CompTIA Security+ SY0-501 Exam Questions and Answers – Page 6

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 531

Which of the following would a security specialist be able to determine upon examination of a server’s certificate?

A. CA public key
B. Server private key
C. CSR
D. OID

Correct Answer:
D. OID

Exam Question 532

A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket identified on the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection?

A. tracert
B. netstat
C. ping
D. nslookup

Correct Answer:
B. netstat

Exam Question 533

Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions:

  • Shut down all network shares.
  • Run an email search identifying all employees who received the malicious message.
  • Reimage all devices belonging to users who opened the attachment.

Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process?

A. Eradication
B. Containment
C. Recovery
D. Lessons learned

Correct Answer:
C. Recovery

Exam Question 534

A security analyst is reviewing the following output from an IPS:

A security analyst is reviewing the following output from an IPS
A security analyst is reviewing the following output from an IPS

Given this output, which of the following can be concluded? (Select two.)

A. The source IP of the attack is coming from 250.19.18.22.
B. The source IP of the attack is coming from 250.19.18.71.
C. The attacker sent a malformed IGAP packet, triggering the alert.
D. The attacker sent a malformed TCP packet, triggering the alert.
E. The TTL value is outside of the expected range, triggering the alert.

Correct Answer:
B. The source IP of the attack is coming from 250.19.18.71.
C. The attacker sent a malformed IGAP packet, triggering the alert.

Exam Question 535

An auditor wants to test the security posture of an organization by running a tool that will display the following:

An auditor wants to test the security posture of an organization by running a tool that will display the following
An auditor wants to test the security posture of an organization by running a tool that will display the following

Which of the following commands should be used?

A. nbtstat
B. nc
C. arp
D. ipconfig

Correct Answer:
A. nbtstat

Exam Question 536

A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following:

  • There is no standardization.
  • Employees ask for reimbursement for their devices.
  • Employees do not replace their devices often enough to keep them running efficiently.
  • The company does not have enough control over the devices.

Which of the following is a deployment model that would help the company overcome these problems?

A. BYOD
B. VDI
C. COPE
D. CYOD

Correct Answer:
D. CYOD

Exam Question 537

A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack. News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong?

A. SoC
B. ICS
C. IoT
D. MFD

Correct Answer:
C. IoT

Exam Question 538

Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone.
Joe’s colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Select two.)

A. Near-field communication.
B. Rooting/jailbreaking
C. Ad-hoc connections
D. Tethering
E. Sideloading

Correct Answer:
B. Rooting/jailbreaking
E. Sideloading

Exam Question 539

Which of the following can be provided to an AAA system for the identification phase?

A. Username
B. Permissions
C. One-time token
D. Private certificate

Correct Answer:
A. Username

Exam Question 540

Which of the following implements two-factor authentication?

A. A phone system requiring a PIN to make a call
B. At ATM requiring a credit card and PIN
C. A computer requiring username and password
D. A datacenter mantrap requiring fingerprint and iris scan

Correct Answer:
B. At ATM requiring a credit card and PIN