The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 921
A transitive trust:
A. is automatically established between a parent and a child
B. is used to update DNS records
C. allows access to untrusted domains
D. can be used in place of a hardware token for logins
Correct Answer:
A. is automatically established between a parent and a child
Exam Question 922
Which of the following BEST explains why a development environment should have the same database server secure baseline that exists in production even if there is no PII in the database?
A. Without the same configuration in both development and production, there are no assurances that changes made in development will have the same effect in production
B. Attackers can extract sensitive, personal information from lower development environment databases just as easily as they can from production databases
C. Databases are unique in their need to have secure configurations applied in all environments because they are attacked more often
D. Laws stipulate that databases with the ability to store personal information must be secured regardless of the environment or if they actually have PII
Correct Answer:
A. Without the same configuration in both development and production, there are no assurances that changes made in development will have the same effect in production
Exam Question 923
A network administrator was provided the following output from a vulnerability scan:
A network administrator was provided the following output from a vulnerability scan.
The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise. Which of the following plugin IDs should be remediated FIRST?
A. 10
B. 11
C. 12
D. 13
E. 14
Correct Answer:
D. 13
Exam Question 924
A security administrator wants to better prepare the incident response team for possible security events.
The IRP has been updated and distributed to incident response team members. Which of the following is the BEST option to fulfill the administrator’s objective?
A. Identify the member’s roles and responsibilities
B. Select a backup/failover location
C. Determine the order of restoration
D. Conduct a tabletop test
Correct Answer:
D. Conduct a tabletop test
Exam Question 925
Which of the following is the purpose of an industry-standard framework?
A. To promulgate compliance requirements for sales of common IT systems
B. To provide legal relief to participating organizations in the event of a security breach
C. To promulgate security settings on a vendor-by-vendor basis
D. To provide guidance across common system implementations
Correct Answer:
D. To provide guidance across common system implementations
Exam Question 926
Which of the following physical security controls is MOST effective when trying to prevent tailgating?
A. CCTV
B. Mantrap
C. Biometrics
D. RFID badge
E. Motion detection
Correct Answer:
B. Mantrap
Exam Question 927
A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Choose two.)
A. The portal will function as a service provider and request an authentication assertion.
B. The portal will function as an identity provider and issue an authentication assertion.
C. The portal will request an authentication ticket from each network that is transitively trusted.
D. The back-end networks will function as an identity provider and issue an authentication assertion.
E. The back-end networks will request authentication tickets from the portal, which will act as the thirdparty service provider authentication store.
F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.
Correct Answer:
C. The portal will request an authentication ticket from each network that is transitively trusted.
D. The back-end networks will function as an identity provider and issue an authentication assertion.
Exam Question 928
Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed?
A. Administrative
B. Corrective
C. Deterrent
D. Compensating
Correct Answer:
A. Administrative
Exam Question 929
A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production.
Which of the following would correct the deficiencies?
A. Mandatory access controls
B. Disable remote login
C. Host hardening
D. Disabling services
Correct Answer:
C. Host hardening
Exam Question 930
A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files.
Which of the following should the organization implement in order to be compliant with the new policy?
A. Replace FTP with SFTP and replace HTTP with TLS
B. Replace FTP with FTPS and replaces HTTP with TFTP
C. Replace FTP with SFTP and replace HTTP with Telnet
D. Replace FTP with FTPS and replaces HTTP with IPSec
Correct Answer:
A. Replace FTP with SFTP and replace HTTP with TLS