The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 531
Which of the following would a security specialist be able to determine upon examination of a server’s certificate?
A. CA public key
B. Server private key
C. CSR
D. OID
Correct Answer:
D. OID
Exam Question 532
A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?
A. tracert
B. netstat
C. ping
D. nslookup
Correct Answer:
B. netstat
Exam Question 533
Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions:
- Shut down all network shares.
- Run an email search identifying all employees who received the malicious message.
- Reimage all devices belonging to users who opened the attachment.
Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process?
A. Eradication
B. Containment
C. Recovery
D. Lessons learned
Correct Answer:
C. Recovery
Exam Question 534
A security analyst is reviewing the following output from an IPS:
A security analyst is reviewing the following output from an IPS
Given this output, which of the following can be concluded? (Select two.)
A. The source IP of the attack is coming from 250.19.18.22.
B. The source IP of the attack is coming from 250.19.18.71.
C. The attacker sent a malformed IGAP packet, triggering the alert.
D. The attacker sent a malformed TCP packet, triggering the alert.
E. The TTL value is outside of the expected range, triggering the alert.
Correct Answer:
B. The source IP of the attack is coming from 250.19.18.71.
C. The attacker sent a malformed IGAP packet, triggering the alert.
Exam Question 535
An auditor wants to test the security posture of an organization by running a tool that will display the following:
An auditor wants to test the security posture of an organization by running a tool that will display the following
Which of the following commands should be used?
A. nbtstat
B. nc
C. arp
D. ipconfig
Correct Answer:
A. nbtstat
Exam Question 536
A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following:
- There is no standardization.
- Employees ask for reimbursement for their devices.
- Employees do not replace their devices often enough to keep them running efficiently.
- The company does not have enough control over the devices.
Which of the following is a deployment model that would help the company overcome these problems?
A. BYOD
B. VDI
C. COPE
D. CYOD
Correct Answer:
D. CYOD
Exam Question 537
A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack. News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong?
A. SoC
B. ICS
C. IoT
D. MFD
Correct Answer:
C. IoT
Exam Question 538
Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone.
Joe’s colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Select two.)
A. Near-field communication.
B. Rooting/jailbreaking
C. Ad-hoc connections
D. Tethering
E. Sideloading
Correct Answer:
B. Rooting/jailbreaking
E. Sideloading
Exam Question 539
Which of the following can be provided to an AAA system for the identification phase?
A. Username
B. Permissions
C. One-time token
D. Private certificate
Correct Answer:
A. Username
Exam Question 540
Which of the following implements two-factor authentication?
A. A phone system requiring a PIN to make a call
B. At ATM requiring a credit card and PIN
C. A computer requiring username and password
D. A datacenter mantrap requiring fingerprint and iris scan
Correct Answer:
B. At ATM requiring a credit card and PIN