CompTIA Security+ SY0-501 Exam Questions and Answers – Page 9

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 821

A system uses an application server and database server. Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams).

The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization’s goals?

A. Restrict privileges on the log file directory to “read only” and use a service account to send a copy of these files to the business unit.
B. Switch administrative privileges for the database and application servers. Give the application team administrative privileges on the database servers and the database team administrative privileges on the application servers.
C. Remove administrative privileges from both the database and application servers, and give the business unit “read only” privileges on the directories where the log files are kept.
D. Give the business unit administrative privileges on both the database and application servers so they can independently monitor server activity.

Correct Answer:
A. Restrict privileges on the log file directory to “read only” and use a service account to send a copy of these files to the business unit.

Exam Question 822

A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns?

A. Sideloading
B. Full device encryption
C. Application management
D. Containerization

Correct Answer:
D. Containerization

Exam Question 823

A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:

The VPN must support encryption of header and payload.

The VPN must route all traffic through the company’s gateway.

Which of the following should be configured on the VPN concentrator?

A. Full tunnel
B. Transport mode
C. Tunnel mode
D. IPSec

Correct Answer:
C. Tunnel mode

Exam Question 824

An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?

A. Ransomware
B. Logic bomb
C. Rootkit
D. Adware

Correct Answer:
C. Rootkit

Exam Question 825

An organization is drafting an IRP and needs to determine which employees have the authority to take systems offline during an emergency situation. Which of the following is being outlined?

A. Reporting and escalation procedures
B. Permission auditing
C. Roles and responsibilities
D. Communication methodologies

Correct Answer:
C. Roles and responsibilities

Exam Question 826

An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussions on the topic, several solutions are proposed.
Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (Choose two.)

A. Containerization
B. FDE
C. Remote wipe capability
D. MDM
E. MFA
F. OTA updates

Correct Answer:
B. FDE
E. MFA

Exam Question 827

Which of the following is the BEST use of a WAF?

A. To protect sites on web servers that are publicly accessible
B. To allow access to web services of internal users of the organization
C. To maintain connection status of all HTTP requests
D. To deny access to all websites with certain contents

Correct Answer:
A. To protect sites on web servers that are publicly accessible

Exam Question 828

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and server. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

A. Install a NIDS device at the boundary.
B. Segment the network with firewalls.
C. Update all antivirus signatures daily.
D. Implement application blacklisting.

Correct Answer:
B. Segment the network with firewalls.

Exam Question 829

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum

Correct Answer:
A. Nmap

Exam Question 830

An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance’s vulnerable state?

A. The system was configured with weak default security settings.
B. The device uses weak encryption ciphers.
C. The vendor has not supplied a patch for the appliance.
D. The appliance requires administrative credentials for the assessment.

Correct Answer:
C. The vendor has not supplied a patch for the appliance.