CompTIA Security+ (SY0-501) Exam Questions and Answers

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Question 661: A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console:
The computer has not reported status in 30 days.
Given this scenario, which of the following statements BEST represents the issue with the output above?

A. The computer in question has not pulled the latest ACL policies for the firewall.
B. The computer in question has not pulled the latest GPO policies from the management server.
C. The computer in question has not pulled the latest antivirus definitions from the antivirus program.
D. The computer in question has not pulled the latest application software updates.

Question 662: A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server:

A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server
A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server

Which of the following did the security administrator discover?

A. Ransomeware
B. Backdoor
C. Logic bomb
D. Trojan

Question 663: A systems administrator is deploying a new mission essential server into a virtual environment. Which of the following is BEST mitigated by the environment’s rapid elasticity characteristic?

A. Data confidentiality breaches
B. VM escape attacks
C. Lack of redundancy
D. Denial of service

Question 664: Confidential emails from an organization were posted to a website without the organization’s knowledge.
Upon investigation, it was determined that the emails were obtained from an internal actor who sniffed the emails in plain text.
Which of the following protocols, if properly implemented, would have MOST likely prevented the emails from being sniffed? (Select TWO)

A. Secure IMAP
B. DNSSEC
C. S/MIME
D. SMTPS
E. HTTPS

Question 665: A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized.
Which of the following solutions would BEST meet these requirements?

A. Multifactor authentication
B. SSO
C. Biometrics
D. PKI
E. Federation

Question 666: Which of the following is an asymmetric function that generates a new and separate key every time it runs?

A. RSA
B. DSA
C. DHE
D. HMAC
E. PBKDF2

Question 667: A security administrator has configured a RADIUS and a TACACS+ server on the company’s network.
Network devices will be required to connect to the TACACS+ server for authentication and send accounting information to the RADIUS server. Given the following information:
RADIUS IP: 192.168.20.45
TACACS+ IP: 10.23.65.7

Which of the following should be configured on the network clients? (Select two.)

A. Accounting port: TCP 389
B. Accounting port: UDP 1812
C. Accounting port: UDP 1813
D. Authentication port: TCP 49
E. Authentication port: TCP 88
F. Authentication port: UDP 636

Question 668: A security analyst is hardening a large-scale wireless network. The primary requirements are the following:

  • Must use authentication through EAP-TLS certificates
  • Must use an AAA server
  • Must use the most secure encryption protocol

Given these requirements, which of the following should the analyst implement and recommend? (Select TWO.)

A. 802.1X
B. 802.3
C. LDAP
D. TKIP
E. CCMP
F. WPA2-PSK

Question 669: A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS?

A. Network tap
B. Network proxy
C. Honeypot
D. Port mirroring

Question 670: An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network. Which of the following would be MOST appropriate based on the engineer’s requirements?

A. NIPS
B. HIDS
C. Web proxy
D. Elastic load balancer
E. NAC

Keyword: SY0-501 Free Exam Dumps, SY0-501 Exam Questions, SY0-501 Exam Dumps, SY0-501 Braindumps, SY0-501 Real Questions, SY0-501 Practice Test, SY0-501 Practice Exam, SY0-501 Free Test, SY0-501 Free Questions, SY0-501 Real Exam Questions and Answers, SY0-501 VCE Dumps, SY0-501 ETE Dumps, SY0-501 PDF Dumps, and SY0-501 Study Guide.

Published by Emma Watson

, an Information Technology Engineer By qualification who loves to write about Windows, macOS and technical solutions for various error and problems. Coming from a solid background in PC building and software development, with complete expertise in touch-based devices, I am constantly keeping an eye out for the latest and greatest!