CompTIA Security+ SY0-501 Exam Questions and Answers – Page 9

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Exam Question 881

An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?

A. Web application firewall
B. SIEM
C. IPS
D. UTM
E. File integrity monitor

Correct Answer:
B. SIEM

Exam Question 882

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

A. federation.
B. a remote access policy.
C. multifactor authentication.
D. single sign-on.

Correct Answer:
A. federation.

Exam Question 883

A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost?

A. RAID 0
B. RAID 1
C. RAID 2
D. RAID 3

Correct Answer:
B. RAID 1

Exam Question 884

Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

A. Install a definition-based antivirus.
B. Implement an IDS/IPS.
C. Implement a heuristic behavior-detection solution.
D. Implement CASB to protect the network shares.

Correct Answer:
B. Implement an IDS/IPS.

Exam Question 885

A security analyst discovers that a company’s username and password database was posted on an Internet forum. The username and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A. Create DLP controls that prevent documents from leaving the network
B. Implement salting and hashing.
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements.

Correct Answer:
B. Implement salting and hashing.

Exam Question 886

In a lessons-learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated?

A. Nation-state
B. Hacktivist
C. Insider
D. Competitor

Correct Answer:
A. Nation-state

Exam Question 887

Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerability signatures?

A. Preventive
B. Corrective
C. Compensating
D. Detective

Correct Answer:
D. Detective

Exam Question 888

An attacker is attempting to harvest user credentials on a client’s website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:
The username you entered does not exist.
Which of the following should the analyst recommend be enabled?

A. Input validation
B. Obfuscation
C. Error handling
D. Username lockout

Correct Answer:
C. Error handling

Exam Question 889

During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

A. ARO/ALE
B. MTTR/MTBF
C. RTO/RPO
D. Risk assessment

Correct Answer:
C. RTO/RPO

Exam Question 890

When a malicious user is able to retrieve sensitive information from RAM, the programmer has failed to implement:

A. session keys.
B. encryption of data at rest.
C. encryption of data in use.
D. ephemeral keys.

Correct Answer:
C. encryption of data in use.