1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 661:

    An organization uses application whitelisting to help prevent zero-day attacks. Malware was recently identified on one client, which was able to run despite the organization's application whitelisting approach. The forensics team has identified

    the malicious file, conducted a post-incident analysis, and compared this with the original system baseline. The team sees the following output:

    filename hash (SHA-1)

    original: winSCP.exe 2d da b1 4a 98 fc f1 98 06 b1 e5 26 b2 df e5 f5 3e cb 83 el latest: winSCP.exe a3 4a c2 4b 85 fa f2 dd 0b ba f4 16 b2 df f2 4b 3f ac 4a e1

    Which of the following identifies the flaw in the team's application whitelisting approach?

    A. Their approach uses executable names and not hashes for the whitelist.
    B. SHA-1 has known collision vulnerabilities and should not be used.
    C. The original baseline never captured the latest file signature
    D. Zero-day attacks require the latest file signatures

  • Question 662:

    A security analyst is attempting to break into a client's secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst's NEXT step is to perform:

    A. a risk analysis.
    B. a vulnerability assessment.
    C. a gray-box penetration test.
    D. an external security audit.
    E. a red team exercise.

  • Question 663:

    A security analyst is performing a BIA.

    The analyst notes that In a disaster, failover systems must be up and running within 30 minutes.

    The failover systems must use backup data that Is no older than one hour Which of the following should the analyst include In the business continuity plan?

    A. A maximum MTTR of 30 minutes
    B. A maximum MTBF of 30 minutes
    C. A maximum RTO of 60 minutes
    D. A maximum RPO of 60 minutes
    E. An SLA guarantee of 60 minutes

  • Question 664:

    A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report?

    A. Architecture evaluation
    B. Baseline reporting
    C. Whitebox testing
    D. Peer review

  • Question 665:

    A company needs to implement a system that only lets a visitor use the company's network infrastructure if the visitor acceps the AUP. Which of the following should the company use?

    A. WiFi-protected setup
    B. Password authentication protocol
    C. Captive portal
    D. RADIUS

  • Question 666:

    An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks is described?

    A. Replay
    B. Spoofing
    C. DNS poisoning
    D. Client-side attack

  • Question 667:

    Using a one-time code that has been texted to a smartphone is an example of:

    A. something you have.
    B. something you know.
    C. something you do.
    D. something you are.

  • Question 668:

    A preventive control differs from a compensating control in that a preventive control is:

    A. put in place to mitigate a weakness in a user control.
    B. deployed to supplement an existing control that is EOL.
    C. relied on to address gaps in the existing control structure.
    D. designed to specifically mitigate a risk.

  • Question 669:

    The help desk received a call after hours from an employee who was attempting to log into the payroll server remotely. When the help desk returned the call the next morning, the employee was able to log into the server remotely without incident. However, the incident occurred again the next evening. Which of the following BEST describes the cause of the issue?

    A. The password expired on the account and needed to be reset
    B. The employee does not have the rights needed to access the database remotely
    C. Time-of-day restrictions prevented the account from logging in
    D. The employee's account was locked out and needed to be unlocked

  • Question 670:

    Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his coworkers did. Management has asked the security team to provide a method for detecting this

    type of behavior without impeding the access for sales employee as they travel overseas.

    Which of the following would be the BEST method to achieve this objective?

    A. Configure time-of-day restrictions for the sales staff.
    B. Install DLP software on the devices used by sales employees.
    C. Implement a filter on the mail gateway that prevents the lead from being emailed.
    D. Create an automated alert on the SIEM for anomalous sales team activity.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.