1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 251:

    During a security audit of a company's network, unsecure protocols were found to be in use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?

    A. SSH2
    B. TLS1.2
    C. SSL1.3
    D. SNMPv3

  • Question 252:

    Which of the following methods is used by internal security teams to assess the security of internally developed applications?

    A. Active reconnaissance
    B. Pivoting
    C. White box testing
    D. Persistence

  • Question 253:

    An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:

    Which of the following would be the BEST method to prevent similar audit findings in the future?

    A. Implement separation of duties for the payroll department.
    B. Implement a DLP solution on the payroll and human resources servers.
    C. Implement rule-based access controls on the human resources server.
    D. Implement regular permission auditing and reviews.

  • Question 254:

    A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender's private key? (Select TWO)

    A. Non-repudiation
    B. Email content encryption
    C. Steganography
    D. Transport security
    E. Message integrity

  • Question 255:

    A company recently experienced a network security breach and wants to apply two-factor authentication to secure its network. Which of the following should the company use? (Select TWO)

    A. User ID and password
    B. Cognitive password and OTP
    C. Fingerprint scanner and voice recognition
    D. Smart card and PIN
    E. Proximity card and CAC

  • Question 256:

    A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites: 10 PERMIT FROM ANY TO:ANY PORT: 80 20 PERMIT FROM:ANY TO:ANY PORT: 443 30 DENY FROM: ANY TO:ANY PORT:ANY Which of the following is the MOST secure solution the security administrator can implement to fix this issue ?

    A. Add the following rule to the firewall: 5 PERMIT FROM: ANY TO:ANY PORT:53
    B. Replace rule number 10 with the following rule: 10 PERMIT FROM: ANY TO:ANY PORT:22
    C. Insert the following rule in the firewall: 25 PERMIT FROM ANY TO:ANY PORTS:ANY
    D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY

  • Question 257:

    A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?

    A. Put the VoIP network into a different VLAN than the existing data network.
    B. Upgrade the edge switches from 10/100/1000 to improve network speed
    C. Physically separate the VoIP phones from the data network
    D. Implement flood guards on the data network

  • Question 258:

    Which of the following BEST explains the difference between a credentialed scan and a non- credentialed scan?

    A. A credentialed scan sees devices in the network, including those behind NAT, while a non- credentialed scan sees outward-facing applications.
    B. A credentialed scan will not show up in system logs because the scan is running with the necessary authorization, while non-credentialed scan activity will appear in the logs.
    C. A credentialed scan generates significantly more false positives, while a non-credentialed scan generates fewer false positives.
    D. A credentialed scan sees the system the way an authorized user sees the system, while a non- credentialed scan sees the system as a guest.

  • Question 259:

    A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again?

    A. Risk assessment
    B. Chain of custody
    C. Lessons learned
    D. Penetration test

  • Question 260:

    A company wants to implement a wireless network with the following requirements:

    1.

    All wireless users will have a unique credential.

    2.

    User certificates will not be required for authentication.

    3.

    The company's AAA infrastructure must be utilized.

    4.

    Local hosts should not store authentication tokens.

    Which of the following should be used in the design to meet the requirements?

    A. EAP-TLS
    B. WPS
    C. PSK
    D. PEAP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.