CompTIA CompTIA Security+ SY0-501 Questions & Answers

• Question 11:

  A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

  A. The Diamond Model of Intrusion Analysis

  B. The Cyber Kill Chain

  C. The MITRE CVE database

  D. The incident response process

  Correct Answer: A

• Question 12:

  A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to verify they cannot connect. Which of the following is being tested?

  A. Layer 3 routing

  B. Port security

  C. Secure IMAP

  D. S/MIME

  Correct Answer: B

• Question 13:

  A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

  A. Create an OCSP

  B. Generate a CSR

  C. Create a CRL

  D. Generate a .pfx file.

  Correct Answer: B

• Question 14:

  A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

  A. perform attribution to specific APTs and nation-state actors.

  B. anonymize any PII that is observed within the IoC data.

  C. add metadata to track the utilization of threat intelligence reports.

  D. assist companies with impact assessments based on the observed data.

  Correct Answer: B

• Question 15:

  A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring?

  A. CASB

  B. SWG

  C. Containerization

  D. Automated failover

  Correct Answer: C

• Question 16:

  The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

  A. SSO would simplify username and password management, making it easier for hackers to guess accounts.

  B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

  C. SSO would reduce the password complexity for frontline staff.

  D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

  Correct Answer: D

• Question 17:

  A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

  A. Create different accounts for each region, each configured with push MFA notifications.

  B. Create one global administrator account and enforce Kerberos authentication.

  C. Create different accounts for each region, limit their logon times, and alert on risky logins.

  D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

  Correct Answer: A

• Question 18:

  A security analyst discovers that a company's username and password database was posted on an Internet forum. The username and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

  A. Create DLP controls that prevent documents from leaving the network

  B. Implement salting and hashing.

  C. Configure the web content filter to block access to the forum.

  D. Increase password complexity requirements.

  Correct Answer: B

• Question 19:

  While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

  A. A RAT was installed and is transferring additional exploit tools.

  B. The workstations are beaconing to a command-and-control server.

  C. A logic bomb was executed and is responsible for the data transfers.

  D. A fireless virus is spreading in the local network environment.

  Correct Answer: A

• Question 20:

  SIMULATION

  A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

  INSTRUCTIONS

  Click on each firewall to do the following:

  1.

  Deny cleartext web traffic.

  2.

  Ensure secure management protocols are used.

  3.

  Resolve issues at the DR site.

  The ruleset order cannot be modified due to outside constraints.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  A. See explanation below.

  Correct Answer: A

  Firewall 1: DNS Rule