CompTIA Security+ (SY0-501) Exam Questions and Answers

The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.

Question 671: A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform?

A. Pass-the-hash attack
B. ARP poisoning attack
C. Birthday attack
D. Brute force attack

Question 672: Which of the following is the main difference an XSS vulnerability and a CSRF vulnerability?

A. XSS needs the attacker to be authenticated to the trusted server.
B. XSS does not need the victim to be authenticated to the trusted server.
C. CSRF needs the victim to be authenticated to the trusted server.
D. CSRF does not need the victim to be authenticated to the trusted server.
E. CSRF does not need the attacker to be authenticated to the trusted server.

Question 673: A small- to medium-sized company wants to block the use of USB devices on its network. Which of the following is the MOST cost-effective way for the security analyst to prevent this?

A. Implement a DLP system
B. Apply a GPO
C. Conduct user awareness training
D. Enforce the AUP.

Question 674: Users are attempting to access a company’s website but are transparently redirected to another websites.
The users confirm the URL is correct. Which of the following would BEST prevent this issue in the futue?

A. DNSSEC
B. HTTPS
C. IPSec
D. TLS/SSL

Question 675: A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item as checkout. Which of the following
BEST describes this type of user?

A. Insider
B. Script kiddie
C. Competitor
D. Hacktivist
E. APT

Question 676: An employee workstation with an IP address of 204.211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/24 after a firewall upgrade. The active firewall rules are as follows:

The active firewall rules are as follows
The active firewall rules are as follows

Assuming port numbers have not been changed from their defaults, which of the following should be modified to allow printing to the network printer?

A. The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP
B. The deny statement for 204.211.38.52/24 should be changed to a permit statement
C. The permit statement for 204.211.38.52/24 should be changed to UDP port 443 instead of 631
D. The permit statement for 204.211.38.211/24 should be changed to TCP port 631 only instead of ALL

Question 677: A security analyst is assessing a small company’s internal servers against recommended security practices.
Which of the following should the analyst do to conduct the assessment? (Choose two.)

A. Compare configurations against platform benchmarks
B. Confirm adherence to the company’s industry-specific regulations
C. Review the company’s current security baseline
D. Verify alignment with policy related to regulatory compliance
E. Run an exploitation framework to confirm vulnerabilities

Question 678: Students at a residence hall are reporting Internet connectivity issues. The university’s network administrator configured the residence hall’s network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall’s network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation?

A. Router ACLs
B. BPDU guard
C. Flood guard
D. DHCP snooping

Question 679: An organization has an account management policy that defines parameters around each type of account.
The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners?

A. Guest account
B. User account
C. Shared account
D. Privileged user account
E. Default account
F. Service account

Question 680: A security analyst is implementing PKI-based functionality to a web application that has the following requirements:

  • File contains certificate information
  • Certificate chains
  • Root authority certificates
  • Private key

All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements?

A. .pfx certificate
B. .cer certificate
C. .der certificate
D. .crt certificate

Keyword: SY0-501 Free Exam Dumps, SY0-501 Exam Questions, SY0-501 Exam Dumps, SY0-501 Braindumps, SY0-501 Real Questions, SY0-501 Practice Test, SY0-501 Practice Exam, SY0-501 Free Test, SY0-501 Free Questions, SY0-501 Real Exam Questions and Answers, SY0-501 VCE Dumps, SY0-501 ETE Dumps, SY0-501 PDF Dumps, and SY0-501 Study Guide.

Published by Emma Watson

, an Information Technology Engineer By qualification who loves to write about Windows, macOS and technical solutions for various error and problems. Coming from a solid background in PC building and software development, with complete expertise in touch-based devices, I am constantly keeping an eye out for the latest and greatest!