1. Home
  2. CompTIA
  3. SY0-501

CompTIA SY0-501 Online Practice Questions and Exam Preparation

SY0-501 Exam Details

  • Exam Code
    :SY0-501
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1423 Q&As
  • Last Updated
    :Sep 04, 2023

CompTIA SY0-501 Online Questions & Answers

  • Question 841:

    An organization is updating its access control standards for SSL VPN login to include multifactor authentication The security administrator assigned to this project has been given the following guidelines to use when selecting a solution

    High security Lowest false acceptance rate Quick provisioning time for remote users and offshore consultants

    Which of the following solutions will BEST fit this organization's requirements?

    A. AES-256 key fobs
    B. Software tokens
    C. Fingerprint scanners
    D. Iris scanners

  • Question 842:

    An analyst is using a vulnerability scanner to look for common security misconfigurations on devices. Which of the following might be identified by the scanner? (Select TWO).

    A. The firewall is disabled on workstations.
    B. SSH is enabled on servers.
    C. Browser homepages have not been customized.
    D. Default administrator credentials exist on networking hardware.
    E. The OS is only set to check for updates once a day.

  • Question 843:

    A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the device?

    A. Call the company help desk to remotely wipe the device.
    B. Report the loss to authorities
    C. Check with corporate physical security for the device.
    D. Identify files that are potentially missing on the device.

  • Question 844:

    A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the supervisor terminates an employee as a result of the suspected data loss. During the investigation, the supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following?

    A. Job rotation
    B. Log failure
    C. Lack of training
    D. Insider threat

  • Question 845:

    During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident?

    A. The finding is a false positive and can be disregarded
    B. The Struts module needs to be hardened on the server
    C. The Apache software on the server needs to be patched and updated
    D. The server has been compromised by malware and needs to be quarantined.

  • Question 846:

    A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command:

    The administrator successfully pings the DNS server from the workstation. Which of the following commands should be issued from the workstation to verify the DDoS attack is no longer occuring?

    A. dig www.google.com
    B. dig 192.168.1.254
    C. dig workstation01.com
    D. dig 192.168.1.26

  • Question 847:

    A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

    A. SQL injection
    B. Header manipulation
    C. Cross-site scripting
    D. Flash cookie exploitation

  • Question 848:

    While working on an incident, Joe, a technician, finished restoring the OS and applications on a workstation from the original media Joe is about to begin copying the user's files back onto the hard drive. Which of the following incident response steps is Joe working on now?

    B. Recovery
    C. Eradication
    D. Containment
    E. Identification

  • Question 849:

    Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited?

    A. Intimidation
    B. Scarcity
    C. Authority
    D. Social proof

  • Question 850:

    A company wants to host a publicity available server that performs the following functions:

    1.

    Evaluates MX record lookup

    2.

    Can perform authenticated requests for A and AAA records Uses RRSIG Which of the following should the company use to fulfill the above requirements?

    A. LDAPS
    B. DNSSEC
    C. SFTP
    D. nslookup
    E. dig

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-501 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.