1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 141:

    On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Select TWO).

    A. Data accessibility
    B. Legal hold
    C. Cryptographic or hash algorithm
    D. Data retention legislation
    E. Value and volatility of data
    F. Right-to-audit clauses

  • Question 142:

    A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited imformation pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe?

    A. Black box
    B. Gray box
    C. White box
    D. Vulnerability scanning

  • Question 143:

    An organization requires employees to insert their identification cards into a reader so chips embedded in the cards can be read to verify their identities prior to accessing computing resources. Which of the following BEST describes this authentication control?

    A. TPM
    B. Token
    C. Proximity card
    D. CAC

  • Question 144:

    An organization has the following password policies:

    Passwords must be at least 16 characters long.

    A password cannot be the same as any previous 20 passwords.

    Three failed login attempts will lock the account for five minutes.

    Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.

    A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and

    suspicious logins are now being detected on a completely separate server.

    Which of the following is MOST likely the issue and the best solution?

    A. Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.
    B. The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
    C. User passwords are not sufficiently long or complex; the organization should increase the complexity and length requirements for passwords.
    D. The trust relationship between the two servers has been compromised; the organization should place each server on a separate VLAN.

  • Question 145:

    A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output: Time: 12/25 0300 From Zone: Untrust To Zone: DMZ Attacker: externalip.com Victim: 172.16.0.20 To Port: 80 Action: Alert Severity: Critical When examining the PCAP associated with the event, the security administrator finds the following information:

    Which of the following actions should the security administrator take?

    A. Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.
    B. Manually copy the data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.
    C. Implement a host-based firewall rule to block future events of this type from occurring.
    D. Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.

  • Question 146:

    A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Select TWO).

    A. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 22
    B. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 80
    C. Permit 10.10.10.0/24192.168.1.15/24 -p udp --dport 21
    D. Permit 10.10.10.0/24 0.0.0.0-p tcp --dport 443
    E. Permit 10.10.10.0/24 192.168.1.15/24 -p tcp --dport 53
    F. Permit 10.10.10.0/24 192.168.1.15/24 -p udp --dport 53

  • Question 147:

    An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

    A. Ransomware
    B. Logic bomb
    C. Rootkit
    D. Adware

  • Question 148:

    An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussions on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (Choose two.)

    A. Containerization
    B. FDE
    C. Remote wipe capability
    D. MDM
    E. MFA
    F. OTA updates

  • Question 149:

    Which of the following is the BEST example of a reputation impact identified during a risk assessment?

    A. A bad software patch taking down the production systems
    B. A misconfigured firewall exposing intellectual property to the Internet
    C. An attacker defacing the e-commerce portal
    D. Malware collecting credentials for company bank accounts

  • Question 150:

    Which of the following BEST explains the difference between a credentialed scan and a non- credentialed scan?

    A. A credentialed scan sees devices in the network, including those behind NAT, while a non- credentialed scan sees outward-facing applications.
    B. A credentialed scan will not show up in system logs because the scan is running with the necessary authorization, while non-credentialed scan activity will appear in the logs.
    C. A credentialed scan generates significantly more false positives, while a non-credentialed scan generates fewer false positives
    D. A credentialed scan sees the system the way an authorized user sees the system, while a non- credentialed scan sees the system as a guest.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.