The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 611
A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources.
Which of the following should be implemented?
A. Mandatory access control
B. Discretionary access control
C. Role based access control
D. Rule-based access control
Correct Answer:
B. Discretionary access control
Exam Question 612
Which of the following are MOST susceptible to birthday attacks?
A. Hashed passwords
B. Digital certificates
C. Encryption passwords
D. One time passwords
Correct Answer:
A. Hashed passwords
Exam Question 613
A product manager is concerned about continuing operations at a facility located in a region undergoing significant political unrest. After consulting with senior management, a decision is made to suspend operations at the facility until the situation stabilizes.
Which of the following risk management strategies BEST describes management’s response?
A. Deterrence
B. Mitigation
C. Avoidance
D. Acceptance
Correct Answer:
C. Avoidance
Exam Question 614
An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient.
Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement?
A. Transitive trust
B. Symmetric encryption
C. Two-factor authentication
D. Digital signatures
E. One-time passwords
Correct Answer:
D. Digital signatures
Exam Question 615
An attack that is using interference as its main attack to impede network traffic is which of the following?
A. Introducing too much data to a targets memory allocation
B. Utilizing a previously unknown security flaw against the target
C. Using a similar wireless configuration of a nearby network
D. Inundating a target system with SYN requests
Correct Answer:
C. Using a similar wireless configuration of a nearby network
Exam Question 616
Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes.
Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?
A. Data Labeling and disposal
B. Use of social networking
C. Use of P2P networking
D. Role-based training
Correct Answer:
B. Use of social networking
Exam Question 617
During a recent audit, it was discovered that many services and desktops were missing security patches.
Which of the following BEST describes the assessment that was performed to discover this issue?
A. Network mapping
B. Vulnerability scan
C. Port Scan
D. Protocol analysis
Correct Answer:
B. Vulnerability scan
Exam Question 618
Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain?
A. TACACS+
B. RADIUS
C. Kerberos
D. SAML
Correct Answer:
D. SAML
Exam Question 619
A security administrator needs an external vendor to correct an urgent issue with an organization’s physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system.
Which of the following methods should the security administrator select the best balances security and efficiency?
A. Temporarily permit outbound internet access for the pacs so desktop sharing can be set up
B. Have the external vendor come onsite and provide access to the PACS directly
C. Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
D. Set up a web conference on the administrator’s pc; then remotely connect to the pacs
Correct Answer:
A. Temporarily permit outbound internet access for the pacs so desktop sharing can be set up
Exam Question 620
Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall?
A. Egress traffic is more important than ingress traffic for malware prevention
B. To rebalance the amount of outbound traffic and inbound traffic
C. Outbound traffic could be communicating to known botnet sources
D. To prevent DDoS attacks originating from external network
Correct Answer:
C. Outbound traffic could be communicating to known botnet sources