The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 441
An organization’s research department uses workstations in an air-gapped network. A competitor released products based on files that originated in the research department. Which of the following should management do to improve the security and confidentiality of the research files?
A. Implement multifactor authentication on the workstations.
B. Configure removable media controls on the workstations.
C. Install a web application firewall in the research department.
D. Install HIDS on each of the research workstations.
Correct Answer:
B. Configure removable media controls on the workstations.
Exam Question 442
A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information?
A. DMZ
B. Guest network
C. Ad hoc
D. Honeynet
Correct Answer:
D. Honeynet
Exam Question 443
Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as:
A. pivoting.
B. persistence.
C. active reconnaissance.
D. a backdoor.
Correct Answer:
B. persistence.
Exam Question 444
A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?
A. VM sprawl
B. VM escape
C. VM migration
D. VM sandboxing
Correct Answer:
B. VM escape
Exam Question 445
Which of the following encryption algorithms require one encryption key? (Choose two.)
A. MD5
B. 3DES
C. BCRYPT
D. RC4
E. DSA
Correct Answer:
B. 3DES
D. RC4
Exam Question 446
A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company’s secure web servers must be inspected. Which of the following configurations would BEST support this requirement?
A. The web servers’ CA full certificate chain must be installed on the UTM.
B. The UTM certificate pair must be installed on the web servers.
C. The web servers’ private certificate must be installed on the UTM.
D. The UTM and web servers must use the same certificate authority.
Correct Answer:
A. The web servers’ CA full certificate chain must be installed on the UTM.
Exam Question 447
A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output:
Time: 12/25 0300
From Zone: Untrust
To Zone: DMZ
Attacker: externalip.com
Victim: 172.16.0.20
To Port: 80
Action: Alert
Severity: Critical
When examining the PCAP associated with the event, the security administrator finds the following information:
<script> alert (“Click here for important information regarding your account!
http://externalip.com/account.php”); </script>
Which of the following actions should the security administrator take?
A. Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.
B. Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.
C. Implement a host-based firewall rule to block future events of this type from occurring.
D. Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.
Correct Answer:
B. Manually copy the
Exam Question 448
Given the information below:
MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883
MD5HASH image.jpg 049eab40fd36caadlfab10b3cdf4a883
Which of the following concepts are described above? (Choose two.)
A. Salting
B. Collision
C. Steganography
D. Hashing
E. Key stretching
Correct Answer:
B. Collision
D. Hashing
Exam Question 449
An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?
A. VDI environment
B. CYOD model
C. DAC mode
D. BYOD model
Correct Answer:
B. CYOD model
Exam Question 450
A state-sponsored threat actor has launched several successful attacks against a corporate network.
Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?
A. Rogue system detection
B. Honeypots
C. Next-generation firewall
D. Penetration test
Correct Answer:
B. Honeypots