The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 341
A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this?
A. Air gapped network
B. Load balanced network
C. Network address translation
D. Network segmentation
Correct Answer:
D. Network segmentation
Exam Question 342
A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user’s machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure?
A. SSH
B. SFTP
C. HTTPS
D. SNMP
Correct Answer:
A. SSH
Exam Question 343
Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled “unclassified” and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives?
A. Burning
B. Wiping
C. Purging
D. Pulverizing
Correct Answer:
D. Pulverizing
Exam Question 344
A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites:
10 PERMIT FROM:ANY TO:ANY PORT:80
20 PERMIT FROM:ANY TO:ANY PORT:443
30 DENY FROM:ANY TO:ANY PORT:ANY
Which of the following is the MOST secure solution the security administrator can implement to fix this issue?
A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53
B. Replace rule number 10 with the following rule: 10 PERMIT FROM:ANY TO:ANY PORT:22
C. Insert the following rule in the firewall: 25 PERMIT FROM:ANY TO:ANY PORTS:ANY
D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY
Correct Answer:
A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53
Exam Question 345
A security administrator is performing a risk assessment on a legacy WAP with a WEP-enabled wireless infrastructure. Which of the following should be implemented to harden the infrastructure without upgrading the WAP?
A. Implement WPA and TKIP
B. Implement WPS and an eight-digit pin
C. Implement WEP and RC4
D. Implement WPA2 Enterprise
Correct Answer:
D. Implement WPA2 Enterprise
Exam Question 346
A systems administrator is installing a new server in a large datacenter. Which of the following BEST describes the importance of properly positioning servers in the rack to maintain availability?
A. To allow for visibility of the servers’ status indicators
B. To adhere to cable management standards
C. To maximize the fire suppression system’s efficiency
D. To provide consistent air flow
Correct Answer:
D. To provide consistent air flow
Exam Question 347
To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?
A. Log all users out of the system
B. Patch the scanner
C. Reboot the target host
D. Update the web plugins
Correct Answer:
B. Patch the scanner
Exam Question 348
While investigating a virus infection, a security analyst discovered the following on an employee laptop:
- Multiple folders containing a large number of newly released movies and music files
- Proprietary company data
- A large amount of PHI data
- Unapproved FTP software
- Documents that appear to belong to a competitor
Which of the following should the analyst do FIRST?
A. Contact the legal and compliance department for guidance
B. Delete the files, remove the FTP software, and notify management
C. Back up the files and return the device to the user
D. Wipe and reimage the device
Correct Answer:
A. Contact the legal and compliance department for guidance
Exam Question 349
Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the Windows/CurrentVersion/Run registry key?
A. Persistence
B. Pivoting
C. Active reconnaissance
D. Escalation of privilege
Correct Answer:
D. Escalation of privilege
Exam Question 350
A security analyst is implementing PKI-based functionality to a web application that has the following requirements:
- File contains certificate information
- Certificate chains
- Root authority certificates
- Private key
All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements?
A. .pfx certificate
B. .cer certificate
C. .der certificate
D. .crt certificate
Correct Answer:
A. .pfx certificate