The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 371
An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view.
Which of the following BEST describes this type of message?
A. Obfuscation
B. Steganography
C. Diffusion
D. BCRYPT
Correct Answer:
A. Obfuscation
Exam Question 372
If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using?
A. RSA
B. 3DES
C. DSA
D. SHA-2
Correct Answer:
B. 3DES
Exam Question 373
Confidential corporate data was recently stolen by an attacker who exploited data transport protections.
Which of the following vulnerabilities is the MOST likely cause of this data breach?
A. Resource exhaustion on VPN concentrators
B. Weak SSL cipher strength
C. Improper input handling on FTP site
D. Race condition on packet inspection firewall
Correct Answer:
C. Improper input handling on FTP site
Exam Question 374
A security analyst is checking log files and finds the following entries:
A security analyst is checking log files and finds the following entries
Which of the following is MOST likely happening?
A. A hacker attempted to pivot using the web server interface.
B. A potential hacker could be banner grabbing to determine what architecture is being used.
C. The DNS is misconfigured for the server’s IP address.
D. A server is experiencing a DoS, and the request is timing out.
Correct Answer:
A. A hacker attempted to pivot using the web server interface.
Exam Question 375
A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices.
Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?
A. Key rotation
B. Mutual authentication
C. Secure hashing
D. Certificate pinning
Correct Answer:
B. Mutual authentication
Exam Question 376
A staff member contacts the help desk because the staff member’s device is currently experiencing the following symptoms:
- Long delays when launching applications
- Timeout errors when loading some websites
- Errors when attempting to open local Word documents and photo files
- Pop-up messages in the task bar stating that antivirus is out-of-date
- VPN connection that keeps timing out, causing the device to lose connectivity
Which of the following BEST describes the root cause of these symptoms?
A. The user has disabled the antivirus software on the device, and the hostchecker for the VPN is preventing access.
B. The device is infected with crypto-malware, and the files on the device are being encrypted.
C. The proxy server for accessing websites has a rootkit installed, and this is causing connectivity issues.
D. A patch has been incorrectly applied to the device and is causing issues with the wireless adapter on
the device.
Correct Answer:
B. The device is infected with crypto-malware, and the files on the device are being encrypted.
Exam Question 377
A small organization has implemented a rogue system detection solution. Which of the following BEST explains the organization’s intent?
A. To identify weak ciphers being used on the network
B. To identify assets on the network that are subject to resource exhaustion
C. To identify end-of-life systems still in use on the network
D. To identify assets that are not authorized for use on the network
Correct Answer:
D. To identify assets that are not authorized for use on the network
Exam Question 378
Which of the following is used to encrypt web application data?
A. MD5
B. AES
C. SHA
D. DHA
Correct Answer:
B. AES
Exam Question 379
Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources?
A. RADIUS
B. SSH
C. OAuth
D. MSCHAP
Correct Answer:
C. OAuth
Exam Question 380
Which of the following are considered to be “something you do”? (Choose two.)
A. Iris scan
B. Handwriting
C. CAC card
D. Gait
E. PIN
F. Fingerprint
Correct Answer:
B. Handwriting
D. Gait