The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 941
An organization needs to integrate with a third-party cloud application. The organization has 15000 users and does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the following is the BEST way for the organization to integrate with the cloud application?
A. Upload a separate list of users and passwords with a batch import.
B. Distribute hardware tokens to the users for authentication to the cloud.
C. Implement SAML with the organization’s server acting as the identity provider.
D. Configure a RADIUS federation between the organization and the cloud provider.
Correct Answer:
D. Configure a RADIUS federation between the organization and the cloud provider.
Exam Question 942
A healthcare company is revamping its IT strategy in light of recent regulations. The company is concerned about compliance and wants to use a pay-per-use model. Which of the following is the BEST solution?
A. On-premises hosting
B. Community cloud
C. Hosted infrastructure
D. Public SaaS
Correct Answer:
D. Public SaaS
Exam Question 943
While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the business network on port 443. Which of the following protocols would MOST likely cause this traffic?
A. HTTP
B. SSH
C. SSL
D. DNS
Correct Answer:
C. SSL
Exam Question 944
A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat-an command to discover if the web server is up and listening. The analyst receives the following output:
TCP 10.1.5.2:80 192.168.2.112:60973 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60974 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60975 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60976 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60977 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60978 TIME_WAIT
Which of the following types of attack is the analyst seeing?
A. Buffer overflow
B. Domain hijacking
C. Denial of service
D. ARP poisoning
Correct Answer:
C. Denial of service
Exam Question 945
Using a one-time code that has been texted to a smartphone is an example of:
A. something you have.
B. something you know.
C. something you do.
D. something you are.
Correct Answer:
A. something you have.
Exam Question 946
In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the following is the BEST reason to deploy Faraday cages?
A. To provide emanation control to prevent credential harvesting
B. To minimize signal attenuation over distances to maximize signal strength
C. To minimize external RF interference with embedded processors
D. To protect the integrity of audit logs from malicious alteration
Correct Answer:
C. To minimize external RF interference with embedded processors
Exam Question 947
Which of the following is the MAIN disadvantage of using SSO?
A. The architecture can introduce a single point of failure.
B. Users need to authenticate for each resource they access.
C. It requires an organization to configure federation.
D. The authentication is transparent to the user.
Correct Answer:
A. The architecture can introduce a single point of failure.
Exam Question 948
Which of the following is a reason why an organization would define an AUP?
A. To define the lowest level of privileges needed for access and use of the organization’s resources
B. To define the set of rules and behaviors for users of the organization’s IT systems
C. To define the intended partnership between two organizations
D. To define the availability and reliability characteristics between an IT provider and consumer
Correct Answer:
B. To define the set of rules and behaviors for users of the organization’s IT systems
Exam Question 949
A technician is recommending preventive physical security controls for a server room. Which of the following would the technician MOST likely recommend? (Choose two.)
A. Geofencing
B. Video surveillance
C. Protected cabinets
D. Mantrap
E. Key exchange
F. Authorized personnel signage
Correct Answer:
C. Protected cabinets
D. Mantrap
Exam Question 950
A technician is designing a solution that will be required to process sensitive information, including classified government data. The system needs to be common criteria certified. Which of the following should the technician select?
A. Security baseline
B. Hybrid cloud solution
C. Open-source software applications
D. Trusted operating system
Correct Answer:
D. Trusted operating system