1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 1051:

    Which of the following is the primary reason for implementing layered security measures in a cyber security architecture?

    A. it increases the number of controls required to subvert a system.
    B. It decreases the tone a CERT has to respond to a security Incident.
    C. It alleviates problems associated with EOL equipment replacement.
    D. It allows for bandwidth upgrades to be made without user disruption.

  • Question 1052:

    Which of the following occurs when the security of a web application relies on JavaScript for input validation?

    A. The integrity of the data is at risk.
    B. The security of the application relies on antivirus.
    C. A host-based firewall is required.
    D. The application is vulnerable to race conditions.

  • Question 1053:

    A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information:

    There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Choose two.)

    A. Start using salts to generate MD5 password hashes
    B. Generate password hashes using SHA-256
    C. Force users to change passwords the next time they log on
    D. Limit users to five attempted logons before they are locked out
    E. Require the web server to only use TLS 1.2 encryption

  • Question 1054:

    Which of the following is being used when a malicious actor searches various social media websites to find information about a company's system administrators and help desk staff?

    A. Passive reconnaissance
    B. Initial exploitation
    C. Vulnerability scanning
    D. Social engineering

  • Question 1055:

    Which of the following is the BEST choice for a security control that represents a preventive and corrective logical control at the same time?

    A. Security awareness training
    B. Antivirus
    C. Firewalls
    D. Intrusion detection system

  • Question 1056:

    While testing a new application, a developer discovers that the inclusion of an apostrophe in a username cause the application to crash. Which of the following secure coding techniques would be MOST useful to avoid this problem?

    A. Input validation
    B. Code signing
    C. Obfuscation
    D. Encryption

  • Question 1057:

    A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security- related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

    A. Agile
    B. Waterfall
    C. Scrum
    D. Spiral

  • Question 1058:

    Which of the following physical security controls is MOST effective when trying to prevent tailgating?

    A. CCTV
    B. Mantrap
    C. Biometrics
    D. RFID badge
    E. Motion detection

  • Question 1059:

    A systems administrator is auditing the company's Active Directory environment. It is quickly noted that the username "company\bsmith" is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across?

    A. Service account
    B. Shared credentials
    C. False positive
    D. Local account

  • Question 1060:

    Which of the following can be used to control specific commands that can be executed on a network infrastructure device?

    A. LDAP
    B. Kerberos
    C. SAML
    D. TACACS+

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.