CompTIA Security+ SY0-501 Exam Questions and Answers – Page 4

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 321

A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?

A. Phishing
B. Man-in-the-middle
C. Tailgating
D. Watering hole
E. Shoulder surfing

Correct Answer:
C. Tailgating

Exam Question 322

An organization has implemented an IPSec VPN access for remote users.
Which of the following IPSec modes would be the MOST secure for this organization to implement?

A. Tunnel mode
B. Transport mode
C. AH-only mode
D. ESP-only mode

Correct Answer:
A. Tunnel mode
Answer Description:
In both ESP and AH cases with IPSec Transport mode, the IP header is exposed. The IP header is not exposed in IPSec Tunnel mode.

Exam Question 323

Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack.
Which of the following is considered to be a corrective action to combat this vulnerability?

A. Install an antivirus definition patch
B. Educate the workstation users
C. Leverage server isolation
D. Install a vendor-supplied patch
E. Install an intrusion detection system

Correct Answer:
D. Install a vendor-supplied patch

Exam Question 324

A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command:

The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command
The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command

The administrator successfully pings the DNS server from the workstation. Which of the following commands should be issued from the workstation to verify the DDoS attack is no longer occuring?

A. dig www.google.com
B. dig 192.168.1.254
C. dig workstation01.com
D. dig 192.168.1.26

Correct Answer:
C. dig workstation01.com

Exam Question 325

A security analyst receives a notification from the IDS after working hours, indicating a spike in network traffic. Which of the following BEST describes this type of IDS?

A. Anomaly-based
B. Stateful
C. Host-based
D. Signature-based

Correct Answer:
A. Anomaly-based

Exam Question 326

Which of the following is the main difference between an XSS vulnerability and a CSRF vulnerability?

A. XSS needs the attacker to be authenticated to the trusted server.
B. XSS does not need the victim to be authenticated to the trusted server.
C. CSRF needs the victim to be authenticated to the trusted server.
D. CSRF does not need the victim to be authenticated to the trusted server.
E. CSRF does not need the attacker to be authenticated to the trusted server.

Correct Answer:
B. XSS does not need the victim to be authenticated to the trusted server.
C. CSRF needs the victim to be authenticated to the trusted server.

Exam Question 327

A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric?

A. Time-based
B. Mandatory
C. Rule-based
D. Discretionary

Correct Answer:
D. Discretionary

Exam Question 328

Which of the following methods minimizes the system interaction when gathering information to conduct a vulnerability assessment of a router?

A. Download the configuration
B. Run a credentialed scan.
C. Conduct the assessment during downtime
D. Change the routing to bypass the router.

Correct Answer:
A. Download the configuration

Exam Question 329

Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment?

A. It allows the software to run in an unconstrained environment with full network access.
B. It eliminates the possibility of privilege escalation attacks against the local VM host.
C. It facilitates the analysis of possible malware by allowing it to run until resources are exhausted.
D. It restricts the access of the software to a contained logical space and limits possible damage.

Correct Answer:
D. It restricts the access of the software to a contained logical space and limits possible damage.

Exam Question 330

Corporations choose to exceed regulatory framework standards because of which of the following incentives?

A. It improves the legal defensibility of the company.
B. It gives a social defense that the company is not violating customer privacy laws.
C. It proves to investors that the company takes APT cyber actors seriously
D. It results in overall industrial security standards being raised voluntarily.

Correct Answer:
A. It improves the legal defensibility of the company.