The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 731
An organization is moving its human resources system to a cloud services provider.
The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords.
Which of the following options meets all of these requirements?
A. Two-factor authentication
B. Account and password synchronization
C. Smartcards with PINS
D. Federated authentication
Correct Answer:
D. Federated authentication
Exam Question 732
Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive.
Which of the following procedures did Joe follow?
A. Order of volatility
B. Chain of custody
C. Recovery procedure
D. Incident isolation
Correct Answer:
A. Order of volatility
Exam Question 733
The firewall administrator is adding a new certificate for the company’s remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly.
The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected.
Which of the following is required to complete the certificate chain?
A. Certificate revocation list
B. Intermediate authority
C. Recovery agent
D. Root of trust
Correct Answer:
B. Intermediate authority
Exam Question 734
Joe notices there are several user accounts on the local network generating spam with embedded malicious code.
Which of the following technical control should Joe put in place to BEST reduce these incidents?
A. Account lockout
B. Group Based Privileges
C. Least privilege
D. Password complexity
Correct Answer:
A. Account lockout
Exam Question 735
A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone when they leave the company.
Which of the following portions of the company’s mobile device management configuration would allow the company data to be removed from the device without touching the new hire’s data?
A. Asset control
B. Device access control
C. Storage lock out
D. Storage segmentation
Correct Answer:
D. Storage segmentation
Exam Question 736
Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication.
Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?
A. Use of OATH between the user and the service and attestation from the company domain
B. Use of active directory federation between the company and the cloud-based service
C. Use of smartcards that store x.509 keys, signed by a global CA
D. Use of a third-party, SAML-based authentication service for attestation
Correct Answer:
B. Use of active directory federation between the company and the cloud-based service
Exam Question 737
Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?
A. NAC
B. VLAN
C. DMZ
D. Subnet
Correct Answer:
C. DMZ
Exam Question 738
Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target?
A. Reconnaissance
B. Initial exploitation
C. Pivoting
D. Vulnerability scanning
E. White box testing
Correct Answer:
A. Reconnaissance
Exam Question 739
A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username “gotcha” and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)
A. Logic bomb
B. Backdoor
C. Keylogger
D. Netstat
E. Tracert
F. Ping
Correct Answer:
B. Backdoor
D. Netstat
Exam Question 740
The POODLE attack is an MITM exploit that affects:
A. TLS1.0 with CBC mode cipher
B. SSLv2.0 with CBC mode cipher
C. SSLv3.0 with CBC mode cipher
D. SSLv3.0 with ECB mode cipher
Correct Answer:
C. SSLv3.0 with CBC mode cipher