1. Home
  2. CompTIA
  3. SY0-501

CompTIA Security+

Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA CompTIA Certifications SY0-501 Questions & Answers

  • Question 101:

    Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization?

    A. The server should connect to external Stratum 0 NTP servers for synchronization

    B. The server should connect to internal Stratum 0 NTP servers for synchronization

    C. The server should connect to external Stratum 1 NTP servers for synchronization

    D. The server should connect to external Stratum 1 NTP servers for synchronization

  • Question 102:

    Which of the following authentication concepts is a gait analysis MOST closely associated?

    A. Somewhere you are

    B. Something you are

    C. Something you do

    D. Something you know

  • Question 103:

    Which of the following metrics are used to calculate the SLE? (Select TWO)

    A. ROI

    B. ARO

    C. ALE

    D. MTBF

    E. MTTF

    F. TCO

  • Question 104:

    A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized. Which of the following solutions would BEST meet these requirements?

    A. Multifactor authentication

    B. SSO

    C. Biometrics

    D. PKI

    E. Federation

  • Question 105:

    An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected. Which of the following is the MOST appropriate actions to take?

    A. Flip the documents face down so no one knows these documents are PII sensitive

    B. Shred the documents and let the owner print the new set

    C. Retrieve the documents, label them with a PII cover sheet, and return them to the printer

    D. Report to the human resources manager that their personnel are violating a privacy policy

  • Question 106:

    Confidential emails from an organization were posted to a website without the organization's knowledge. Upon investigation, it was determined that the emails were obtained from an internal actor who sniffed the emails in plain text. Which of the following protocols, if properly implemented, would have MOST likely prevented the emails from being sniffed? (Select TWO)

    A. Secure IMAP

    B. DNSSEC

    C. S/MIME

    D. SMTPS

    E. HTTPS

  • Question 107:

    A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following would be MOST appropriate to protect credit card information from being accessed by unauthorized individuals outside of the premises?

    A. Air gap

    B. Infrared detection

    C. Faraday cage

    D. Protected distributions

  • Question 108:

    A help desk technician receives a phone call from an individual claiming to be an employee of the organization and requesting assistance to access a locked account. The help desk technician asks the individual to provide proof of identity before access can be granted. Which of the following types of attack is the caller performing?

    A. Phishing

    B. Shoulder surfing

    C. Impersonation

    D. Dumpster diving

  • Question 109:

    A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accounting-svc to access the file share. The data is protected will a full disk encryption,

    and the permissions are set as follows:

    File system permissions: Users = Read Only

    Share permission: accounting-svc = Read Only

    Given the listed protections are in place and unchanged, to which of the following risks is the data still subject?

    A. Exploitation of local console access and removal of data

    B. Theft of physical hard drives and a breach of confidentiality

    C. Remote exfiltration of data using domain credentials

    D. Disclosure of sensitive data to third parties due to excessive share permissions

  • Question 110:

    Which of the following is the proper order for logging a user into a system from the first step to the last step?

    A. Identification, authentication, authorization

    B. Identification, authorization, authentication

    C. Authentication, identification, authorization

    D. Authentication, identification, authorization

    E. Authorization, identification, authentication

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.