1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 821:

    An administrator discovers the following log entry on a server:

    Nov 12 2013 00:23:45 httpd[2342]:

    GET/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow

    Which of the following attacks is being attempted?

    A. Command injection
    B. Password attack
    C. Buffer overflow
    D. Cross-site scripting

  • Question 822:

    A user attempts to send an email to an external domain and quickly receives a bounce-back message. The user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the

    email logs, a systems administrator finds the email and bounce- back details:

    Your email has been rejected because it appears to contain SSN information. Sending SSN information via email to external recipients violates company policy.

    Which of the following technologies successfully stopped the email from being sent?

    A. DLP
    B. UTM
    C. WAF
    D. DEP

  • Question 823:

    Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?

    A. Regulatory requirements
    B. Secure configuration guide
    C. Application installation guides
    D. User manuals

  • Question 824:

    Which of the following technologies employ the use of SAML? (Select two.)

    A. Single sign-on
    B. Federation
    C. LDAP
    D. Secure token
    E. RADIUS

  • Question 825:

    A security engineer deploys a certificate from a commercial CA to the RADIUS server for use with the EAP-TLS wireless network. Authentication is failing, so the engineer examines the certificate's properties:

    Which of the following is the MOST likely cause of the failure?

    A. The certificate is missing the proper OID.
    B. The certificate is missing wire-less authentication in key usage.
    C. The certificate is self-signed.
    D. The certificate has expired.

  • Question 826:

    Company A has acquired Company B. Company A has different domains spread globally, and typically migrates its acquisitions infrastructure under its own domain infrastructure. Company B, however, cannot be merged into Company A's domain infrastructure. Which of the following methods would allow the two companies to access one another's resources?

    A. Attestation
    B. Federation
    C. Single sign-on
    D. Kerberos

  • Question 827:

    An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?

    A. Dynamic analysis
    B. Change management
    C. Baselining
    D. Waterfalling

  • Question 828:

    After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage. Which of the following technology controls should the company implement?

    A. NAC
    B. Web proxy
    C. DLP
    D. ACL

  • Question 829:

    As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the Internet in a secure manner. Which of the following protocols would BEST meet this objective? (Choose two.)

    A. LDAPS
    B. SFTP
    C. HTTPS
    D. DNSSEC
    E. SRTP

  • Question 830:

    Which of the following is a passive method to test whether transport encryption is implemented?

    A. Black box penetration test
    B. Port scan
    C. Code analysis
    D. Banner grabbing

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.