The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 781
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements?
A. 192.168.0.16 255.25.255.248
B. 192.168.0.16/28
C. 192.168.1.50 255.255.25.240
D. 192.168.2.32/27
Correct Answer:
B. 192.168.0.16/28
Exam Question 782
The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers’ names and credit card numbers with the PIN.
Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?
A. Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted
B. Create a user training program to identify the correct use of email and perform regular audits to ensure compliance
C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
D. Classify all data according to its sensitivity and inform the users of data that is prohibited to share
Correct Answer:
C. Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
Exam Question 783
Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure?
A. MOU
B. ISA
C. BPA
D. SLA
Correct Answer:
D. SLA
Exam Question 784
Which of the following is commonly used for federated identity management across multiple organizations?
A. SAML
B. Active Directory
C. Kerberos
D. LDAP
Correct Answer:
A. SAML
Exam Question 785
A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely utilizing?
A. Header manipulation
B. Cookie hijacking
C. Cross-site scripting
D. Xml injection
Correct Answer:
A. Header manipulation
Exam Question 786
Which of the following allows an auditor to test proprietary-software compiled code for security flaws?
A. Fuzzing
B. Static review
C. Code signing
D. Regression testing
Correct Answer:
A. Fuzzing
Exam Question 787
A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions, and registry values known to be associated with system vulnerabilities. Which of the following BEST describes the type of scan being performed?
A. Non-intrusive
B. Authenticated
C. Credentialed
D. Active
Correct Answer:
C. Credentialed
Exam Question 788
A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach.
Which of the following is MOST likely the cause?
A. Insufficient key bit length
B. Weak cipher suite
C. Unauthenticated encryption method
D. Poor implementation
Correct Answer:
D. Poor implementation
Exam Question 789
A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture quickly with regard to targeted attacks.
Which of the following should the CSO conduct FIRST?
A. Survey threat feeds from services inside the same industry.
B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic
C. Conduct an internal audit against industry best practices to perform a qualitative analysis.
D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
Correct Answer:
A. Survey threat feeds from services inside the same industry.
Exam Question 790
A security architect has convened a meeting to discuss an organization’s key management policy. The organization has a reliable internal key management system, and some argue that it would be best to manage the cryptographic keys internally as opposed to using a solution from a third party. The company should use:
A. the current internal key management system.
B. a third-party key management system that will reduce operating costs.
C. risk benefits analysis results to make a determination.
D. a software solution including secure key escrow capabilities.
Correct Answer:
C. risk benefits analysis results to make a determination.