1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 341:

    Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

    A. Investigation
    B. Containment
    C. Recovery
    D. Lessons learned

  • Question 342:

    Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerably signatures?

    A. Preventive
    B. Corrective
    C. Compensating
    D. Detective

  • Question 343:

    When considering loT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered?

    A. Difficult-to-update firmware
    B. Tight integration to existing systems
    C. IP address exhaustion
    D. Not using industry standards

  • Question 344:

    A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?

    A. Faraday cage
    B. Mantrap
    C. Biometrics
    D. Proximity cards

  • Question 345:

    A security analyst is acquiring data from a potential network incident. Which of the following evidence is the analyst MOST likely to obtain to determine the incident?

    A. Volatile memory capture
    B. Traffic and logs
    C. Screenshots
    D. System image capture

  • Question 346:

    A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision.

    Which of the following represents the BEST way to configure the accounts? (Select TWO.)

    A. Implement time-of-day restrictions.
    B. Modify archived data.
    C. Access executive shared portals.
    D. Create privileged accounts.
    E. Enforce least privilege.

  • Question 347:

    A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows:

    Which of the following adjustments would be the MOST appropriate for the service account?

    A. Disable account lockouts
    B. Set the maximum password age to 15 days
    C. Set the minimum password age to seven days
    D. Increase password length to 18 characters

  • Question 348:

    Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

    A. Watering-hole attack
    B. Credential harvesting
    C. Hybrid warfare
    D. Pharming

  • Question 349:

    A security analyst recommends implementing SSL for an existing web service. A technician installs the SSL certificate and successfully tests the connection on the server Soon after, the help desk begins receiving calls from users who are

    unable to log in After further investigation, it becomes clear that no users have successfully logged in since the certificate installation. Which of the following is MOST likely the issue?

    A. Incorrect firewall rules are blocking HTTPS traffic.
    B. Users are still accessing the IP address and not the HTTPS address.
    C. Workstations need an updated trusted sites list
    D. Users are not using tokens to log on.

  • Question 350:

    A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants lo ensure il does not happen again. Which of the following should the IT administrator do FIRST after recovery?

    A. Scan the NAS for residual or dormant malware and take new dally backups that are tested on a frequent basis.
    B. Restrict administrative privileges and patch all systems and applications.
    C. Rebuild all workstations and Install new antivirus software.
    D. Implement application whitelisting and perform user application hardening.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.