1. Home
  2. CompTIA
  3. SY0-501

CompTIA Security+

Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA CompTIA Certifications SY0-501 Questions & Answers

  • Question 561:

    Ann, a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann's computer?

    A. The hard drive is falling, and the files are being corrupted.

    B. The computer has been infected with crypto-malware.

    C. A replay attack has occurred.

    D. A keylogger has been installed.

  • Question 562:

    A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST?

    A. Create a hash of the hard drive.

    B. Export the Internet history.

    C. Save a copy of the case number and date as a text file in the root directory.

    D. Back up the pictures directory for further inspection.

  • Question 563:

    Which of the following is a passive method to test whether transport encryption is implemented?

    A. Black box penetration test

    B. Port scan

    C. Code analysis

    D. Banner grabbing

  • Question 564:

    An attacker is able to capture the payload for the following packet:

    IP 192.168.1.22:2020 10.10.10.5:443 IP 192.168.1.10:1030 10.10.10.1:21 IP 192.168.1.57:5217 10.10.10.1:3389

    During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

    A. The attacker has exploited a vulnerability that is commonly associated with TLS1.3.

    B. The application server is also running a web server that has been compromised.

    C. The attacker is picking off unencrypted credentials and using those to log in to the secure server.

    D. User accounts have been improperly configured to allow single sign-on across multiple servers.

  • Question 565:

    An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running. Which of the following should be acquired LAST?

    A. Application files on hard disk

    B. Processor cache

    C. Processes in running memory

    D. Swap space

  • Question 566:

    A malicious actor recently penetrated a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

    A. Security

    B. Application

    C. Dump

    D. Syslog

  • Question 567:

    Fuzzing is used to reveal which of the following vulnerabilities in web applications?

    A. Weak cipher suites

    B. Improper input handling

    C. DLL injection

    D. Certificate signing flaws

  • Question 568:

    A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring?

    A. Principle of least privilege

    B. External intruder

    C. Conflict of interest

    D. Fraud

  • Question 569:

    A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?

    A. A maximum MTTR of 30 minutes

    B. A maximum MTBF of 30 minutes

    C. A maximum RTO of 60 minutes

    D. A maximum RPO of 60 minutes

    E. An SLA guarantee of 60 minutes

  • Question 570:

    Which of the following types of controls is a turnstile?

    A. Physical

    B. Detective

    C. Corrective

    D. Technical

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.