1. Home
  2. CompTIA
  3. SY0-501

CompTIA Security+

Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA CompTIA Certifications SY0-501 Questions & Answers

  • Question 351:

    During a routine vulnerability assessment, the following command was successful: echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25

    Which of the following vulnerabilities is being exploited?

    A. Buffer overflow directed at a specific host MTA

    B. SQL injection directed at a web server

    C. Cross-site scripting directed at www.company.com

    D. Race condition in a UNIX shell script

  • Question 352:

    An organization identifies a number of hosts making outbound connections to a known malicious IP over port TCP 80. The organization wants to identify the data being transmitted and prevent future connections to this IP. Which of the following should the organization do to achieve this outcome?

    A. Use a protocol analyzer to reconstruct the data and implement a web-proxy.

    B. Deploy a web-proxy and then blacklist the IP on the firewall.

    C. Deploy a web-proxy and implement IPS at the network edge.

    D. Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.

  • Question 353:

    An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

    A. Configure a firewall with deep packet inspection that restricts traffic to the systems.

    B. Configure a separate zone for the systems and restrict access to known ports.

    C. Configure the systems to ensure only necessary applications are able to run.

    D. Configure the host firewall to ensure only the necessary applications have listening ports

  • Question 354:

    The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor

    corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.

    Which of the following equipment MUST be deployed to guard against unknown threats?

    A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates

    B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs

    C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs

    D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed

  • Question 355:

    A company is deploying smartphones for its mobile salesforce. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer data via a custom application developed for the company. This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it. The customer application's data is encrypted at rest, and the application's connection to the back office system is considered secure. The Chief Information Security Officer (CISO) has concerns that customer contact information may be accidentally leaked due to the limited security capabilities of the devices and the planned controls. Which of the following will be the MOST efficient security control to implement to lower this risk?

    A. Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information.

    B. Restrict screen capture features on the devices when using the custom application and the contact information.

    C. Restrict contact information storage dataflow so it is only shared with the customer application.

    D. Require complex passwords for authentication when accessing the contact information.

  • Question 356:

    Company A agrees to provide perimeter protection, power, and environmental support with measurable goals for Company B, but will not be responsible for user authentication or patching of operating systems within the perimeter. Which of the following is being described?

    A. Service level agreement

    B. Memorandum of understanding

    C. Business partner agreement

    D. Interoperability agreement

  • Question 357:

    A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services. The scan reports include the following critical-rated vulnerability:

    Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0) Threat actor: any remote user of the web server Confidence: certain Recommendation: apply vendor patches

    Which of the following actions should the security analyst perform FIRST?

    A. Escalate the issue to senior management.

    B. Apply organizational context to the risk rating.

    C. Organize for urgent out-of-cycle patching.

    D. Exploit the server to check whether it is a false positive.

  • Question 358:

    A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: c:\nslookup - querytype=MX comptia.org Server: Unknown Address: 198.51.100.45 comptia.org MX preference=10, mail exchanger = 92.68.102.33 comptia.org MX preference=20, mail exchanger = exchg1.comptia.org exchg1.comptia.org internet address = 192.168.102.67 Which of the following should the penetration tester conclude about the command output?

    A. The public/private views on the Comptia.org DNS servers are misconfigured.

    B. Comptia.org is running an older mail server, which may be vulnerable to exploits.

    C. The DNS SPF records have not been updated for Comptia.org.

    D. 192.168.102.67 is a backup mail server that may be more vulnerable to attack.

  • Question 359:

    A member of the admins group reports being unable to modify the "changes" file on a server.

    The permissions on the file are as follows:

    Permissions User Group File

    -rwxrw-r--+ Admins Admins changes

    Based on the output above, which of the following BEST explains why the user is unable to modify the "changes" file?

    A. The SELinux mode on the server is set to "enforcing."

    B. The SELinux mode on the server is set to "permissive."

    C. An FACL has been added to the permissions for the file.

    D. The admins group does not have adequate permissions to access the file.

  • Question 360:

    An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?

    A. Abnormally high numbers of outgoing instant messages that contain obfuscated text

    B. Large-capacity USB drives on the tester's desk with encrypted zip files

    C. Outgoing emails containing unusually large image files

    D. Unusual SFTP connections to a consumer IP address

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.