1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 521:

    An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

    A. Configure a firewall with deep packet inspection that restricts traffic to the systems.
    B. Configure a separate zone for the systems and restrict access to known ports.
    C. Configure the systems to ensure only necessary applications are able to run.
    D. Configure the host firewall to ensure only the necessary applications have listening ports

  • Question 522:

    An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

    A. Ransomware
    B. Logic bomb
    C. Rootkit
    D. Adware

  • Question 523:

    Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive. Which of the following procedures did Joe follow?

    A. Order of volatility
    B. Chain of custody
    C. Recovery procedure
    D. Incident isolation

  • Question 524:

    A security analyst received an after-hours alert indicating that a large number of accounts with the suffix "admin'' were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?

    A. The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack.
    B. The administrator accounts do not have rigid password complexity rules, and this made them easier to crack.
    C. The company has implemented time-of-day restrictions, and this triggered a false positive alert when the administrators tried to log in
    D. The threshold for locking out administrator accounts is too high, and it should be changed from five to three to prevent unauthorized access attempts.

  • Question 525:

    Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents?

    A. Account lockout
    B. Group Based Privileges
    C. Least privilege
    D. Password complexity

  • Question 526:

    The website of a bank that an organization does business with is being reported as untrusted by the organization's web browser. A security analyst has been assigned to investigate. The analyst discovers the bank recently merged with another local bank and combined names. Additionally, the user's bookmark automatically redirects to the website of the newly named bank. Which of the following is the MOST likely cause of the issue?

    A. The company's web browser is not up to date
    B. The website's certificate still has the old bank's name
    C. The website was created too recently to be trusted
    D. The website's certificate has expired

  • Question 527:

    A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?

    A. Rogue system detection
    B. Honeypots
    C. Next-generation firewall
    D. Penetration test

  • Question 528:

    A penetration tester was able to connect to a company's internal network and perform scans and staged attacks for the duration of the testing period without being noticed. The SIEM did not alert the security team to the presence of the penetration tester's devices on the network. Which of the following would provide the security team with notification in a timely manner?

    A. Implement rogue system detection and sensors
    B. Create a trigger on the IPS and alert the security team when unsuccessful logins occur
    C. Decrease the correlation threshold for alerts on the SIEM
    D. Run a credentialed vulnerability scan

  • Question 529:

    A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.)

    A. Generate an X.509-compliant certificate that is signed by a trusted CA.
    B. Install and configure an SSH tunnel on the LDAP server.
    C. Ensure port 389 is open between the clients and the servers using the communication.
    D. Ensure port 636 is open between the clients and the servers using the communication.
    E. Remote the LDAP directory service role from the server.

  • Question 530:

    HOTSPOT

    A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

    INSTRUCTIONS

    Please click on the below items on the network diagram and configure them accordingly:

    1.

    WAP

    2.

    DHCP Server

    3.

    AAA Server

    4.

    Wireless Controller

    5.

    LDAP Server

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    Hot Area:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.