The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
CompTIA Security+ (SY0-501) Exam Questions and Answers
Exam Question 901
A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as ‘Troj.Generic’. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company’s network?
A. Trojan
B. Spyware
C. Rootkit
D. Botnet
Correct Answer:
C. Rootkit
Exam Question 902
A hospital has received reports from multiple patients that their PHI was stolen after completing forms on the hospital’s website. Upon investigation, the hospital finds a packet analyzer was used to steal data.
Which of the following protocols would prevent this attack from reoccurring?
A. SFTP
B. HTTPS
C. FTPS
D. SRTP
Correct Answer:
B. HTTPS
Exam Question 903
A security consultant was asked to revise the security baselines that are utilized by a large organization.
Although the company provides different platforms for its staff, including desktops, laptops, and mobile devices, the applications do not vary by platform. Which of the following should the consultant recommend? (Choose two.)
A. Apply patch management on a daily basis.
B. Allow full functionality for all applications that are accessed remotely.
C. Apply default configurations of all operating systems.
D. Apply application whitelisting.
E. Disable default accounts and/or passwords.
Correct Answer:
D. Apply application whitelisting.
E. Disable default accounts and/or passwords.
Exam Question 904
Which of the following types of attack is being used when an attacker responds by sending the MAC address of the attacking machine to resolve the MAC to IP address of a valid server?
A. Session hijacking
B. IP spoofing
C. Evil twin
D. ARP poisoning
Correct Answer:
D. ARP poisoning
Exam Question 905
A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?
A. The Diamond Model of Intrusion Analysis
B. The Cyber Kill Chain
C. The MITRE CVE database
D. The incident response process
Correct Answer:
A. The Diamond Model of Intrusion Analysis
Exam Question 906
Which of the following implements two-factor authentication on a VPN?
A. Username, password, and source IP
B. Public and private keys
C. HOTP token and logon credentials
D. Source and destination IP addresses
Correct Answer:
A. Username, password, and source IP
Exam Question 907
A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to verify they cannot connect. Which of the following is being tested?
A. Layer 3 routing
B. Port security
C. Secure IMAP
D. S/MIME
Correct Answer:
B. Port security
Exam Question 908
A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?
A. Implement complex passwords
B. Use SSH for remote access
C. Configure SNMPv2 for device management
D. Use TFTP to copy device configuration
Correct Answer:
B. Use SSH for remote access
Exam Question 909
A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use?
A. Diameter
B. SAML
C. Kerberos
D. CHAP
Correct Answer:
B. SAML
Exam Question 910
An organization has the following password policies:
- Passwords must be at least 16 characters long.
- A password cannot be the same as any previous 20 passwords.
- Three failed login attempts will lock the account for five minutes.
- Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.
A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on a completely separate server.
Which of the following is MOST likely the issue and the best solution?
A. Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.
B. The organization has improperly configured single sign-on; the organization should implement a RADIUS server to control account logins.
C. User passwords are not sufficiently long or complex; the organization should increase the complexity and length requirements for passwords.
D. The trust relationship between the two servers has been compromised; the organization should place each server on a separate VLAN.
Correct Answer:
A. Some users are reusing passwords for different systems; the organization should scan for password reuse across systems.