Top Quality SY0-501 Free Practice Questions 2021

Exam Code: SY0-501 (), Exam Name: CompTIA Security+ Certification Exam, Certification Provider: CompTIA Certifitcation, Free Today! Guaranteed Training- Pass SY0-501 Exam.

Free demo questions for CompTIA SY0-501 Exam Dumps Below:

NEW QUESTION 1
A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential
monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)

  • A. ALE
  • B. AV
  • C. ARO
  • D. EF
  • E. ROI

Answer: BD

NEW QUESTION 2
A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security?

  • A. Insider threats
  • B. Privilege escalation
  • C. Hacktivist
  • D. Phishing through social media
  • E. Corporate espionage

Answer: A

NEW QUESTION 3
An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected. Which of the following is the MOST appropriate actions to take?

  • A. Flip the documents face down so no one knows these documents are PII sensitive
  • B. Shred the documents and let the owner print the new set
  • C. Retrieve the documents, label them with a PII cover sheet, and return them to the printer
  • D. Report to the human resources manager that their personnel are violating a privacy policy

Answer: D

NEW QUESTION 4
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network?

  • A. Upgrade the encryption to WPA or WPA2
  • B. Create a non-zero length SSID for the wireless router
  • C. Reroute wireless users to a honeypot
  • D. Disable responses to a broadcast probe request

Answer: D

NEW QUESTION 5
A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant. Given this scenario, which of the following would be the BEST method of configuring the load balancer?

  • A. Round-robin
  • B. Weighted
  • C. Least connection
  • D. Locality-based

Answer: D

NEW QUESTION 6
Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?

  • A. Roll back changes in the test environment
  • B. Verify the hashes of files
  • C. Archive and compress the files
  • D. Update the secure baseline

Answer: B

NEW QUESTION 7
When attackers use a compromised host as a platform for launching attacks deeper into a company's network, it is said that they are:

  • A. escalating privilege
  • B. becoming persistent
  • C. fingerprinting
  • D. pivoting

Answer: D

NEW QUESTION 8
A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized. Which of the following solutions would BEST meet these requirements?

  • A. Multifactor authentication
  • B. SSO
  • C. Biometrics
  • D. PKI
  • E. Federation

Answer: B

NEW QUESTION 9
An attack that is using interference as its main attack to impede network traffic is which of the following?

  • A. Introducing too much data to a targets memory allocation
  • B. Utilizing a previously unknown security flaw against the target
  • C. Using a similar wireless configuration of a nearby network
  • D. Inundating a target system with SYN requests

Answer: C

NEW QUESTION 10
Which of the following types of attacks precedes the installation of a rootkit on a server?

  • A. Pharming
  • B. DDoS
  • C. Privilege escalation
  • D. DoS

Answer: C

NEW QUESTION 11
A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access?

  • A. Phishing
  • B. Man-in-the-middle
  • C. Tailgating
  • D. Watering hole
  • E. Shoulder surfing

Answer: C

NEW QUESTION 12
The administrator installs database software to encrypt each field as it is written to disk. Which of the following describes the encrypted data?

  • A. In-transit
  • B. In-use
  • C. Embedded
  • D. At-rest

Answer: B

NEW QUESTION 13
After correctly configuring a new wireless enabled thermostat to control the temperature of the company's meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internetbased control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

  • A. The company implements a captive portal
  • B. The thermostat is using the incorrect encryption algorithm
  • C. the WPA2 shared likely is incorrect
  • D. The company's DHCP server scope is full

Answer: C

NEW QUESTION 14
Which of the following components of printers and MFDs are MOST likely to be used as vectors of compromise if they are improperly configured?

  • A. Embedded web server
  • B. Spooler
  • C. Network interface
  • D. LCD control panel

Answer: A

NEW QUESTION 15
A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT?

  • A. Document and lock the workstations in a secure area to establish chain of custody
  • B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse
  • C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working
  • D. Document findings and processes in the after-action and lessons learned report

Answer: D

NEW QUESTION 16
Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

  • A. Buffer overflow
  • B. MITM
  • C. XSS
  • D. SQLi

Answer: C

NEW QUESTION 17
A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is a hurricane-affected area and the disaster recovery site is 100 mi (161 km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?

  • A. Hot site
  • B. Warm site
  • C. Cold site
  • D. Cloud-based site

Answer: D

100% Valid and Newest Version SY0-501 Questions & Answers shared by Surepassexam, Get Full Dumps HERE: https://www.surepassexam.com/SY0-501-exam-dumps.html (New 540 Q&As)