1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 691:

    The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small

    server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does

    business having varying data retention and privacy laws.

    Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?

    A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers
    B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location
    C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations
    D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

  • Question 692:

    A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should the technician configure to enforce the use of client-side certificates?

    A. 802.1X with PEAP
    B. WPA2-PSK
    C. EAP-TLS
    D. RADIUS Federation

  • Question 693:

    A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks. Which of the following is the reason the manager installed the racks this way?

    A. To lower energy consumption by sharing power outlets
    B. To create environmental hot and cold isles
    C. To eliminate the potential for electromagnetic interference
    D. To maximize fire suppression capabilities

  • Question 694:

    While testing a new vulnerability scanner, a technician becomes concerned about reports that list security concerns that are not present on the systems being tested. Which of the following BEST describes this flaw?

    A. False positives
    B. Crossover error rate
    C. Uncredentialed scan
    D. Passive security controls

  • Question 695:

    Given the following requirements:

    1.

    Help to ensure non-repudiation

    2.

    Capture motion in various formats

    Which of the following physical controls BEST matches the above descriptions?

    A. Camera
    B. Mantrap
    C. Security guard
    D. Motion sensor

  • Question 696:

    The Chief Information Officer (CIO) has decided to add two-factor authentication along with the use of passwords when logging on to the network. Which of the following should be implemented to BEST accomplish this requirement?

    A. Require users to enter a PIN
    B. Require users to set complex passwords
    C. Require users to insert a smart card when logging on
    D. Require the system to use a CAPTCHA

  • Question 697:

    A computer forensics team is performing an integrity check on key systems files. The team is comparing the signatures of original baseline les with the latest signatures. The original baseline was taken on March 2, 2016. and was established to be clean of malware and uncorrupted. The latest tile signatures were generated yesterday. One file is known to be corrupted, but when the team compares the signatures of the original and latest ies, the team sees the Following: Original: 2d da b1 4a fc f1 98 06 b1 e5 26 b2 df e5 5b 3e cb 83 e1 Latest: 2d da b1 4a 98 fc f1 98 bl e5 26 b2 df e5 5b 3e cb 83 e1 Which of the following is MOST likely the situation?

    A. The forensics team must have reverted the system to the original date. Which resulted in an identical hash calculation?
    B. The original baseline was compromised, so the corrupted le was always on the system.
    C. The signature comparison is using two different algorithms that happen to have generated the same values.
    D. The algorithm used to calculate the hash has a collision weakness, and an attacker has exploited it.

  • Question 698:

    A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.)

    A. Escrowed keys
    B. SSL symmetric encryption key
    C. Software code private key
    D. Remote server public key
    E. OCSP

  • Question 699:

    A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements?

    A. 192.168.0.16 255.25.255.248
    B. 192.168.0.16/28
    C. 192.168.1.50 255.255.25.240
    D. 192.168.2.32/27

  • Question 700:

    An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?

    A. Abnormally high numbers of outgoing instant messages that contain obfuscated text
    B. Large-capacity USB drives on the tester's desk with encrypted zip files
    C. Outgoing emails containing unusually large image files
    D. Unusual SFTP connections to a consumer IP address

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.