The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 471
A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement?
A. Snapshots
B. Revert to known state
C. Rollback to known configuration
D. Shadow copy
Correct Answer:
A. Snapshots
Exam Question 472
A technician is investigating a report of unusual behavior and slow performance on a company-owned laptop. The technician runs a command and reviews the following information:
The technician runs a command and reviews the following information
Based on the above information, which of the following types of malware should the technician report?
A. Spyware
B. Rootkit
C. RAT
D. Logic bomb
Correct Answer:
A. Spyware
Exam Question 473
An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager?
A. Install a web application firewall.
B. Install HIPS on the team’s workstations.
C. Implement containerization on the workstations.
D. Configure whitelisting for the team.
Correct Answer:
C. Implement containerization on the workstations.
Exam Question 474
Which of the following is the MOST likely motivation for a script kiddie threat actor?
A. Financial gain
B. Notoriety
C. Political expression
D. Corporate espionage
Correct Answer:
B. Notoriety
Exam Question 475
After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach. Which of the following steps in the incident response process has the administrator just completed?
A. Containment
B. Eradication
C. Recovery
D. Identification
Correct Answer:
B. Eradication
Exam Question 476
A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee’s position. Which of the following practices would BEST help to prevent this situation in the future?
A. Mandatory vacation
B. Separation of duties
C. Job rotation
D. Exit interviews
Correct Answer:
C. Job rotation
Exam Question 477
A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic. Which of the following should be used for the IDS implementation?
A. Network tap
B. Honeypot
C. Aggregation
D. Port mirror
Correct Answer:
A. Network tap
Exam Question 478
A contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?
A. Consult data disposition policies in the contract.
B. Use a pulper or pulverizer for data destruction.
C. Retain the data for a period no more than one year.
D. Burn hard copies containing PII or PHI
Correct Answer:
A. Consult data disposition policies in the contract.
Exam Question 479
A systems administrator is receiving multiple alerts from the company NIPS. A review of the NIPS logs shows the following:
reset both: 70.32.200.2:3194 –> 10.4.100.4:80 buffer overflow attempt
reset both: 70.32.200.2:3230 –> 10.4.100.4:80 directory traversal attack
reset client: 70.32.200.2:4019 –> 10.4.100.4:80 Blind SQL injection attack
Which of the following should the systems administrator report back to management?
A. The company web server was attacked by an external source, and the NIPS blocked the attack.
B. The company web and SQL servers suffered a DoS caused by a misconfiguration of the NIPS.
C. An external attacker was able to compromise the SQL server using a vulnerable web application.
D. The NIPS should move from an inline mode to an out-of-band mode to reduce network latency.
Correct Answer:
A. The company web server was attacked by an external source, and the NIPS blocked the attack.
Exam Question 480
Which of the following BEST distinguishes Agile development from other methodologies in terms of vulnerability management?
A. Cross-functional teams
B. Rapid deployments
C. Daily standups
D. Peer review
E. Creating user stories
Correct Answer:
C. Daily standups