The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
Exam Question 71
Which of the following are methods to implement HA in a web application server environment? (Choose two.)
A. Load balancers
B. Application layer firewalls
C. Reverse proxies
D. VPN concentrators
E. Routers
Correct Answer:
A. Load balancers
B. Application layer firewalls
Exam Question 72
Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?
A. Isolating the systems using VLANs
B. Installing a software-based IPS on all devices
C. Enabling full disk encryption
D. Implementing a unique user PIN access functions
Correct Answer:
A. Isolating the systems using VLANs
Exam Question 73
A company was recently audited by a third party. The audit revealed the company’s network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
A. HTTPS
B. LDAPS
C. SCP
D. SNMPv3
Correct Answer:
C. SCP
Exam Question 74
During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit.
Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident?
A. The finding is a false positive and can be disregarded
B. The Struts module needs to be hardened on the server
C. The Apache software on the server needs to be patched and updated
D. The server has been compromised by malware and needs to be quarantined.
Correct Answer:
A. The finding is a false positive and can be disregarded
Exam Question 75
A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols
MUST the security engineer select?
A. EAP-FAST
B. EAP-TLS
C. PEAP
D. EAP
Correct Answer:
C. PEAP
Exam Question 76
Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?
A. Passwords written on the bottom of a keyboard
B. Unpatched exploitable Internet-facing services
C. Unencrypted backup tapes
D. Misplaced hardware token
Correct Answer:
B. Unpatched exploitable Internet-facing services
Exam Question 77
A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?
A. The vulnerability scanner is performing an authenticated scan.
B. The vulnerability scanner is performing local file integrity checks.
C. The vulnerability scanner is performing in network sniffer mode.
D. The vulnerability scanner is performing banner grabbing.
Correct Answer:
C. The vulnerability scanner is performing in network sniffer mode.
Exam Question 78
Which of the following cryptographic algorithms is irreversible?
A. RC4
B. SHA-256
C. DES
D. AES
Correct Answer:
B. SHA-256
Exam Question 79
A security analyst receives an alert from a WAF with the following payload:
var data= “<test test test>” ++ <../../../../../../etc/passwd>”
Which of the following types of attacks is this?
A. Cross-site request forgery
B. Buffer overflow
C. SQL injection
D. JavaScript data insertion
E. Firewall evasion script
Correct Answer:
D. JavaScript data insertion
Exam Question 80
Audit logs from a small company’s vulnerability scanning software show the following findings:
Destinations scanned:
-Server001- Internal human resources payroll server
-Server101-Internet-facing web server
-Server201- SQL server for Server101
-Server301-Jumpbox used by systems administrators accessible from the internal network
Validated vulnerabilities found:
-Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server201-OS updates not fully current
-Server301- Accessible from internal network without the use of jumpbox
-Server301-Vulnerable to highly publicized exploit that can elevate user privileges
Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?
A. Server001
B. Server101
C. Server201
D. Server301
Correct Answer:
B. Server101