The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 521
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.
Correct Answer:
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
Exam Question 522
A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
<a href=”https://www.company.com/payto.do?
routing=00001111&acct=22223334&amount=250”>Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?
A. SQL injection
B. CSRF
C. XSS
D. XSRF
Correct Answer:
B. CSRF
Exam Question 523
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised.
Correct Answer:
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
Exam Question 524
A security engineer at an offline government facility is concerned about the validity of an SSL certificate.
The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?
A. RA
B. OCSP
C. CRI
D. CSR
Correct Answer:
B. OCSP
Exam Question 525
A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?
A. Faraday cage
B. Mantrap
C. Biometrics
D. Proximity cards
Correct Answer:
B. Mantrap
Exam Question 526
After successfully breaking into several networks and infecting multiple machines with malware, hackers contact the network owners, demanding payment to remove the infection and decrypt files. The hackers threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers?
A. Gray hat hackers
B. Organized crime
C. Insiders
D. Hacktivists
Correct Answer:
B. Organized crime
Exam Question 527
An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?
A. It allows for the sharing of digital forensics data across organizations.
B. It provides insurance in case of a data breach.
C. It provides complimentary training and certification resources to IT security staff.
D. It certifies the organization can work with foreign entities that require a security clearance.
E. It assures customers that the organization meets security standards.
Correct Answer:
E. It assures customers that the organization meets security standards.
Exam Question 528
During an incident, a company’s CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A. Physically move the PC to a separate Internet point of presence.
B. Create and apply microsegmentation rules.
C. Emulate the malware in a heavily monitored DMZ segment.
D. Apply network blacklisting rules for the adversary domain.
Correct Answer:
B. Create and apply microsegmentation rules.
Exam Question 529
An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following is this an example of?
A. Change management
B. Job rotation
C. Separation of duties
D. Least privilege
Correct Answer:
C. Separation of duties
Exam Question 530
An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat
Correct Answer:
D. An advanced persistent threat