The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
CompTIA Security+ (SY0-501) Exam Questions and Answers
Exam Question 501
An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.168.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?
A. The attacker has exploited a vulnerability that is commonly associated with TLS1.3.
B. The application server is also running a web server that has been compromised.
C. The attacker is picking off unencrypted credentials and using those to log in to the secure server.
D. User accounts have been improperly configured to allow single sign-on across multiple servers.
Correct Answer:
C. The attacker is picking off unencrypted credentials and using those to log in to the secure server.
Exam Question 502
Which of the following is a passive method to test whether transport encryption is implemented?
A. Black box penetration test
B. Port scan
C. Code analysis
D. Banner grabbing
Correct Answer:
D. Banner grabbing
Exam Question 503
The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur?
A. Ransomware
B. Polymorphic virus
C. Rootkit
D. Spyware
Correct Answer:
A. Ransomware
Exam Question 504
Ann, a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann’s computer?
A. The hard drive is falling, and the files are being corrupted.
B. The computer has been infected with crypto-malware.
C. A replay attack has occurred.
D. A keylogger has been installed.
Correct Answer:
B. The computer has been infected with crypto-malware.
Exam Question 505
A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?
A. A bot
B. A fileless virus
C. A logic bomb
D. A RAT
Correct Answer:
A. A bot
Exam Question 506
A systems administrator is auditing the company’s Active Directory environment. It is quickly noted that the username “company\bsmith” is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across?
A. Service account
B. Shared credentials
C. False positive
D. Local account
Correct Answer:
B. Shared credentials
Exam Question 507
During a forensic investigation, which of the following must be addressed FIRST according to the order of volatility?
A. Hard drive
B. RAM
C. Network attached storage
D. USB flash drive
Correct Answer:
B. RAM
Exam Question 508
A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text.
Which of the following algorithms should the analyst use to validate the integrity of the file?
A. 3DES
B. AES
C. MD5
D. RSA
Correct Answer:
C. MD5
Exam Question 509
A mobile application developer wants to secure an application that transmits sensitive information. Which of the following should the developer implement to prevent SSL MITM attacks?
A. Stapling
B. Chaining
C. Signing
D. Pinning
Correct Answer:
D. Pinning
Exam Question 510
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Correct Answer:
B. Containment