CompTIA Security+ SY0-501 Exam Questions and Answers – Page 2

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 161

The firewall administrator is adding a new certificate for the company’s remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly.
The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected.
Which of the following is required to complete the certificate chain?

A. Certificate revocation list
B. Intermediate authority
C. Recovery agent
D. Root of trust

Correct Answer:
B. Intermediate authority

Exam Question 162

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop.
Which of the following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip?

A. Remote wipe
B. Full device encryption
C. BIOS password
D. GPS tracking

Correct Answer:
B. Full device encryption

Exam Question 163

In an effort to reduce data storage requirements, some company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems.
Which of the following algorithms is BEST suited for this purpose?

A. MD5
B. SHA
C. RIPEMD
D. AES

Correct Answer:
B. SHA

Exam Question 164

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys.
Which of the following can be implemented to enable users to share encrypted data while abiding by company policies?

A. Key escrow
B. Digital signatures
C. PKI
D. Hashing

Correct Answer:
C. PKI

Exam Question 165

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company’s public facing website in the DMZ. Joe is using steganography to hide stolen data.
Which of the following controls can be implemented to mitigate this type of inside threat?

A. Digital signatures
B. File integrity monitoring
C. Access controls
D. Change management
E. Stateful inspection firewall

Correct Answer:
B. File integrity monitoring

Exam Question 166

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access.
Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

A. MAC spoofing
B. Pharming
C. Xmas attack
D. ARP poisoning

Correct Answer:
A. MAC spoofing

Exam Question 167

A security administrator has been asked to implement a VPN that will support remote access over IPSEC.
Which of the following is an encryption algorithm that would meet this requirement?

A. MD5
B. AES
C. UDP
D. PKI

Correct Answer:
B. AES

Exam Question 168

A security administrator is evaluating three different services: radius, diameter, and Kerberos.
Which of the following is a feature that is UNIQUE to Kerberos?

A. It provides authentication services
B. It uses tickets to identify authenticated users
C. It provides single sign-on capability
D. It uses XML for cross-platform interoperability

Correct Answer:
B. It uses tickets to identify authenticated users

Exam Question 169

Which of the following can affect electrostatic discharge in a network operations center?

A. Fire suppression
B. Environmental monitoring
C. Proximity card access
D. Humidity controls

Correct Answer:
D. Humidity controls

Exam Question 170

A company would like to prevent the use of a known set of applications from being used on company computers.
Which of the following should the security administrator implement?

A. Whitelisting
B. Anti-malware
C. Application hardening
D. Blacklisting
E. Disable removable media

Correct Answer:
D. Blacklisting