1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 651:

    Audit logs from a small company's vulnerability scanning software show the following findings:

    Destinations scanned:

    -Server001- Internal human resources payroll server

    -Server101-Internet-facing web server

    -Server201- SQL server for Server101

    -Server301-Jumpbox used by systems administrators accessible from the internal network Validated vulnerabilities found:

    -Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software -Server201-OS updates not fully current -Server301Accessible from internal network without the use of jumpbox -Server301-Vulnerable to highly publicized exploit that can elevate user privileges Assuming external attackers who are gaining unauthorized information are of the highest concern,

    which of the following servers should be addressed FIRST?

    A. Server001
    B. Server101
    C. Server201
    D. Server301

  • Question 652:

    DRAG DROP

    A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

    INSTRUCTIONS

    From the options below, drag each item to its appropriate classification as well as the MOST appropriate form of disposal.

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    Select and Place:

  • Question 653:

    Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment?

    A. Cloud computing
    B. Virtualization
    C. Redundancy
    D. Application control

  • Question 654:

    A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username "gotcha" and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)

    A. Logic bomb
    B. Backdoor
    C. Keylogger
    D. Netstat
    E. Tracert
    F. Ping

  • Question 655:

    Which of the following controls does a mantrap BEST represent?

    A. Deterrent
    B. Detective
    C. Physical
    D. Corrective

  • Question 656:

    Ann. An employee in the payroll department, has contacted the help desk citing multiple issues with her device, including: Slow performance Word documents, PDFs, and images no longer opening A pop-up Ann states the issues began after she opened an invoice that a vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her word processor.

    With which of the following is the device MOST likely infected?

    A. Spyware
    B. Crypto-malware
    C. Rootkit
    D. Backdoor

  • Question 657:

    Which of the following BEST describes the purpose of authorization?

    A. Authorization provides logging to a resource and comes after authentication.
    B. Authorization provides authentication to a resource and comes after identification.
    C. Authorization provides identification to a resource and comes after authentication.
    D. Authorization provides permissions to a resource and comes after authentication.

  • Question 658:

    An organization is looking to build its second head ofce in another city. which has a history of ooding with an average of two oods every `I00 years. The estimated building cost is $1 million. and the estimated damage due to flooding is half of the buildings cost. Given this information, which of the following is the SLE?`

    A. $50,000
    B. $200000
    C. $500,000
    D. $1.000000

  • Question 659:

    A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

    Which of the following BEST describes the attack the company is experiencing?

    A. MAC flooding
    B. URL redirection
    C. ARP poisoning
    D. DNS hijacking

  • Question 660:

    A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric?

    A. Time-based
    B. Mandatory
    C. Rule-based
    D. Discretionary

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.