1. Home
  2. CompTIA
  3. SY0-301

CompTIA SY0-301 Online Practice Questions and Exam Preparation

SY0-301 Exam Details

  • Exam Code
    :SY0-301
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :820 Q&As
  • Last Updated
    :Dec 12, 2021

CompTIA SY0-301 Online Questions & Answers

  • Question 411:

    In order to use a two-way trust model the security administrator MUST implement which of the following?

    A. DAC
    B. PKI
    C. HTTPS
    D. TPM

  • Question 412:

    A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peek shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?

    A. Attach cable locks to each laptop
    B. Require each customer to sign an AUP
    C. Install a GPS tracking device onto each laptop
    D. Install security cameras within the perimeter of the cafe

  • Question 413:

    The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?

    A. Create a single, shared user account for every system that is audited and logged based upon time of use.
    B. Implement a single sign-on application on equipment with sensitive data and high-profile shares.
    C. Enact a policy that employees must use their vacation time in a staggered schedule.
    D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.

  • Question 414:

    Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?

    A. Root Kit
    B. Spyware
    C. Logic Bomb
    D. Backdoor

  • Question 415:

    A hospital IT department wanted to secure its doctor's tablets. The IT department wants operating system level security and the ability to secure the data from alteration. Which of the following methods would MOST likely work?

    A. Cloud storage
    B. Removal Media
    C. TPM
    D. Wiping

  • Question 416:

    Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before

    deploying new software?

    A. Application white listing
    B. Network penetration testing
    C. Application hardening
    D. Input fuzzing testing

  • Question 417:

    Which of the following can be used by a security administrator to successfully recover a user's forgotten password on a password protected file?

    A. Cognitive password
    B. Password sniffing
    C. Brute force
    D. Social engineering

  • Question 418:

    A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

    A. Firewall
    B. Application
    C. IDS
    D. Security

  • Question 419:

    When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?

    A. The user is attempting to highjack the web server session using an open-source browser.
    B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
    C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
    D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

  • Question 420:

    A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

    A. Identification
    B. Authorization
    C. Access control
    D. Authentication

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-301 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.