The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 91
A company is developing a new system that will unlock a computer automatically when an authorized user sits in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability?
A. Facial recognition
B. Fingerprint scanner
C. Motion detector
D. Smart cards
Correct Answer:
A. Facial recognition
Exam Question 92
A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability?
A. Application fuzzing
B. Error handling
C. Input validation
D. Pointer dereference
Correct Answer:
C. Input validation
Exam Question 93
Which of the following differentiates a collision attack from a rainbow table attack?
A. A rainbow table attack performs a hash lookup
B. A rainbow table attack uses the hash as a password
C. In a collision attack, the hash and the input data are equivalent
D. In a collision attack, the same input results in different hashes
Correct Answer:
A. A rainbow table attack performs a hash lookup
Exam Question 94
A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?
A. The certificate was self signed, and the CA was not imported by employees or customers
B. The root CA has revoked the certificate of the intermediate CA
C. The valid period for the certificate has passed, and a new certificate has not been issued
D. The key escrow server has blocked the certificate from being validated
Correct Answer:
B. The root CA has revoked the certificate of the intermediate CA
Exam Question 95
A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?
A. It can protect multiple domains
B. It provides extended site validation
C. It does not require a trusted certificate authority
D. It protects unlimited subdomains
Correct Answer:
B. It provides extended site validation
Exam Question 96
A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle.
Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?
A. Architecture review
B. Risk assessment
C. Protocol analysis
D. Code review
Correct Answer:
D. Code review
Exam Question 97
Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field.
Which of the following has the application programmer failed to implement?
A. Revision control system
B. Client side exception handling
C. Server side validation
D. Server hardening
Correct Answer:
C. Server side validation
Exam Question 98
An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine.
Which of the following is being described?
A. Zero-day exploit
B. Remote code execution
C. Session hijacking
D. Command injection
Correct Answer:
A. Zero-day exploit
Exam Question 99
Company policy requires the use if passphrases instead if passwords.
Which of the following technical controls MUST be in place in order to promote the use of passphrases?
A. Reuse
B. Length
C. History
D. Complexity
Correct Answer:
B. Length
Exam Question 100
Which of the following should identify critical systems and components?
A. MOU
B. BPA
C. ITCP
D. BCP
Correct Answer:
D. BCP