The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 671
A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform?
A. Pass-the-hash attack
B. ARP poisoning attack
C. Birthday attack
D. Brute force attack
Correct Answer:
A. Pass-the-hash attack
Exam Question 672
Which of the following is the main difference an XSS vulnerability and a CSRF vulnerability?
A. XSS needs the attacker to be authenticated to the trusted server.
B. XSS does not need the victim to be authenticated to the trusted server.
C. CSRF needs the victim to be authenticated to the trusted server.
D. CSRF does not need the victim to be authenticated to the trusted server.
E. CSRF does not need the attacker to be authenticated to the trusted server.
Correct Answer:
B. XSS does not need the victim to be authenticated to the trusted server.
C. CSRF needs the victim to be authenticated to the trusted server.
Exam Question 673
A small- to medium-sized company wants to block the use of USB devices on its network. Which of the following is the MOST cost-effective way for the security analyst to prevent this?
A. Implement a DLP system
B. Apply a GPO
C. Conduct user awareness training
D. Enforce the AUP.
Correct Answer:
B. Apply a GPO
Exam Question 674
Users are attempting to access a company’s website but are transparently redirected to another websites.
The users confirm the URL is correct. Which of the following would BEST prevent this issue in the futue?
A. DNSSEC
B. HTTPS
C. IPSec
D. TLS/SSL
Correct Answer:
A. DNSSEC
Exam Question 675
A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item as checkout. Which of the following
BEST describes this type of user?
A. Insider
B. Script kiddie
C. Competitor
D. Hacktivist
E. APT
Correct Answer:
B. Script kiddie
Exam Question 676
An employee workstation with an IP address of 204.211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/24 after a firewall upgrade. The active firewall rules are as follows:
The active firewall rules are as follows
Assuming port numbers have not been changed from their defaults, which of the following should be modified to allow printing to the network printer?
A. The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP
B. The deny statement for 204.211.38.52/24 should be changed to a permit statement
C. The permit statement for 204.211.38.52/24 should be changed to UDP port 443 instead of 631
D. The permit statement for 204.211.38.211/24 should be changed to TCP port 631 only instead of ALL
Correct Answer:
A. The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP
Exam Question 677
A security analyst is assessing a small company’s internal servers against recommended security practices.
Which of the following should the analyst do to conduct the assessment? (Choose two.)
A. Compare configurations against platform benchmarks
B. Confirm adherence to the company’s industry-specific regulations
C. Review the company’s current security baseline
D. Verify alignment with policy related to regulatory compliance
E. Run an exploitation framework to confirm vulnerabilities
Correct Answer:
C. Review the company’s current security baseline
E. Run an exploitation framework to confirm vulnerabilities
Exam Question 678
Students at a residence hall are reporting Internet connectivity issues. The university’s network administrator configured the residence hall’s network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall’s network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation?
A. Router ACLs
B. BPDU guard
C. Flood guard
D. DHCP snooping
Correct Answer:
D. DHCP snooping
Exam Question 679
An organization has an account management policy that defines parameters around each type of account.
The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners?
A. Guest account
B. User account
C. Shared account
D. Privileged user account
E. Default account
F. Service account
Correct Answer:
D. Privileged user account
Exam Question 680
A security analyst is implementing PKI-based functionality to a web application that has the following requirements:
- File contains certificate information
- Certificate chains
- Root authority certificates
- Private key
All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements?
A. .pfx certificate
B. .cer certificate
C. .der certificate
D. .crt certificate
Correct Answer:
A. .pfx certificate