The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 11
An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?
A. RTO
B. RPO
C. MTBF
D. MTTR
Correct Answer:
A. RTO
Exam Question 12
Which of the following types of keys is found in a key escrow?
A. Public
B. Private
C. Shared
D. Session
Correct Answer:
B. Private
Exam Question 13
Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Choose two.)
A. Password expiration
B. Password length
C. Password complexity
D. Password history
E. Password lockout
Correct Answer:
C. Password complexity
D. Password history
Exam Question 14
Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?
A. Private
B. Hybrid
C. Public
D. Community
Correct Answer:
D. Community
Exam Question 15
A company is currently using the following configuration:
- IAS server with certificate-based EAP-PEAP and MSCHAP
- Unencrypted authentication via PAP
A security administrator needs to configure a new wireless setup with the following configurations:
- PAP authentication method
- PEAP and EAP provide two-factor authentication
Which of the following forms of authentication are being used? (Choose two.)
A. PAP
B. PEAP
C. MSCHAP
D. PEAP- MSCHAP
E. EAP
F. EAP-PEAP
Correct Answer:
A. PAP
C. MSCHAP
Exam Question 16
A company determines that it is prohibitively expensive to become compliant with new credit card regulations. Instead, the company decides to purchase insurance to cover the cost of any potential loss.
Which of the following is the company doing?
A. Transferring the risk
B. Accepting the risk
C. Avoiding the risk
D. Migrating the risk
Correct Answer:
A. Transferring the risk
Exam Question 17
Users report the following message appears when browsing to the company’s secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Choose two.)
A. Verify the certificate has not expired on the server.
B. Ensure the certificate has a .pfx extension on the server.
C. Update the root certificate into the client computer certificate store.
D. Install the updated private key on the web server.
E. Have users clear their browsing history and relaunch the session.
Correct Answer:
A. Verify the certificate has not expired on the server.
C. Update the root certificate into the client computer certificate store.
Exam Question 18
Malicious traffic from an internal network has been detected on an unauthorized port on an application server.
Which of the following network-based security controls should the engineer consider implementing?
A. ACLs
B. HIPS
C. NAT
D. MAC filtering
Correct Answer:
A. ACLs
Exam Question 19
A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?
A. DMZ
B. NAT
C. VPN
D. PAT
Correct Answer:
C. VPN
Exam Question 20
Which of the following encryption methods does PKI typically use to securely protect keys?
A. Elliptic curve
B. Digital signatures
C. Asymmetric
D. Obfuscation
Correct Answer:
C. Asymmetric