Free Access to CompTIA.SYO-501.v2022-03-09.q467 with Valid Practice Test (Page 86)

Question 421

Fuzzing is used to reveal which of the following vulnerabilities in web applications?

A.Improper input handling
B.Weak cipher suites
C.DLL injection
D.Certificate signing flaws

Question 422

A security administrator has found a hash in the environment known to belong to malware. The administrator then finds this file to be in in the preupdate area of the OS, which indicates it was pushed from the central patch system.
File: winx86_adobe_flash_upgrade.exe
Hash: 99ac28bede43ab869b853ba62c4ea243
The administrator pulls a report from the patch management system with the following output:

Given the above outputs, which of the following MOST likely happened?

A.The file was infected when the patch manager downloaded it.
B.The file was embedded with a logic bomb to evade detection.
C.The file was corrupted after it left the patch system.
D.The file was not approved in the application whitelist system.

Question 423

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?

A.LDAP
B.TPM
C.TLS
D.SSL
E.PKI

Question 424

A security analyst observes the following events in the logs of an employee workstation:

Given the information provided, which of the following MOST likely occurred on the workstation?

A.The SIEM log agent was not turned properly and reported a false positive.
B.Antivirus software found and quarantined three malware files.
C.Automatic updates were initiated but failed because they had not been approved.
D.Application whitelisting controls blocked an exploit payload from executing.

Question 425

When systems, hardware, or software are not supported by the original vendor, it is a vulnerability known as:

A.system sprawl
B.end-of-life systems
C.resource exhaustion
D.a default configuration

Question 421

Question 422

Question 423

Question 424

Question 425

Download PDF File