CompTIA Security+ SY0-501 Exam Questions and Answers – Page 6

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 511

While testing a new vulnerability scanner, a technician becomes concerned about reports that list security concerns that are not present on the systems being tested. Which of the following BEST describes this flaw?

A. False positives
B. Crossover error rate
C. Uncredentialed scan
D. Passive security controls

Correct Answer:
A. False positives

Exam Question 512

To further secure a company’s email system, an administrator is adding public keys to DNS records in the company’s domain. Which of the following is being used?

A. PFS
B. SPF
C. DMARC
D. DNSSEC

Correct Answer:
D. DNSSEC

Exam Question 513

A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users’ credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?

A. Password length, password encryption, password complexity
B. Password complexity, least privilege, password reuse
C. Password reuse, password complexity, password expiration
D. Group policy, password history, password encryption

Correct Answer:
C. Password reuse, password complexity, password expiration

Exam Question 514

A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Choose two.)

A. Use a unique managed service account.
B. Utilize a generic password for authenticating.
C. Enable and review account audit logs.
D. Enforce least possible privileges for the account.
E. Add the account to the local administrators group.
F. Use a guest account placed in a non-privileged users group.

Correct Answer:
A. Use a unique managed service account.
D. Enforce least possible privileges for the account.

Exam Question 515

Which of the following is a benefit of credentialed vulnerability scans?

A. Credentials provide access to scan documents to identify possible data theft.
B. The vulnerability scanner is able to inventory software on the target.
C. A scan will reveal data loss in real time.
D. Black-box testing can be performed.

Correct Answer:
B. The vulnerability scanner is able to inventory software on the target.

Exam Question 516

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

A. Onetime passwords
B. Email tokens
C. Push notifications
D. Hardware authentication

Correct Answer:
C. Push notifications

Exam Question 517

Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?

A. Sandbox
B. Honeypot
C. GPO
D. DMZ

Correct Answer:
A. Sandbox

Exam Question 518

Which of the following attacks is used to capture the WPA2 handshake?

A. Replay
B. IV
C. Evil twin
D. Disassociation

Correct Answer:
D. Disassociation

Exam Question 519

A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the device?

A. Call the company help desk to remotely wipe the device.
B. Report the loss to authorities.
C. Check with corporate physical security for the device.
D. Identify files that are potentially missing on the device.

Correct Answer:
A. Call the company help desk to remotely wipe the device.

Exam Question 520

A government agency with sensitive information wants to virtualize its infrastructure. Which of the following cloud deployment models BEST fits the agency’s needs?

A. Public
B. Community
C. Private
D. Hybrid

Correct Answer:
C. Private