CompTIA Security+ (SY0-501) Exam Questions and Answers

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Question 131: Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?

A. Protocol analyzer
B. Vulnerability scan
C. Penetration test
D. Port scanner

Question 132: A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued.
Which of the following should the administrator submit to receive a new certificate?

A. CRL
B. OSCP
C. PFX
D. CSR
E. CA

Question 133: A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it.
Which of the following should be done to prevent this scenario from occurring again in the future?

A. Install host-based firewalls on all computers that have an email client installed
B. Set the email program default to open messages in plain text
C. Install end-point protection on all computers that access web email
D. Create new email spam filters to delete all messages from that sender

Question 134: A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage.
Which of the following should be implemented?

A. Recovery agent
B. Ocsp
C. Crl
D. Key escrow

Question 135: An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection.
Which of the following AES modes of operation would meet this integrity-only requirement?

A. HMAC
B. PCBC
C. CBC
D. GCM
E. CFB

Question 136: The chief security officer (CSO) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs.
Which of the following is the best solution for the network administrator to secure each internal website?

A. Use certificates signed by the company CA
B. Use a signing certificate as a wild card certificate
C. Use certificates signed by a public ca
D. Use a self-signed certificate on each internal server

Question 137: A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base.
Which of the following methods will produce a report which shows vulnerabilities that were actually exploited?

A. Peer review
B. Component testing
C. Penetration testing
D. Vulnerability testing

Question 138: A new intern in the purchasing department requires read access to shared documents. Permissions are normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow write access.
Which of the following would be the BEST course of action?

A. Modify all the shared files with read only permissions for the intern.
B. Create a new group that has only read permissions for the files.
C. Remove all permissions for the shared files.
D. Add the intern to the “Purchasing” group.

Question 139: During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited?

A. Reporting
B. Preparation
C. Mitigation
D. Lessons Learned

Question 140: Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home.
Joe is concerned that another patron of the coffee shop may be trying to access his laptop.
Which of the following is an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?

A. full-disk encryption
B. Host-based firewall
C. Current antivirus definitions
D. Latest OS updates

Keyword: SY0-501 Free Exam Dumps, SY0-501 Exam Questions, SY0-501 Exam Dumps, SY0-501 Braindumps, SY0-501 Real Questions, SY0-501 Practice Test, SY0-501 Practice Exam, SY0-501 Free Test, SY0-501 Free Questions, SY0-501 Real Exam Questions and Answers, SY0-501 VCE Dumps, SY0-501 ETE Dumps, SY0-501 PDF Dumps, and SY0-501 Study Guide.

Published by Emma Watson

, an Information Technology Engineer By qualification who loves to write about Windows, macOS and technical solutions for various error and problems. Coming from a solid background in PC building and software development, with complete expertise in touch-based devices, I am constantly keeping an eye out for the latest and greatest!