The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 271
A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks? (Choose two.)
A. Install an additional firewall
B. Implement a redundant email server
C. Block access to personal email on corporate systems
D. Update the X.509 certificates on the corporate email server
E. Update corporate policy to prohibit access to social media websites
F. Review access violation on the file server
Correct Answer:
C. Block access to personal email on corporate systems
E. Update corporate policy to prohibit access to social media websites
Exam Question 272
A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact?
A. Launch an investigation to identify the attacking host
B. Initiate the incident response plan
C. Review lessons learned captured in the process
D. Remove malware and restore the system to normal operation
Correct Answer:
D. Remove malware and restore the system to normal operation
Exam Question 273
Joe, a salesman, was assigned to a new project that requires him to travel to a client site. While waiting for a flight, Joe, decides to connect to the airport wireless network without connecting to a VPN, and the sends confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation, the company learns Joe’s emails were intercepted. Which of the following MOST likely caused the data breach?
A. Policy violation
B. Social engineering
C. Insider threat
D. Zero-day attack
Correct Answer:
A. Policy violation
Exam Question 274
A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed?
A. Mission-essential function
B. Single point of failure
C. backup and restoration plans
D. Identification of critical systems
Correct Answer:
A. Mission-essential function
Answer Description:
The BIA is composed of the following three steps: Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime.
Exam Question 275
A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take the chain of custody?
A. Make a forensic copy
B. Create a hash of the hard drive
C. Recover the hard drive data
D. Update the evidence log
Correct Answer:
D. Update the evidence log
Exam Question 276
An incident response manager has started to gather all the facts related to a SIEM alert showing multiple systems may have been compromised.
The manager has gathered these facts:
- The breach is currently indicated on six user PCs
- One service account is potentially compromised
- Executive management has been notified
In which of the following phases of the IRP is the manager currently working?
A. Recovery
B. Eradication
C. Containment
D. Identification
Correct Answer:
D. Identification
Exam Question 277
A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi (161km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?
A. Hot site
B. Warm site
C. Cold site
D. Cloud-based site
Correct Answer:
D. Cloud-based site
Exam Question 278
User from two organizations, each with its own PKI, need to begin working together on a joint project.
Which of the following would allow the users of the separate PKIs to work together without connection errors?
A. Trust model
B. Stapling
C. Intermediate CA
D. Key escrow
Correct Answer:
A. Trust model
Exam Question 279
A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure.
Given the requirement, which of the following should the security analyst do to MINIMIZE the risk?
A. Enable CHAP
B. Disable NTLM
C. Enable Kerebos
D. Disable PAP
Correct Answer:
B. Disable NTLM
Exam Question 280
A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report?
A. Vulnerability scanner
B. Protocol analyzer
C. Network mapper
D. Web inspector
Correct Answer:
A. Vulnerability scanner