The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Question 561: A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)
C. dig –axfr comptia.org @example.org
D. ipconfig /flushDNS
ifconfig eth0 down
ifconfig eth0 up
F. dig @example.org comptia.org
C. dig –axfr comptia.org @example.org
Question 562: A systems administrator is reviewing the following information from a compromised server:
Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?
Question 563: As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed?
A. Black box
C. White box
Question 564: An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request.
Which of the following secure protocols is the developer MOST likely to use?
Question 565: A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.)
B. Remote wipe
C. Near-field communication
D. Push notification services
Question 566: A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)
Question 567: Which of the following AES modes of operation provide authentication? (Select two.)
Question 568: system’s administrator has finished configuring firewall ACL to allow access to a new web server.
PERMIT TCP from: ANY to: 192.168.1.10:80
PERMIT TCP from: ANY to: 192.168.1.10:443
DENY TCP from: ANY to: ANY
The security administrator confirms form the following packet capture that there is network traffic from the internet to the web server:
TCP 10.23.243.2:2000->192.168.1.10:80 POST/default's
TCP 172.16.4.100:1934->192.168.1.10:80 GET/session.aspx?user1_sessionid=a12ad8741d8f7e7ac723847cBaa8231a
The company’s internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?
A. Misconfigured firewall
B. Clear text credentials
C. Implicit deny
D. Default configuration
Question 569: An in-house penetration tester is using a packet capture device to listen in on network communications.
This is an example of:
A. Passive reconnaissance
C. Escalation of privileges
D. Exploiting the switch
Question 570: A development team has adopted a new approach to projects in which feedback is iterative and multiple iterations of deployments are provided within an application’s full life cycle. Which of the following software development methodologies is the development team using?
Keyword: SY0-501 Free Exam Dumps, SY0-501 Exam Questions, SY0-501 Exam Dumps, SY0-501 Braindumps, SY0-501 Real Questions, SY0-501 Practice Test, SY0-501 Practice Exam, SY0-501 Free Test, SY0-501 Free Questions, SY0-501 Real Exam Questions and Answers, SY0-501 VCE Dumps, SY0-501 ETE Dumps, SY0-501 PDF Dumps, and SY0-501 Study Guide.