Online Access Free SYO-501 Practice Test

A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Select TWO).

• A.Verify alignment with policy related to regulatory compliance
• B.Review the company's current security baseline,
• C.Run an exploitation framework to confirm vulnerabilities
• D.Compare configurations against platform benchmarks,
• E.Confirm adherence to the company's industry-specific regulations.

While testing a new application, a developer discovers that the inclusion of an apostrophe in a username cause the application to crash. Which of the following secure coding techniques would be MOST useful to avoid this problem?

• A.Encryption
• B.Input validation
• C.Obfuscation
• D.Code signing

A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for auditing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit log integrity?

• A.Restricting audit group membership to service accounts
• B.Applying least privilege to user group membership
• C.Following standard naming conventions for audit group users
• D.Enforcing stricter onboarding workflow policies

A red team initiated a DoS attack on the management interface of a switch using a known vulnerability. The monitoring solution then raised an alert, prompting a network engineer to log in to the switch to diagnose the issue. When the engineer logged in, the red team was able to capture the credentials and subsequently log in to the switch. Which of the following actions should the network team take to prevent this type of breach from reoccurring?

• A.Transition from SNMPv2c to SNMPv3 with AES-256.
• B.Encrypt all communications with TLS 1.3.
• C.Use a password manager with complex passwords.
• D.Enable Secure Shell and disable Telnet.

An employee on the Internet facing part of a company's website submits a 20-character phrase in a small textbox on a web form. The website returns a message back to the browser stating.

Of which of the following is this an example?

• A.Improperly configured account
• B.Buffer overflow
• C.Resources exhaustion
• D.Improper error handling