1. Home
  2. CompTIA
  3. SY0-501

CompTIA Security+

Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA CompTIA Certifications SY0-501 Questions & Answers

  • Question 1241:

    In the event of a security incident, which of the following should be captured FIRST?

    A. An external hard drive

    B. System memory

    C. An internal hard drive

    D. Network interface data

  • Question 1242:

    Joe, a new employee, discovered a thumb drive with the company's logo on it while walking in the parking lot. Joe was curious as to the contents of the drive and placed it into his work computer. Shortly after accessing the contents, he noticed the machine was running slower, started to reboot, and displayed new icons on the screen. Which of the following types of attacks occurred?

    A. Social engineering

    B. Brute force attack

    C. MITM

    D. DoS

  • Question 1243:

    A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for auditing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit log integrity?

    A. Enforcing stricter onboarding workflow policies

    B. Applying least privilege to user group membership

    C. Following standard naming conventions for audit group users

    D. Restricting audit group membership to service accounts

  • Question 1244:

    An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it. The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks. Which of the following should the administrator implement?

    A. NTLMv2

    B. TACACS+

    C. Kerberos

    D. Shibboleth

  • Question 1245:

    A security consultant is analyzing data from a recent compromise. The following data points are documented:

    1.

    Access to data on share drives and certain networked hosts was lost after an employee logged in to an interactive session as a privileged user.

    2.

    The data was unreadable by any known commercial software.

    3.

    The issue spread through the enterprise via SMB only when certain users accessed data.

    4.

    Removal instructions were not available from any major antivirus vendor.

    Which of the following types of malware is this an example of?

    A. RAT

    B. Ransomware

    C. Backdoor

    D. Keylogger

    E. Worm

  • Question 1246:

    An organization handling highly confidential information needs to update its systems. Which of the following is the BEST method to prevent data compromise?

    A. Wiping

    B. Degaussing

    C. Shredding

    D. Purging

  • Question 1247:

    A security administrator is working with the human resources department to classify data held by the company. The administrator has determined the data contains a variety of data types, including health information, employee names and addresses, trade secrets, and confidential customer information. Which of the following should the security administrator do NEXT?

    A. Apply a predefined set of labels from government sources to all data within the company

    B. Create a custom set of data labels to group the data by sensitivity and protection requirements

    C. Label sensitive data according to age to comply with retention policies

    D. Destroy company information that is not labeled in compliance with government regulations and laws

  • Question 1248:

    Which of the following should be implemented to stop an attacker from interacting with the hypervisor through another guest?

    A. Containers

    B. VM escape protection

    C. Security broker

    D. Virtual desktop

  • Question 1249:

    A security administrator has created a new group policy object that utilizes the trusted platform module to compute a hash of system files and compare the value to a known-good value. Which of the following security concepts is this an example of?

    A. Integrity measurement

    B. Secure baseline

    C. Sandboxing

    D. Immutable systems

  • Question 1250:

    A network administrator wants to gather information on the security of the network servers in the DMZ. The administrator runs the following command:

    Telnet www.example.com 80

    Which of the following actions is the administrator performing?

    A. Grabbing the web server banner

    B. Logging into the web server

    C. Harvesting cleartext credentials

    D. Accessing the web server management console

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.