SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 1371:

    The CSIRT is reviewing the lessons learned from a recent incident A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

    A. Install a NIDS device at the boundary.
    B. Segment the network with firewalls
    C. Update all antivirus signatures daily
    D. Implement application blacklisting.

  • Question 1372:

    As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the BEST way to do this?

    A. Use a vulnerability scanner.
    B. Use a configuration compliance scanner.
    C. Use a passive, in-line scanner.
    D. Use a protocol analyzer.

  • Question 1373:

    Penetration testing is distinct from vulnerability scanning primarily because penetration testing:

    A. leverages credentials scanning to obtain persistence.
    B. involve multiple active exploitation technique
    C. relies exclusively on passive exploitation attempts for pivoting
    D. relies on misconfiguration of security controls.

  • Question 1374:

    Which of the following BEST explains why a development environment should have the same database server secure baseline that exist in production even if there is no PII in the database?

    A. Without the same configuration in both development and production, there are no assurance that changes made in development will have the same effect in production.
    B. Attackers can extract sensitive, personal information from lower development environment databases just as easily as they can from production databases.
    C. Databases are unique in their need to have secure configurations applied in all environment because they are attacked more often.
    D. Laws stipulate that databases with the ability to store personal information must be secured regardless of the environment or if they actually have PIL.

  • Question 1375:

    Which of the following describes the key difference between vishing and phishing attacks?

    A. Phishing is used by attackers to steal a person's identity.
    B. Vishing attacks require some knowledge of the target of attack.
    C. Vishing attacks are accomplished using telephony services.
    D. Phishing is a category of social engineering attack.

  • Question 1376:

    A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:

    *

    Employees must provide an alternate work location (i.e., a home address).

    *

    Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed. Which of the following BEST describes the MDM options the company is using?

    A. Geofencing, content management, remote wipe, containerization, and storage segmentation
    B. Content management, remote wipe, geolocation, context-aware authentication, and containerization
    C. Application management, remote wipe, geofencing, context-aware authentication, and containerization
    D. Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption

  • Question 1377:

    A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?

    A. The certificate was self signed, and the CA was not imported by employees or customers
    B. The root CA has revoked the certificate of the intermediate CA
    C. The valid period for the certificate has passed, and a new certificate has not been issued
    D. The key escrow server has blocked the certificate from being validated

  • Question 1378:

    An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its dat

    A. In which of the following documents would this concern MOST likely be addressed?
    B. Service level agreement
    C. Interconnection security agreement
    D. Non-disclosure agreement
    E. Business process analysis

  • Question 1379:

    A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon Investigation, a security analyst identifies the following:

    *

    The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP.

    *

    The forged website's IP address appears to be 10.2.12.99. based on NetFlow records.

    *

    All three of the organization's DNS servers show the website correctly resolves to the legitimate IP.

    *

    DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise. Which of the following MOST likely occurred?

    A. A reverse proxy was used to redirect network traffic.
    B. An SSL strip MITM attack was performed.
    C. An attacker temporarily poisoned a name server.
    D. An ARP poisoning attack was successfully executed.

  • Question 1380:

    A company notices that at 10 a.m. every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below:

    Based on the above information, which of the following types of malware was discovered?

    A. Rootkit
    B. Backdoor
    C. Logic bomb
    D. RAT

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.