CompTIA Security+ SY0-501 Exam Questions and Answers – Page 3

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 241

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization’s incident response capabilities. Which of the following activities has the incident team lead executed?

A. Lessons learned review
B. Root cause analysis
C. Incident audit
D. Corrective action exercise

Correct Answer:
A. Lessons learned review

Exam Question 242

A security analyst is attempting to break into a client’s secure network. The analyst was not given prior information about the client, except for a block of public IP addresses that are currently in use. After network enumeration, the analyst’s NEXT step is to perform:

A. a risk analysis.
B. a vulnerability assessment.
C. a gray-box penetration test.
D. an external security audit.
E. a red team exercise.

Correct Answer:
C. a gray-box penetration test.

Exam Question 243

After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?

A. One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
B. One key pair will be used for encryption. The other key pair will provide extended validation.
C. Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
D. One key pair will be used for internal communication, and the other will be used for external communication.

Correct Answer:
A. One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.

Exam Question 244

A security manager is creating an account management policy for a global organization with sales personnel who must access corporate network resources while traveling all over the world.
Which of the following practices is the security manager MOST likely to enforce with the policy? (Choose two.)

A. Time-of-day restrictions
B. Password complexity
C. Location-based authentication
D. Group-based access control
E. Standard naming convention

Correct Answer:
B. Password complexity
D. Group-based access control

Exam Question 245

A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities were compromised, and they were victims of a recent whaling attack.
Which of the following would prevent these problems in the future? (Choose two.)

A. Implement a reverse proxy.
B. Implement an email DLP.
C. Implement a spam filter.
D. Implement a host-based firewall.
E. Implement a HIDS.

Correct Answer:
B. Implement an email DLP.
C. Implement a spam filter.

Exam Question 246

Ann is the IS manager for several new systems in which the classifications of the systems’ data are being decided. She is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification?

A. Steward
B. Custodian
C. User
D. Owner

Correct Answer:
D. Owner

Exam Question 247

Attackers have been using revoked certificates for MITM attacks to steal credentials from employees of Company.com.
Which of the following options should Company.com implement to mitigate these attacks?

A. Captive portal
B. OCSP stapling
C. Object identifiers
D. Key escrow
E. Extended validation certificate

Correct Answer:
B. OCSP stapling

Exam Question 248

A company is allowing a BYOD policy for its staff.
Which of the following is a best practice that can decrease the risk of users jailbreaking mobile devices?

A. Install a corporately monitored mobile antivirus on the devices.
B. Prevent the installation of applications from a third-party application store.
C. Build a custom ROM that can prevent jailbreaking.
D. Require applications to be digitally signed.

Correct Answer:
D. Require applications to be digitally signed.

Exam Question 249

A hacker has a packet capture that contains:

A hacker has a packet capture that contains
A hacker has a packet capture that contains

Which of the following tools will the hacker use against this type of capture?

A. Password cracker
B. Vulnerability scanner
C. DLP scanner
D. Fuzzer

Correct Answer:
A. Password cracker

Exam Question 250

A user downloads and installs an MP3 converter, and runs the application. Upon running the application, the antivirus detects a new port in a listening state. Which of the following has the user MOST likely executed?

A. RAT
B. Worm
C. Ransomware
D. Bot

Correct Answer:
A. RAT