The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 661
A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console:
The computer has not reported status in 30 days.
Given this scenario, which of the following statements BEST represents the issue with the output above?
A. The computer in question has not pulled the latest ACL policies for the firewall.
B. The computer in question has not pulled the latest GPO policies from the management server.
C. The computer in question has not pulled the latest antivirus definitions from the antivirus program.
D. The computer in question has not pulled the latest application software updates.
Correct Answer:
D. The computer in question has not pulled the latest application software updates.
Exam Question 662
A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server:
A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server
Which of the following did the security administrator discover?
A. Ransomeware
B. Backdoor
C. Logic bomb
D. Trojan
Correct Answer:
C. Logic bomb
Exam Question 663
A systems administrator is deploying a new mission essential server into a virtual environment. Which of the following is BEST mitigated by the environment’s rapid elasticity characteristic?
A. Data confidentiality breaches
B. VM escape attacks
C. Lack of redundancy
D. Denial of service
Correct Answer:
D. Denial of service
Exam Question 664
Confidential emails from an organization were posted to a website without the organization’s knowledge.
Upon investigation, it was determined that the emails were obtained from an internal actor who sniffed the emails in plain text.
Which of the following protocols, if properly implemented, would have MOST likely prevented the emails from being sniffed? (Select TWO)
A. Secure IMAP
B. DNSSEC
C. S/MIME
D. SMTPS
E. HTTPS
Correct Answer:
C. S/MIME
D. SMTPS
Exam Question 665
A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized.
Which of the following solutions would BEST meet these requirements?
A. Multifactor authentication
B. SSO
C. Biometrics
D. PKI
E. Federation
Correct Answer:
B. SSO
Exam Question 666
Which of the following is an asymmetric function that generates a new and separate key every time it runs?
A. RSA
B. DSA
C. DHE
D. HMAC
E. PBKDF2
Correct Answer:
C. DHE
Exam Question 667
A security administrator has configured a RADIUS and a TACACS+ server on the company’s network.
Network devices will be required to connect to the TACACS+ server for authentication and send accounting information to the RADIUS server. Given the following information:
RADIUS IP: 192.168.20.45
TACACS+ IP: 10.23.65.7
Which of the following should be configured on the network clients? (Select two.)
A. Accounting port: TCP 389
B. Accounting port: UDP 1812
C. Accounting port: UDP 1813
D. Authentication port: TCP 49
E. Authentication port: TCP 88
F. Authentication port: UDP 636
Correct Answer:
C. Accounting port: UDP 1813
D. Authentication port: TCP 49
Exam Question 668
A security analyst is hardening a large-scale wireless network. The primary requirements are the following:
- Must use authentication through EAP-TLS certificates
- Must use an AAA server
- Must use the most secure encryption protocol
Given these requirements, which of the following should the analyst implement and recommend? (Select TWO.)
A. 802.1X
B. 802.3
C. LDAP
D. TKIP
E. CCMP
F. WPA2-PSK
Correct Answer:
A. 802.1X
F. WPA2-PSK
Exam Question 669
A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS?
A. Network tap
B. Network proxy
C. Honeypot
D. Port mirroring
Correct Answer:
D. Port mirroring
Exam Question 670
An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network. Which of the following would be MOST appropriate based on the engineer’s requirements?
A. NIPS
B. HIDS
C. Web proxy
D. Elastic load balancer
E. NAC
Correct Answer:
A. NIPS