trying to gather information about your LAN. The IT director asks you to gather as much information about the attacker as possible while preventing the attacker from knowing that the attempt has been detected. What is the best method to accomplish this?

A. Deploy a DMZ

B. Deploy a proxy server in the perimeter network

C. Deploy a NIPS outside the perimeter network

D. Deploy a honeypot in the perimeter network

73. You are reviewing your organization’s continuity plan, which specifies an RTO of six hours and an RPO of two days. Which of the following is the plan describing?

A. Systems should be restored within six hours and no later than two days after the incident.

B. Systems should be restored within two days and should remain operational for at least six hours.

C. Systems should be restored within six hours with a maximum of two days’ worth of data latency.

D. Systems should be restored within two days with a minimum of six hours’ worth of data.

74. One of your servers ( is only allowing slow and intermittent connections to clients on the network. You check the logs of the server and see a large number of connections from the following IP addresses:

The connections from these six hosts are overloading the server and causing it to stop responding to requests from clients. What type of attack is happening?

A. Xmas tree


C. DoS


75. You have been tasked with sending a decommissioned SSL certificate server’s hard drives to be destroyed by a third-party company. What should you implement before sending the drives out? (Select the two best answers.)

A. Disk wiping

B. Data retention policies

C. Removable media encryption

D. Full disk encryption

E. Disk hashing

76. During a software development review, the cryptographic engineer advises the project manager that security can be improved by significantly slowing down the runtime of the hashing algorithm and increasing entropy by passing the input and salt back during each iteration. Which of the following best describes what the engineer is trying to achieve?

A. Key stretching

B. Confusion

C. Diffusion

D. Root of Trust

E. Monoalphabetic cipher


G. Pass the hash

77. Your organization must achieve compliance for PCI and SOX. Which of the following would best allow the organization to achieve compliance and ensure security? (Select the three best answers.)

A. Establish a company framework

B. Compartmentalize the network

C. Centralize management of all devices on the network

D. Apply technical controls to meet compliance regulations

E. Establish a list of users who must work with each regulation

F. Establish a list of devices that must meet regulations

78. You are a security administrator for a midsized company that uses several applications on its client computers. After the installation of a specialized program on one computer, a software application executed an online activation process. Then, a few months later, the computer experienced a hardware failure. A backup image of the operating system was restored on a newer revision of the same brand and model computer. After that restoration, the specialized program no longer works. Which of the following is the most likely cause of the problem?

A. The restored image backup was encrypted with the wrong key.

B. The hash key summary of the hardware and the specialized program no longer match.

C. The specialized program is no longer able to perform remote attestation due to blocked ports.

D. The binary files used by the specialized program have been modified by malware.

79. You are a security tester for a penetration testing security company. You are currently testing a website and you perform the following manual query:

The following response is received in the payload:

"ORA-000001: SQL command not properly ended"

Based on the query and the response, what technique are you employing?

A. Cross-site scripting

B. SQL injection

C. Privilege escalation

D. Fingerprinting

E. Remote code execution

F. Zero day

80. You are the security administrator working for a large corporation with many remote workers. You are tasked with deploying a remote access solution for both staff and contractors. Company management favors Remote Desktop Services because of its ease of use. Your current risk assessment suggests that you protect Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should you choose?

A. Change remote desktop to a non-standard port, and implement password complexity for the entire Active Directory domain.

B. Distribute new IPsec VPN client software to applicable parties, and then virtualize the remote desktop services functionality.

C. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.

D. Deploy a remote desktop server on your internal LAN, and require an Active Directory integrated SSL connection for access.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.