The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 251
An attacker exploited a vulnerability on a mail server using the code below.
An attacker exploited a vulnerability on a mail server using the code
Which of the following BEST explains what the attacker is doing?
A. The attacker is replacing a cookie.
B. The attacker is stealing a document.
C. The attacker is replacing a document.
D. The attacker is deleting a cookie.
Correct Answer:
C. The attacker is replacing a document.
Exam Question 252
A CSIRT has completed restoration procedures related to a breach of sensitive data is creating documentation used to improve the organization’s security posture. The team has been specifically tasked to address logical controls in their suggestions. Which of the following would be MOST beneficial to include in lessons learned documentation? (Choose two.)
A. A list of policies, which should be revised to provide better clarity to employees regarding acceptable use
B. Recommendations relating to improved log correlation and alerting tools
C. Data from the organization’s IDS/IPS tools, which show the timeline of the breach and the activities executed by the attacker
D. A list of potential improvements to the organization’s NAC capabilities, which would improve AAA within the environment
E. A summary of the activities performed during each phase of the incident response activity
F. A list of topics that should be added to the organization’s security awareness training program based on weaknesses exploited during the attack
Correct Answer:
A. A list of policies, which should be revised to provide better clarity to employees regarding acceptable use
F. A list of topics that should be added to the organization’s security awareness training program based on weaknesses exploited during the attack
Exam Question 253
An organization plans to implement multifactor authentication techniques within the enterprise network architecture. Each authentication factor is expected to be a unique control.
Which of the following BEST describes the proper employment of multifactor authentication?
A. Proximity card, fingerprint scanner, PIN
B. Fingerprint scanner, voice recognition, proximity card
C. Smart card, user PKI certificate, privileged user certificate
D. Voice recognition, smart card, proximity card
Correct Answer:
A. Proximity card, fingerprint scanner, PIN
Exam Question 254
Upon entering an incorrect password, the logon screen displays a message informing the user that the password does not match the username provided and is not the required length of 12 characters.
Which of the following secure coding techniques should a security analyst address with the application developers to follow security best practices?
A. Input validation
B. Error handling
C. Obfuscation
D. Data exposure
Correct Answer:
B. Error handling
Exam Question 255
Which of the following is the BEST reason to run an untested application is a sandbox?
A. To allow the application to take full advantage of the host system’s resources and storage
B. To utilize the host systems antivirus and firewall applications instead of running it own protection
C. To prevent the application from acquiring escalated privileges and accessing its host system
D. To increase application processing speed so the host system can perform real-time logging
Correct Answer:
C. To prevent the application from acquiring escalated privileges and accessing its host system
Exam Question 256
Which of the following is used to validate the integrity of data?
A. CBC
B. Blowfish
C. MD5
D. RSA
Correct Answer:
C. MD5
Exam Question 257
A user typically works remotely over the holidays using a web-based VPN to access corporate resources.
The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause?
A. The certificate has expired
B. The browser does not support SSL
C. The user’s account is locked out
D. The VPN software has reached the seat license maximum
Correct Answer:
A. The certificate has expired
Exam Question 258
A security analyst is acquiring data from a potential network incident.
Which of the following evidence is the analyst MOST likely to obtain to determine the incident?
A. Volatile memory capture
B. Traffic and logs
C. Screenshots
D. System image capture
Correct Answer:
B. Traffic and logs
Exam Question 259
A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port.
Upon investigation, the origin host that initiated the socket shows this output:
the origin host that initiated the socket shows this output
Given the above output, which of the following commands would have established the questionable socket?
A. traceroute 8.8.8.8
B. ping -1 30 8.8.8.8 -s 600
C. nc -1 192.168.5.1 -p 9856
D. pskill pid 9487
Correct Answer:
C. nc -1 192.168.5.1 -p 9856
Exam Question 260
A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information.
Which of the following should the administrator use? (Choose two.)
A. TOPT
B. SCP
C. FTP over a non-standard pot
D. SRTP
E. Certificate-based authentication
F. SNMPv3
Correct Answer:
C. FTP over a non-standard pot
E. Certificate-based authentication