SY0-501 CompTIA Security+ Certification Exam Questions and Answers

Questions 4

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

Options:

RAID 0

RAID 1

RAID 5

RAID 10

Buy Now

Questions 5

A coffee company which operates a chain of stores across a large geographical area is deploying tablets to use as point-of-sale devices. A security consultant has been given the following requirements:

• The cashiers must be able to log in to the devices quickly.

• The devices must be compliant with applicable regulations for credit card usage

• The risk or loss or theft of the devices must be minimized

• If devices are lost or stolen, all data must be removed from the device

• The devices must be capable of being managed from a centralized location

Which of the following should the security consultant configure in the MDM policies for the tablets? (Select TWO)

Options:

Remote wipe

Cable locks

Screen locks

Geofencing

GPS tagging

Carrier unlocking

Buy Now

Questions 6

After successfully breaking into several networks and infecting multiple machines with malware. hackers contact the network owners, demanding payment to remove the infection and decrypt files. The hackers threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers?

Options:

Gray hat hackers

Organized crime

Insiders

Hacktivists

Buy Now

Questions 7

Staff members of an organization received an email message from the Chief Executive Officer (CEO) asking them for an urgent meeting in the main conference room. When the staff assembled, they learned the message received was not actually from the CEO. Which of the following BEST represents what happened?

Options:

Spear phoshing attack

Whaling attack

Phishing attack

Vishing attack

Buy Now

Questions 8

A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

Options:

SIEM

DLP

CASB

SWG

Buy Now

Questions 9

Which of the following is an example of federated access management?

Options:

Windows passing user credentials on a peer-to-peer network

Applying a new user account with a complex password

Implementing a AAA framework for network access

Using a popular website login to provide access to another website

Buy Now

Questions 10

An organization was recently compromised by an attacker who used a server certificate with the company's domain issued by an irrefutable CA. Which of the following should be used to mitigate this risk in the future?

Options:

OCSP

DNSSEC

Corticated pinning

Key escrow

Buy Now

Questions 11

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

Physically move the PC to a separate Internet point of presence.

Create and apply microsegmentation rules.

Emulate the malware in a heavily monitored DMZ segment.

Apply network blacklisting rules for the adversary domain.

Buy Now

Questions 12

Which of the following BEST describes why an air gap is a useful security control?

Options:

It physically isolates two or more networks, therefore helping prevent cross contamination or accidental data spillage.

It requires that files be transferred via USB instead of networks that are potentially vulnerable to hacking, therefore preventing virus infections.

It requires multiple systems administrators with different credentials, therefore providing separation of duties.

It provides physical space between two interlocking doors, therefore providing additional control from unauthorized entry.

Buy Now

Questions 13

A security engineer is concerned about susceptibility to HTTP downgrade attacks because the current customer portal redirects users from port 80 to the secure site on port 443. Which of the following would be MOST appropriate to mitigate the attack?

Options:

DNSSEC

HSTS

Certificate pinning

OCSP

Buy Now

Questions 14

A security analyst is investigating a security breach involving the loss of sensitive data. A user passed the information through social media as vacation photos. Which of the following methods was used to encode the data?

Options:

Obfuscation

Steganography

Hashing

Elliptic curve

Buy Now

Questions 15

A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?

Options:

Use a degausser to sanitize the drives.

Remove the platters from the HDDs and shred them.

Perform a quick format of the HDD drives.

Use software to zero fill all of the hard drives.

Buy Now

Questions 16

Users are attempting to access a company's website but are transparently redirected to another website. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the future?

Options:

DNSSEC

HTTPS

IPSec

TLS/SSL

Buy Now

Questions 17

After a breach, a company has decided to implement a solution to better understand the technique used by the attackers. Which of the following is the BEST solution to be deployed?

Options:

Network analyzer

Protocol analyzer

Honeypot network

Configuration compliance scanner

Buy Now

Questions 18

Which of the following is the MOST likely motivation for a script kiddie threat actor?

Options:

Financial gain

Notoriety

Political expression

Corporate espionage

Buy Now

Questions 19

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

SY0-501 Question 19

Options:

Buy Now

Questions 20

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

SY0-501 Question 20

Options:

Buy Now

Questions 21

For each of the given items, select the appropriate authentication category from the dropdown choices.

Instructions: When you have completed the simulation, please select the Done button to submit.

SY0-501 Question 21

Options:

Buy Now

Questions 22

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

SY0-501 Question 22

Options:

Buy Now

Questions 23

After deploying an antivirus solution on some network-isolated industrial computers, the service desk team received a trouble ticket about the following message being displayed on then computer’s screen:

SY0-501 Question 23

Which of the following would be the SAFEST next step to address the issue?

Options:

Immediately delete the detected file from the quarantine to secure the environment and clear the alert from the antivirus console

Perform a manual antivirus signature update directly from the antivirus vendor's cloud

Centrally activate a full scan for the entire set of industrial computers, looking for new threats

Check the antivirus vendor's documentation about the security modules, incompatibilities, and software whitelisting.

Buy Now

Questions 24

A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center.

Drag and drop the applicable controls to each asset types?

Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.

SY0-501 Question 24

Options:

Buy Now

Questions 25

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

SY0-501 Question 25

Options:

Buy Now

Questions 26

The security administrator has installed a new firewall which implements an implicit DENY policy by default.

INSTRUCTIONS:

Click on the firewall and configure it to allow ONLY the following communication.

1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.

2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port

3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

SY0-501 Question 26

Hot Area:

SY0-501 Question 26

Options:

Buy Now

Questions 27

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

SY0-501 Question 27

Options:

Buy Now

Questions 28

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

SY0-501 Question 28

INSTRUCTIONS

Click on each firewall to do the following:

1. Deny cleartext web traffic

2. Ensure secure management protocols are used.

3. Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.

SY0-501 Question 28

Options:

Buy Now

Questions 29

Drag and drop the correct protocol to its default port.

SY0-501 Question 29

Options:

Buy Now

Questions 30

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1)

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2)

All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

SY0-501 Question 30

Options:

Buy Now

Questions 31

A security auditor is reviewing the following output from file integrity monitoring software installed on a very busy server at a large service provider. The server has not been updates since it was installed. Drag and drop the log entry that identifies the first instance of server compromise.

SY0-501 Question 31

Options:

Buy Now

Questions 32

Task: Configure the firewall (fill out the table) to allow these four rules:

Only allow the Accounting computer to have HTTPS access to the Administrative server.
Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2

SY0-501 Question 32

Options:

Buy Now

Answer:

See the solution below.

Explanation:

Use the following answer for this simulation task.

Below table has all the answers required for this question.

Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule's criteria:

Block the connection Allow the connection

Allow the connection only if it is secured

TCP is responsible for providing a reliable, one-to-one, connection-oriented session. TCP establishes a connection and ensures that the other end receives any packets sent.

Two hosts communicate packet results with each other. TCP also ensures that packets are decoded and sequenced properly. This connection is persistent during the session.

When the session ends, the connection is torn down.

UDP provides an unreliable connectionless communication method between hosts. UDP is considered a best-effort protocol, but it's considerably faster than TCP.

The sessions don't establish a synchronized session like the kind used in TCP, and UDP doesn't guarantee error-free communications.

The primary purpose of UDP is to send small packets of information.

The application is responsible for acknowledging the correct reception of the data. Port 22 is used by both SSH and SCP with UDP.

Port 443 is used for secure web connections? HTTPS and is a TCP port.

Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication between 10.4.255.10/24 (Accounting) and 10.4.255.101 (Administrative server1) Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2 (server2)

Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication between: 10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1)

10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2)

Questions 33

You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.

Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

SY0-501 Question 33

Options:

Buy Now

Questions 34

Select the appropriate attack from each drop down list to label the corresponding illustrated attack.

Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

SY0-501 Question 34

Options:

Buy Now

Answer:

Explanation:

1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

2: The Hoax in this question is designed to make people believe that the fake AV (anti- virus) software is genuine.

3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.

4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page.

5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

References: http://searchsecurity.techtarget.com/definition/spear-phishing http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html http://www.webopedia.com/TERM/P/pharming.html

Questions 35

For each of the given items, select the appropriate authentication category from the drop down choices.

Select the appropriate authentication type for the following items:

SY0-501 Question 35

Options:

Buy Now

Questions 36

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

SY0-501 Question 36

Options:

Buy Now

Questions 37

Task: Determine the types of attacks below by selecting an option from the dropdown list.

SY0-501 Question 37

Options:

Buy Now

Answer:

Explanation:

A: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

B: Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats.

C: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.

D: SPIM is a term sometimes used to refer to spam over IM (Instant Messaging). It's also called just spam, instant spam, or IM marketing. No matter what the name, it consists of unwanted messages transmitted through some form of instant messaging service, which can include Short Message Service (SMS)

E: Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter. A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appealing to vanity, appealing to authority, appealing to greed, and old-fashioned eavesdropping are other typical social engineering techniques.

http://www.webopedia.com/TERM/P/phishing.html

http://www.techopedia.com/definition/28643/whaling

http://www.webopedia.com/TERM/V/vishing.html

http://searchsecurity.techtarget.com/definition/social-engineering

Questions 38

You have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls. Please implement the following requirements:

The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the expensive iris render.

The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a passphrase on the customer receipts.

In the Data Center you need to include authentication from the "something you know" category and take advantage of the existing smartcard reader on the door.

In the Help Desk Office, you need to require single factor authentication through the use of physical tokens given to guests by the receptionist.

The PII Office has redundant security measures in place. You need to eliminate the redundancy while maintaining three-factor authentication and retaining the more expensive controls.

SY0-501 Question 38

Instructions: The original security controls for each office can be reset at any time by selecting the Reset button. Once you have met the above requirements for each office, select the Save button. When you have completed the entire simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

SY0-501 Question 38

Options:

Buy Now

Questions 39

A security administrator is given the security and availability profiles for servers that are being deployed.

Match each RAID type with the correct configuration and MINIMUM number of drives.
Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions:

All drive definitions can be dragged as many times as necessary
Not all placeholders may be filled in the RAID configuration boxes
If parity is required, please select the appropriate number of parity checkboxes
Server profiles may be dragged only once

If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

SY0-501 Question 39

Options:

Buy Now

Questions 40

A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all.

SY0-501 Question 40

Options:

Buy Now

Questions 41

A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.

You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses.

Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

SY0-501 Question 41

Options:

Buy Now

Questions 42

Which of the following must be updated prior to conducting weekly cyber hygiene scans of a network?

Options:

WIDS settings

Rainbow tables

Antivirus definitions

Vulnerability signatures

Buy Now

Questions 43

A company has purchased a new SaaS application and is in the process of configuring it to meet the company’s needs. The director of security has requested that the SaaS application be integrated into the company’s IAM processes. Which of the following configurations should the security administrator set up in order to complete this request?

Options:

LDAP

RADIUS

SAML

NTLM

Buy Now

Questions 44

A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?

Options:

VLAN

Air gap

NAT

Firewall

Buy Now

Questions 45

A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output:

Time: 12/25 0300

From Zone: Untrust

To Zone: DMZ

Attacker: externalip.com

Victim: 172.16.0.20

To Port: 80

Action: Alert

Severity: Critical

When examining the PCAP associated with the event, the security administrator finds the following information:

Which of the following actions should the security administrator take?

Options:

Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.

Manually copy the

Summer Sale - Special Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

marks4sure logo

Navigation:

SY0-501 CompTIA Security+ Certification Exam Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options: