Instant Access CompTIA.SY0-501.v2022-04-16.q256 Actual Practice Test Engine for Free (Page 37)

40%off

SY0-501 Premium Dumps

Latest SY0-501 Exam Premium Dumps provide by TrainingQuiz.com to help you Passing SY0-501 Exam! TrainingQuiz.com offers the updated SY0-501 exam dumps, the TrainingQuiz.com SY0-501 exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com SY0-501 pdf dumps with Exam Engine here:

(715 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 176

Jo an employee reports to the security manager that several files in a research and development folder that only JOE has access to have been improperly modified. The modified data on the files in recent and the modified by account is Joe's. The permissions on the folder have not been changed, and there is no evidence of malware on the server hosting the folder or on Joe's workstation. Several failed login attempts to Joe's account were discovered in the security log of the LDAP server. Given this scenario, which of the following should the security manager implement to prevent this in the future?

A.Account lockout
B.Password complexity
C.User access reviews
D.Generic account prohibition

Question 177

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

A.Physically move the PC to a separate Internet point of presence.
B.Apply network blacklisting rules for the adversary domain.
C.Emulate the malware in a heavily monitored DMZ segment.
D.Create and apply microsegmentation rules.

Question 178

A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which
of the following is the FIRST step the forensic expert needs to take the chain of custody?

A.Create a hash of the hard rive
B.Recover the hard drive data
C.Make a forensic copy
D.Update the evidence log

Question 179

A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?

A.Mission-essential function
B.Single point of failure
C.backup and restoration plans
D.Identification of critical systems

Question 180

An organization has the following password policies:
* Passwords must be at least 16 characters long.
* A password cannot be the same as any previous 20 passwords.
* Three failed login attempts will lock the account for five minutes.
* Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on a completely separate server. Which of the following is MOST likely the issue and the best solution?

A.The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
B.The trust relationship between the two servers has been compromised: the organization should place each server on a separate VLAN.
C.User passwords are not sufficiently long or complex: the organization should increase the complexity and length requirements for passwords.
D.Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.