The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 231
A member of the admins group reports being unable to modify the “changes” file on a server.
The permissions on the file are as follows:
Permissions User Group File
-rwxrw-r--+ Admins Admins changes
Based on the output above, which of the following BEST explains why the user is unable to modify the
“changes” file?
A. The SELinux mode on the server is set to “enforcing.”
B. The SELinux mode on the server is set to “permissive.”
C. An FACL has been added to the permissions for the file.
D. The admins group does not have adequate permissions to access the file.
Correct Answer:
C. An FACL has been added to the permissions for the file.
Exam Question 232
A security analyst is inspecting the results of a recent internal vulnerability scan that was performed against intranet services.
The scan reports include the following critical-rated vulnerability: Title: Remote Command Execution vulnerability in web server Rating: Critical (CVSS 10.0)
Threat actor: any remote user of the web server
Confidence: certain
Recommendation: apply vendor patches
Which of the following actions should the security analyst perform FIRST?
A. Escalate the issue to senior management.
B. Apply organizational context to the risk rating.
C. Organize for urgent out-of-cycle patching.
D. Exploit the server to check whether it is a false positive.
Correct Answer:
B. Apply organizational context to the risk rating.
Exam Question 233
A company is deploying smartphones for its mobile salesforce. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer data via a custom application developed for the company. This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it.
The customer application’s data is encrypted at rest, and the application’s connection to the back office system is considered secure. The Chief Information Security Officer (CISO) has concerns that customer contact information may be accidentally leaked due to the limited security capabilities of the devices and the planned controls.
Which of the following will be the MOST efficient security control to implement to lower this risk?
A. Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information.
B. Restrict screen capture features on the devices when using the custom application and the contact information.
C. Restrict contact information storage dataflow so it is only shared with the customer application.
D. Require complex passwords for authentication when accessing the contact information.
Correct Answer:
C. Restrict contact information storage dataflow so it is only shared with the customer application.
Exam Question 234
The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?
A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates
B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs
C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs
D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed
Correct Answer:
D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed
Exam Question 235
An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30-day patching policy.
Which of the following BEST maximizes the protection of these systems from malicious software?
A. Configure a firewall with deep packet inspection that restricts traffic to the systems.
B. Configure a separate zone for the systems and restrict access to known ports.
C. Configure the systems to ensure only necessary applications are able to run.
D. Configure the host firewall to ensure only the necessary applications have listening ports
Correct Answer:
C. Configure the systems to ensure only necessary applications are able to run.
Exam Question 236
An organization identifies a number of hosts making outbound connections to a known malicious IP over port TCP 80. The organization wants to identify the data being transmitted and prevent future connections to this IP.
Which of the following should the organization do to achieve this outcome?
A. Use a protocol analyzer to reconstruct the data and implement a web-proxy.
B. Deploy a web-proxy and then blacklist the IP on the firewall.
C. Deploy a web-proxy and implement IPS at the network edge.
D. Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.
Correct Answer:
D. Use a protocol analyzer to reconstruct the data and blacklist the IP on the firewall.
Exam Question 237
Legal authorities notify a company that its network has been compromised for the second time in two years.
The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks.
Which of the following would have allowed the security team to use historical information to protect against the second attack?
A. Key risk indicators
B. Lessons learned
C. Recovery point objectives
D. Tabletop exercise
Correct Answer:
B. Lessons learned
Exam Question 238
During a routine vulnerability assessment, the following command was successful:
echo "vrfy 'perl -e 'print "hi" x 500 ' ' " | nc www.company.com 25
Which of the following vulnerabilities is being exploited?
A. Buffer overflow directed at a specific host MTA
B. SQL injection directed at a web server
C. Cross-site scripting directed at www.company.com
D. Race condition in a UNIX shell script
Correct Answer:
A. Buffer overflow directed at a specific host MTA
Exam Question 239
A forensic investigator has run into difficulty recovering usable files from a SAN drive. Which of the following SAN features might have caused the problem?
A. Storage multipaths
B. Deduplication
C. iSCSI initiator encryption
D. Data snapshots
Correct Answer:
B. Deduplication
Exam Question 240
A company offers SaaS, maintaining all customers’ credentials and authenticating locally. Many large customers have requested the company offer some form of federation with their existing authentication infrastructures.
Which of the following would allow customers to manage authentication and authorizations from within their existing organizations?
A. Implement SAML so the company’s services may accept assertions from the customers’ authentication servers.
B. Provide customers with a constrained interface to manage only their users’ accounts in the company’s active directory server.
C. Provide a system for customers to replicate their users’ passwords from their authentication service to the company’s.
D. Use SOAP calls to support authentication between the company’s product and the customers’ authentication servers.
Correct Answer:
A. Implement SAML so the company’s services may accept assertions from the customers’ authentication servers.