SYO-501

Question 1

Harmful programs used to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems are commonly referred to as:

A. Adware
B. Malware
C. Ransomware
D. Spyware

Answer 1

B. Malware

Question 2

Which of the following answers refers to malicious software performing unwanted and harmful actions in disguise of a legitimate and useful program?

A. Trojan horse
B. Spyware
C. Logic bomb
D. Adware

Answer 2

A. Trojan horse

Question 3

What is adware?

A. Unsolicited or undesired electronic messages
B. Malicious programs that sends copies of itself to other computers on the network
C. Software that displays advertisements
D. Malicious software that collects information about users without their knowledge

Answer 3

C. Software that displays advertisements

Question 4

A collection of software tools used by a hacker to mask intrusion and obtain administrator-level access to a computer or computer network is known as:

A. Backdoor
B. Botnet
C. Rootkit
D. Armored virus

Answer 4

C. Rootkit

Question 5

Which type of Trojan enables unauthorized remote access to a compromised system?

A. pcap
B. RAT
C. MaaS
D. pfSense

Answer 5

B. RAT

Question 6

Which of the following answers refers to an undocumented way of gaining access to a program, online service, or an entire computer system?

A. Tailgaiting
B. Rootkit
C. Trojan horse
D. Backdoor

Answer 6

D. Backdoor

Question 7

Phishing scams targeting selected individuals/groups of users are referred to as:

A. Vishing
B. Spear phishing
C. MITM attack
D. Whaling

Answer 7

B. Spear phishing

Question 8

What is tailgating?

A. Looking over someone’s shoulder to get information
B. Scanning for unsecured wireless networks while driving in a car
C. Manipulating a user into disclosing confidential information
D. Gaining unauthorized access to restricted areas by following another person

Answer 8

D. Gaining unauthorized access to restricted areas by following another person

Question 9

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

A. Vishing
B. Impersonation
C. Virus hoax
D. Phishing

Answer 9

C. Virus hoax

Question 10

Which of the following attacks uses multiple compromised computer systems against its target?

A. Spear phishing
B. DoS
C. Watering hole attack
D. DDos

Answer 10

D. DDos

Question 11

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:

A. IV attach
B. SQL Injection
C. Buffer overflow
D. Fuzz test

Answer 11

B. Buffer overflow

Question 12

Zero-day attack exploits:

A. New accounts
B. Patched software
C. Vulnerability that is present in already released software but unknown to the software developer
D. Well known vulnerability

Answer 12

C. Vulnerability that is present in already released software but unknown to the software developer

Question 13

A replay attach occurs when an attacker intercepts user credentials and tries to use this information later for gaining unauthorized access to resources on a network.

A. True
B. False

Answer 13

A. True

Question 14

URL hijacking is also referred to as:

A. Session hijacking
B. Sandboxing
C. Typo Squatting
D. Shoulder surfing

Answer 14

C. Typo squatting

Question 15

Which of the following terms refers to a rogue AP?

A. Computer worm
B. Backdoor
C. Evil twin
D. Trojan horse

Answer 15

C. Evil twin

Question 16

Which of the following technologies simplifies configuration of new wireless networks by providing non-technical users with a capability to easily configure network security settings and a add new devices to an existing network?

A. WPA
B. WPS
C. WEP
D. WAP

Answer 16

B. WPS

Question 17

The practice of sending unsolicited messages over Bluetooth is known as:

A. Bluejacking
B. Vishing
C. Bluesnarfing
D. Phishing

Answer 17

A. Bluejacking

Question 18

Gaining unauthorized access to a Bluetooth device is referred to as:

A. Xmas attack
B. Bluesnarfing
C. Bluejacking
D. Pharming

Answer 18

B. Bluesnarfing

Question 19

Which of the terms listed below is used to describe an unskilled individual exploiting computer security loopholes with the use of code and software written by someone else?

A. Script kiddies
B. Black hat hacker
C. Hactivist
D. White hat hacker

Answer 19

A. Script kiddies

Question 20

Which of the following facilitate(s) privilege escalation attacks? (select all the apply)

A. System/application vulnerability
B. Distributed Denial of Service (DDoS)
C. Social engineering techniques
D. Attribute-Based Acccess Control (ABAC)
E. System/application misconfiguration

Answer 20

A. System/application vulnerability
C. Social engineering techniques
E. System/application misconfiguration

Question 21

A penetration test conducted with the use of prior knowledge on how the system that is to be tested works is known as:

A. White hat
B. Sandbox
C. White box
D. Black box

Answer 21

C. White box

Question 22

Penetration testing: (select all that apply)

A. Bypasses security controls
B. Only identifies lack of security controls
C. Actively tests security controls
D. Exploits vulnerabilities 
D. Passively tests security controls

Answer 22

A. Bypasses security controls
C. Actively tests security controls
D. Exploits vulnerabilities

Question 23

An antivirus software identifying non-malicious code as a virus due to faulty virus signature file is an example of:

A. Fault tolerance
B. False positive error
C. Incident isolation
D. False negative

Answer 23

B. False positive error

Question 24

Which of the terms listed below refers to a situation where no alarm is raised when an attack has taken place?

A. False negative
B. True positive
C. False positive
D. True negative

Answer 24

A. False negative

Question 25

Which of the following answers refers to a set of rules that specify which users or system processes are granted access to objects as well as what operation are allowed on a given object?

A. CRL
B. NAT
C. BCP
D. ACL

Answer 25

D. ACL

Question 26

Which IPsec mode provides whole packet encryptions?

A. Tunnel
B. Payload
C. Transport
D. Host-to-host

Answer 26

A. Tunnel

Question 27

Which type of IDS relies on known attack patterns in order to detect an intrusion?

A. Behavior-based
B. Heuristic/behavioral
C. Signature-based
D. AD-IDS

Answer 27

C. Signature-based

Question 28

A protocol that provides protection against switching loops is called:

A. UTP
B. SSH
C. STP
D. HMAC

Answer 28

C. STP

Question 29

Disabling SSID broadcast:

A. Is one of the measures used for securing networks
B. Makes a WLAN harder to discover
C. Blocks access to WAP
D. Prevents wireless clients from accessing the network

Answer 29

B. Makes a WLAN harder to discover

Question 30

A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as:

A. EMI shielding
B. Hardware lock
C. MAC filter
D. Quality of Service (QoS)

Answer 30

C. MAC filter

Question 31

Which of the acronyms listed below refers to a technology that allows for real-time analysis of security alerts generated by network hardware and applications?

A. LACP
B. DSCP
C. SIEM
D. LWAPP

Answer 31

C. SIEM

Question 32

A software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of a corporate network are referred to as:

A. AUP
B DLP
C. UAT
D. LTO

Answer 32

B. DLP (Data Loss Prevention)

Question 33

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as Pre-admission NAC where a host must, for example, be virus free or have patches applied before it can be allowed to connect to the network, and/or Post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.

A. True
B. False

Answer 33

A. True

Question 34

Which of the following tools would be used to check the contents of an IP packet?

A. Protocol analyzer
B. Secure Shell (SSH)
C. SNMP agent
D. Port scanner

Answer 34

A. Protocol analyzer

Question 35

What is the most effective way for permanent removal of data stored on magnetic drive?

A. Quick format
B. Recycle bin
C. Degaussing
D. Low-level format

Answer 35

C. Degaussing

Question 36

Steganography allows for:

A. Checking data integrity
B. Calculating hash values
C. Hiding data within another piece of data
D. Data encryption

Answer 36

C. Hiding data within another piece of data

Question 37

A monitored host of network specifically designed to detect unauthorized access attempts is known as:

A. Botnet
B. Rogue access point
C. Honeypot
D. Flood guard

Answer 37

C. Honeypot

Question 38

The practice of connecting to an open port on a remote server to gather more information about the service running on that port is referred to as:

A. Bluejacking
B. Banner grabbing
C. Session hijacking
D. eDiscovery

Answer 38

B. Banner grabbing

Question 39

What is the name of a command-line utility used for checking the reachability of a remote host?

A. tracert
B. ping
C. nslookup
D. netstat

Answer 39

B. ping

Question 40

Windows command-line utility for displaying intermediary points on the packet route is called:

A. ping
B. netstat
C. ipconfig
D. tracert

Answer 40

D. tracert

Question 41

Which of the terms listed below refers to a security solution implemented on an individual computer host monitoring that specific system for malicious or policy violations?

A. NIPS
B. Control filter
C. Firewall
D. HIDS

Answer 41

D. HIDS

Question 42

Which of the following acronyms refers to a network solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection?

A. MTU
B. STP
C. UTM
D. XML

Answer 42

C. UTM (Unified Threat Management)

Question 43

An operating system security feature that ensures safe memory usage by applications is known as:

A. DEP
B. DLP
C. DSU
D. DRP

Answer 43

A. DEP (Data Execution Prevention)

Question 44

Which of the terms listed below refers to a mobile device’s capability to share its Internet connection with other devices?

A. Pairing
B. Clustering
C. Tethering
D. Bonding

Answer 44

C. Tethering

Question 45

Which of the following acronyms refers to a policy of permitting employees to bring personally owned mobile devices and to use those devices for accessing privileged company information and applications?

A. BSOD
B. BYOD
C. JBOD
D. BYOB

Answer 45

B. BYOD

Question 46

What is the name of a secure replacement for Telnet?

A. ICMP
B. FTP
C. IPv6
D. SSH

Answer 46

D. SSH

Question 47

A type of protocol used in network management systems to monitor network-attached devices is known as:

A. SIP
B. SNMP
C. NetBIOS
D. RTP

Answer 47

B. SNMP

Question 48

Which version(s) of the SNMP protocol offer(s) only authentication based on community strings sent in unencrypted form? (Select all that apply)

A. SNMPv1
B. SNMPv2
C. SNMPv3
D. SNMPv4

Answer 48

A. SNMPv1

B. SNMPv2

Question 49

A lightly protected subnet consisting of publicly available servers placed on the outside of the company’s firewall is known as:

A. VPN
B. Access Point (AP)
C. VLAN
D. DMZ

Answer 49

D. DMZ

Question 50

Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?

A. NAC
B. ACL
C. NAT
D. DMZ

Answer 50

C. NAT (Network address translation)

Question 51

A logical grouping of computers that may be physically located on different parts of a LAN is called Virtual Local Area Network (VLAN)

A. True
B. False

Answer 51

A. True

Question 52

In computer networks, a computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as:

A. Load balancer
B. Web server
C. VPN concentrator
D. Proxy server

Answer 52

D. Proxy server

Question 53

What is the name of a technology that allows for storing passwords, certificates, or encryption keys in a hardware chip?

A. Encrypting File System (EFS)
B. Triple Digital Encryption Standard (3DES)
C. Trusted Platform Module (TPM)
D. Advanced Encryption Standard (AES)

Answer 53

C. Trusted Platform Module (TPM)

Question 54

Which of the answers listed below refers to a firmware interface designed as a replacement for BIOS?

A. UEFI
B. ACPI
C. CMOS
D. USMT

Answer 54

A. UEFI

Question 55

One of the measures used in OS hardening includes unnecessary ports and services.

A. True
B. False

Answer 55

A. True

Question 56

The term trusted OS refers to an operating system:

A. Admitted to a network through NAC
B. Implementing patch management
C. That has been authenticated on the network
D. With enhanced security features

Answer 56

D. With enhanced security features

Question 57

An MS Windows account that enables users to have temporary access to a computer without the capability to install software or hardware, change settings, or create a user password is called:

A. Guest account
B. Temporary account
C. Standard account
D. Managed user account

Answer 57

A. Guest account

Question 58

Which of the answers listed below refers to a control system providing the capability for real-time monitoring and gathering information related to industrial equipment?

A. OVAL
B. SCADA
C. TACACS
D. SCAP

Answer 58

B. SCADA (Supervisory Control and Data Acquisition)

Question 59

Which of the following solutions is used for controlling temperatures and humidity?

A. Faraday cage
B. UART
C. EMI shielding
D. HVAC

Answer 59

D. HVAC

Question 60

The practice of finding vulnerabilities in an application by feeding it incorrect input is referred to as:

A. Patching
B. Exception handling
C. Application hardening
D. Fuzzing

Answer 60

D. Fuzzing

Question 61

A software application used to manage multiple guest operating systems on a single host system is called:

A. ICS server
B. Hypervisor
C. UC server
D. Virtual switch

Answer 61

B. Hypervisor

Question 62

A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer’s own computer is known as:

A. Thick client
B. SaaS
C. Virtualization
D. IaaS

Answer 62

B. SaaS

Question 63

In which of the cloud computing infrastructure types, clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment?

A. Iaas
B. SaaS
C. P2P
D. PaaS

Answer 63

A. IaaS

Question 64

Which of the following cloud services would provide the best solution for a web developer intending to create a web app?

A. SaaS
B. API
C. PaaS
D. IaaS

Answer 64

C. PaaS

Question 65

Which of the security controls listed below is used to prevent tailgating?

A. Hardware locks
B. Mantraps
C. Video Surveillance
D. EMI shielding

Answer 65

B. Mantraps

Question 66

A set of physical characteristics of the human body that can be used for identification and access control purposes is known as:

A. Biometrics
B. PII
C. Physical Token
D. ID

Answer 66

A. Biometrics

Question 67

Solutions providing the AAA functionality include: (Select all that apply):

A. MSCHAP
B. RADIUS
C. PPTP
D. TACACS+

Answer 67

B. RADIUS
D. TACACS+

AAA= Authentication, Authorization, Accounting

Question 68

Which of the following is an example of a multifactor authentication?

A. Password and biometric scan
B. User name and PIN
C. Smart card and identification badge
D. Iris and fingerprint scan

Answer 68

A. Password and biometric scan

Question 69

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login at only one of the components is known as:

A. SSO
B. SSH
C. SSL
D. SLA

Answer 69

A. SSO

Question 70

An access control model in which every resource has a sensitivity label matching clearance level assigned to a user is called:

A. RBAC
B. DAC
C. HMAC
D. MAC

Answer 70

D. MAC

Question 71

A type of access control in computer security where every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object is known as:

A. MAC
B. ABAC
C. DAC
D. RBAC

Answer 71

C. DAC (Discretionary Access Control)

Question 72

Which of the following is an example of a biometric authentication?

A. Password
B. Smart card
C. Fingerprint scanner
D. User name

Answer 72

C. Fingerprint scanner

Question 73

Which of the following answers refers to a key document governing the relationship between two business organizations?

A. ISA
B. SLA
C. MoU
D. BPA

Answer 73

D. BPA (Business Partners Agreeement)

Question 74

An agreement between a service provider and the user(s) defining the nature, availability, quality, and scope of the service to be provided is known as:

A. BPA
B. MoU
C. SLA
D. ISA

Answer 74

C. SLA

Question 75

Which of the following answers refers to an agreement established between an organization that own and operate connected IT systems to document the technical requirements of the interconnection?

A. ISA
B. SLA
C. MoU
D. BPA

Answer 75

A. ISA (Interconnection Security Agreement)

Question 76

A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission is called:

A. BPA
B. MoU
C. SLA
D. ISA

Answer 76

B. MoU

Question 77

One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company.

A. True
B. False

Answer 77

A. True

Question 78

Which of the answers listed below refers to a concept of having more than one person required to complete a given task?

A. Acceptable use policy
B. Job rotation
C. Multifactor authentication
D. Separation of duties

Answer 78

D. Separation of duties

Question 79

A sticky note with a password kept on sight in user’s cubicle would be a violation of which of the following policies?

A. Data labeling policy
B. Clean desk policy
C. User account policy
D. Password complexity

Answer 79

B. Clean desk policy

Question 80

Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put?

A. OEM
B. AUP
C. UAT
D. ARO

Answer 80

B. AUP (Acceptable Use Policy)

Question 81

A maximum acceptable period of time within which a system must be restored after failure is referred to as:

A. Recovery Time Objective (RTO)
B. Mean Time To Restore (MTTR)
C. Maximum Tolerable Period of Disruption (MTPOD)
D. Mean Time Between Failures (MTBF)

Answer 81

A. Recovery Time Objective (RTO)

Question 82

Which of the terms listed below is used to describe the loss of value to an asset based on a single security incident?

A. SLE
B. ARO
C. ALE
D. SLA

Answer 82

A. SLE (Single Loss Expectancy)

Question 83

A type of risk assessment formula defining probable financial loss due to a risk over a one-year period is known as:

A. ARO
B. ALE
C. SLE
D. BPA

Answer 83

B. ALE (Annual Loss Expectancy)

Question 84

In quantitative risk assessment, this formula is used for estimating the likelihood of occurrence of a future threat.

A. ALE
B. SLA
C. ARO
D. SLE

Answer 84

C. ARO (Annualized Rate of Occurrence)

Question 85

Contracting out a specialized technical component when the company’s employees lack the necessary skills is an example of:

A. Risk deterrence
B. Risk avoidance
C. Risk acceptance
D. Risk transference

Answer 85

D. Risk transference

Question 86

Disabling certain system functions of shutting down the system when risks are identified is an example of:

A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk deterence

Answer 86

B. Risk avoidance

Question 87

In forensics procedures, a sequence of steps in which different types of evidence should be collected is known as:

A. Order of volatility
B. Layered security
C. Chain of custody
D. Transitive access

Answer 87

A. Order of volatility

Question 88

In incident response procedures a process that ensures proper handling of collected evidence is called:

A. Intrusion detection/notification
B. Chain of custody
C. MSDS documentation
D. Equipment grounding

Answer 88

B. Chain of custody

Question 89

Which of the following backup site types allows for fastest disaster recovery?

A. Cold site
B. Hot site
C. Warm site
D. Cross-site

Answer 89

B. Hot site

Question 90

A cold site is the most expensive type of backup site for an organization to operate.

A. True
B. False

Answer 90

B. False

Question 91

Restoring data from an incremental backup requires: (select 2 answers)

A. Copy of the last incremental backup
B. All copies of differential backups made since the last full backup
C. Copy of the last differential backup
D. All copies of incremental backups made sine the last full backup
E. Copy of the last full backup

Answer 91

D. All copies of incremental backups made since the last full back up
E. Copy of the last full backup

Question 92

In computer security, the term dumpster diving is used to describe a practice of sifting through trash for discarded documents containing sensitive data.

Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and also mitigates the risk of social engineering attacks.

A. True
B. False

Answer 92

A. True

Question 93

Any type of information pertaining to an individual that can be used to uniquely identify that individual is known as:

A. PIN
B. PII
C. ID
D. Password

Answer 93

B. PII

Question 94

What are the features of Elliptic Curve Cryptography (ECC)? (Select 2 answers)

A. Asymmetric encryption
B. Shared key
C. Suitable for small wireless devices
D. High processing power requirements
E. Symmetric encryption

Answer 94

A. Asymmetric encryption

C. Suitable for small wireless devices

Question 95

Advanced Encryption Standard (AES): (Select all that apply)

A. Is a symmetric encryption algorithm
B. Uses 128, 192 and 256-bit keys
C. Is an asymmetric encryption algorithm
D. Uses block cipher algorithm
E. Requires multiple passes to encrypt data

Answer 95

A. Is a symmetric encryption algorithm
B. Uses 128, 192, 256-bit algorithm
D. Uses block cipher algorithm

Question 96

Which of the following wireless encryption schemes offers the highest level of protection?

A. WEP
B. WPA2
C. WAP
D. WPA

Answer 96

B. WPA2

Question 97

AES-based encryption mode implemented in WPA2 is known as:

A. CCMP
B. 3DES
C. TKIP
D. HMAC

Answer 97

CCMP (Counter Mode Cipher Block Chaining Message Authentication Code Protocol)

Question 98

Which of the answers listed below refers to a security solution allowing administrators to block Internet access for users until they perform required action?

A. Access logs
B. Mantrap
C. Post-admission NAC
D. Captive portal

Answer 98

D. Captive portal

Question 99

Which of the following solutions would be the fastest in validating digital certificates?

A. IPX
B. OCSP
C. CRL
D. OSPF

Answer 99

B. OCSP (Online Certificate Status Protocol)

Question 100

What is the name of a storage solution used to retain copies of private encryption keys?

A. Trusted OS
B. Key escrow
C. Proxy
D. Recovery agent

Answer 100

B. Key escrow