CompTIA Security+ SY0-501 Exam Questions and Answers – Page 9

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 891

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.
Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A. perform attribution to specific APTs and nation-state actors.
B. anonymize any PII that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.

Correct Answer:
B. anonymize any PII that is observed within the IoC data.

Exam Question 892

A company that processes sensitive information has implemented a BYOD policy and an MDM solution to secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the following should the company implement to prevent sensitive data from being stored on mobile devices?

A. VDI
B. Storage segmentation
C. Containerization
D. USB OTG
E. Geofencing

Correct Answer:
A. VDI

Exam Question 893

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?

A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups

Correct Answer:
D. Industry information-sharing and collaboration groups

Exam Question 894

Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of security controls, due to differences between the time of commitment and the time of execution?

A. Buffer overflow
B. DLL injection
C. Pointer dereference
D. Race condition

Correct Answer:
A. Buffer overflow

Exam Question 895

An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139.
Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

A. The vulnerability scan output
B. The security logs
C. The baseline report
D. The correlation of events

Correct Answer:
B. The security logs

Exam Question 896

A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Choose two.)

A. Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 22
B. Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 80
C. Permit 10.10.10.0/24 192.168.1.15/24 –p udp –dport 21
D. Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 443
E. Permit 10.10.10.0/24 192.168.1.15/24 –p tcp –dport 53
F. Permit 10.10.10.0/24 192.168.1.15/24 –p udp –dport 53

Correct Answer:
D. Permit 10.10.10.0/24 0.0.0.0 –p tcp –dport 443
E. Permit 10.10.10.0/24 192.168.1.15/24 –p tcp –dport 53

Exam Question 897

A small enterprise decides to implement a warm site to be available for business continuity in case of a disaster. Which of the following BEST meets its requirements?

A. A fully operational site that has all the equipment in place and full data backup tapes on site
B. A site used for its data backup storage that houses a full-time network administrator
C. An operational site requiring some equipment to be relocated as well as data transfer to the site
D. A site staffed with personnel requiring both equipment and data to be relocated there in case of
disaster.

Correct Answer:
C. An operational site requiring some equipment to be relocated as well as data transfer to the site

Exam Question 898

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

A. OAuth
B. SSO
C. SAML
D. PAP

Correct Answer:
C. SAML

Exam Question 899

A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a document on the desktop has disappeared and in its place is an odd filename with no icon image. When clicking on this icon, the user receives a system notification that it cannot find the correct program to use to open this file. Which of the following types of malware has MOST likely targeted this workstation?

A. Rootkit
B. Spyware
C. Ransomware
D. Remote-access Trojan

Correct Answer:
C. Ransomware

Exam Question 900

A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than creating users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?

A. The manufacturing company is the service provider, and the cloud company is the identity provider.
B. The manufacturing company is the authorization provider, and the cloud company is the service provider.
C. The manufacturing company is the identity provider, and the cloud company is the OAuth provider.
D. The manufacturing company is the identity provider, and the cloud company is the service provider.
E. The manufacturing company is the service provider, and the cloud company is the authorization provider.

Correct Answer:
A. The manufacturing company is the service provider, and the cloud company is the identity provider.