Question: 1
A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report?
A. Architecture evaluation
B. Baseline reporting
C. Whitebox testing
D. Peer review
Answer: D
Question: 2
An attacker wearing a building maintenance uniform approached a company's receptionist asking for
access to a secure are
A. The receptionist asks for identification, a building access badge and checks the company's list
approved maintenance personnel prior to granting physical access to the secure are. The controls used
by the receptionist are in place to prevent which of the following types of attacks?
A. Tailgating
B. Shoulder surfing
C. Impersonation
D. Hoax
Answer: C
Question: 3
A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.Which of the following has the administrator been tasked to perform?
A. Risk transference
B. Penetration test
C. Threat assessment
D. Vulnerability assessment
Answer: D
Question: 4
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure
website. During the troubleshooting process, the network administrator notices that the web gateway
proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A. Transitive access
B. Spoofing
C. Man-in-the-middle
D. Replay
Answer: C
Question: 5
Which of the following use the SSH protocol?
A. Stelnet
B. SCP
C. SNMP
D. FTPS
E. SSL
F. SFTP
Answer: BF
Related Links
https://www.reddit.com/user/david-rose-5311/comments/f7peeb/want_to_pass_comptia_sy0501_exam_in_first_attempt/
A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report?
A. Architecture evaluation
B. Baseline reporting
C. Whitebox testing
D. Peer review
Answer: D
Question: 2
An attacker wearing a building maintenance uniform approached a company's receptionist asking for
access to a secure are
A. The receptionist asks for identification, a building access badge and checks the company's list
approved maintenance personnel prior to granting physical access to the secure are. The controls used
by the receptionist are in place to prevent which of the following types of attacks?
A. Tailgating
B. Shoulder surfing
C. Impersonation
D. Hoax
Answer: C
Question: 3
A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.Which of the following has the administrator been tasked to perform?
A. Risk transference
B. Penetration test
C. Threat assessment
D. Vulnerability assessment
Answer: D
Question: 4
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure
website. During the troubleshooting process, the network administrator notices that the web gateway
proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A. Transitive access
B. Spoofing
C. Man-in-the-middle
D. Replay
Answer: C
Question: 5
Which of the following use the SSH protocol?
A. Stelnet
B. SCP
C. SNMP
D. FTPS
E. SSL
F. SFTP
Answer: BF
Related Links
https://www.reddit.com/user/david-rose-5311/comments/f7peeb/want_to_pass_comptia_sy0501_exam_in_first_attempt/
