The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 791
A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use?
A. Wildcard certificate
B. Extended validation certificate
C. Certificate chaining
D. Certificate utilizing the SAN file
Correct Answer:
D. Certificate utilizing the SAN file
Answer Description:
SAN = Subject Alternate Names
Exam Question 792
An analyst is using a vulnerability scanner to look for common security misconfigurations on devices.
Which of the following might be identified by the scanner? (Choose two.)
A. The firewall is disabled on workstations.
B. SSH is enabled on servers.
C. Browser homepages have not been customized.
D. Default administrator credentials exist on networking hardware.
E. The OS is only set to check for updates once a day.
Correct Answer:
A. The firewall is disabled on workstations.
E. The OS is only set to check for updates once a day.
Exam Question 793
Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request?
A. Retinal scan
B. Passphrase
C. Token fob
D. Security question
Correct Answer:
C. Token fob
Exam Question 794
A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows:
A security analyst is reviewing the password policy for a service account that is used for a critical network service.
Which of the following adjustments would be the MOST appropriate for the service account?
A. Disable account lockouts
B. Set the maximum password age to 15 days
C. Set the minimum password age to seven days
D. Increase password length to 18 characters
Correct Answer:
B. Set the maximum password age to 15 days
Exam Question 795
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator.
Which of the following protocols should be configured on the RADIUS server? (Choose two.)
A. PAP
B. MSCHAP
C. PEAP
D. NTLM
E. SAML
Correct Answer:
B. MSCHAP
C. PEAP
Exam Question 796
A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate potential vulnerabilities, which of the following BEST accomplishes this objective?
A. Use application whitelisting.
B. Employ patch management.
C. Disable the default administrator account.
D. Implement full-disk encryption.
Correct Answer:
A. Use application whitelisting.
Exam Question 797
When used together, which of the following qualify as two-factor authentication?
A. Password and PIN
B. Smart card and PIN
C. Proximity card and smart card
D. Fingerprint scanner and iris scanner
Correct Answer:
B. Smart card and PIN
Exam Question 798
A Chief Information Security Officer (CISO) has instructed the information assurance staff to act upon a fast-spreading virus.
Which of the following steps in the incident response process should be taken NEXT?
A. Identification
B. Eradication
C. Escalation
D. Containment
Correct Answer:
A. Identification
Exam Question 799
An organization wants to deliver streaming audio and video from its home office to remote locations all over the world. It wants the stream to be delivered securely and protected from intercept and replay attacks.
Which of the following protocols is BEST suited for this purpose?
A. SSH
B. SIP
C. S/MIME
D. SRTP
Correct Answer:
D. SRTP
Exam Question 800
Which of the following implements a stream cipher?
A. File-level encryption
B. IKEv2 exchange
C. SFTP data transfer
D. S/MIME encryption
Correct Answer:
D. S/MIME encryption