The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 131
Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?
A. Protocol analyzer
B. Vulnerability scan
C. Penetration test
D. Port scanner
Correct Answer:
B. Vulnerability scan
Answer Description:
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.
Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network’s security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
Exam Question 132
A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued.
Which of the following should the administrator submit to receive a new certificate?
A. CRL
B. OSCP
C. PFX
D. CSR
E. CA
Correct Answer:
D. CSR
Exam Question 133
A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it.
Which of the following should be done to prevent this scenario from occurring again in the future?
A. Install host-based firewalls on all computers that have an email client installed
B. Set the email program default to open messages in plain text
C. Install end-point protection on all computers that access web email
D. Create new email spam filters to delete all messages from that sender
Correct Answer:
B. Set the email program default to open messages in plain text
Exam Question 134
A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage.
Which of the following should be implemented?
A. Recovery agent
B. Ocsp
C. Crl
D. Key escrow
Correct Answer:
C. Crl
Exam Question 135
An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection.
Which of the following AES modes of operation would meet this integrity-only requirement?
A. HMAC
B. PCBC
C. CBC
D. GCM
E. CFB
Correct Answer:
A. HMAC
Exam Question 136
The chief security officer (CSO) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs.
Which of the following is the best solution for the network administrator to secure each internal website?
A. Use certificates signed by the company CA
B. Use a signing certificate as a wild card certificate
C. Use certificates signed by a public ca
D. Use a self-signed certificate on each internal server
Correct Answer:
A. Use certificates signed by the company CA
Answer Description:
This is a way to update all internal sites without incurring additional costs?
To be a CA (Certificate Authority), you need an infrastructure that consists of considerable operational elements, hardware, software, policy frameworks and practice statements, auditing, security infrastructure and personnel.
Exam Question 137
A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base.
Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?
A. Peer review
B. Component testing
C. Penetration testing
D. Vulnerability testing
Correct Answer:
C. Penetration testing
Answer Description:
A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.
Exam Question 138
A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow write access.
Which of the following would be the BEST course of action?
A. Modify all the shared files with read only permissions for the intern.
B. Create a new group that has only read permissions for the files.
C. Remove all permissions for the shared files.
D. Add the intern to the “Purchasing” group.
Correct Answer:
B. Create a new group that has only read permissions for the files.
Exam Question 139
During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited?
A. Reporting
B. Preparation
C. Mitigation
D. Lessons Learned
Correct Answer:
D. Lessons Learned
Exam Question 140
Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home.
Joe is concerned that another patron of the coffee shop may be trying to access his laptop.
Which of the following is an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?
A. full-disk encryption
B. Host-based firewall
C. Current antivirus definitions
D. Latest OS updates
Correct Answer:
B. Host-based firewall