1. Home
  2. CompTIA
  3. SY0-501

CompTIA Security+

Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA CompTIA Certifications SY0-501 Questions & Answers

  • Question 161:

    An incident response manager has started to gather all the facts related to a SIEM alert showing multiple systems may have been compromised.

    The manager has gathered these facts:

    The breach is currently indicated on six user PCs

    One service account is potentially compromised

    Executive management has been notified

    In which of the following phases of the IRP is the manager currently working?

    A. Recovery

    B. Eradication

    C. Containment

    D. Identification

  • Question 162:

    A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following method should the technician use?

    A. Shredding

    B. Wiping

    C. Low-level formatting

    D. Repartitioning

    E. Overwriting

  • Question 163:

    A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take the chain of custody?

    A. Make a forensic copy

    B. Create a hash of the hard rive

    C. Recover the hard drive data

    D. Update the evidence log

  • Question 164:

    A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?

    A. Mission-essential function

    B. Single point of failure

    C. backup and restoration plans

    D. Identification of critical systems

  • Question 165:

    Joe, a salesman, was assigned to a new project that requires him to travel to a client site. While waiting for a flight, Joe, decides to connect to the airport wireless network without connecting to a VPN, and the sends confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation, the company learns Joe's emails were intercepted. Which of the following MOST likely caused the data breach?

    A. Policy violation

    B. Social engineering

    C. Insider threat

    D. Zero-day attack

  • Question 166:

    A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact?

    A. Launch an investigation to identify the attacking host

    B. Initiate the incident response plan

    C. Review lessons learned captured in the process

    D. Remove malware and restore the system to normal operation

  • Question 167:

    A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Select TWO)

    A. Install an additional firewall

    B. Implement a redundant email server

    C. Block access to personal email on corporate systems

    D. Update the X.509 certificates on the corporate email server

    E. Update corporate policy to prohibit access to social media websites

    F. Review access violation on the file server

  • Question 168:

    Which of the following uses precomputed hashes to guess passwords?

    A. Iptables

    B. NAT tables

    C. Rainbow tables

    D. ARP tables

  • Question 169:

    A systems administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

    A. Open wireless network and SSL VPN

    B. WPA using a preshared key

    C. WPA2 using a RADIUS back-end for 802.1x authentication

    D. WEP with a 40-bit key

  • Question 170:

    A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure?

    A. L2TP with MAC filtering

    B. EAP-TTLS

    C. WPA2-CCMP with PSK

    D. RADIUS federation

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.