comptia sy0-501 practice test

CompTIA Security+


Question 1

A systems administrator wants to configure an enterprise wireless solution that supports authentication over HTTPS and
wireless encryption using AES. Which of the following should the administrator configure to support these requirements?
(Choose two.)

  • A. 802.1X
  • B. RADIUS federation
  • C. WPS
  • D. Captive portal
  • E. WPA2
  • F. WDS
Answer:

A E

Discussions

Question 2

Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information
obtained from service banners?

  • A. False positive
  • B. Passive reconnaissance
  • C. Access violation
  • D. Privilege escalation
Answer:

A

Discussions

Question 3

The phones at a business are being replaced with VoIP phones that get plugged in-line between the switch and PC. The
voice and data networks still need to be kept separate. Which of the following would allow for this?

  • A. NAT
  • B. Intranet
  • C. Subnetting
  • D. VLAN
Answer:

D

Discussions

Question 4

After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of
confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to
generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?

  • A. One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
  • B. One key pair will be used for encryption. The other key pair will provide extended validation.
  • C. Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
  • D. One key pair will be used for internal communication, and the other will be used for external communication.
Answer:

A

Discussions

Question 5

The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST
to ensure the objective?

  • A. Authentication
  • B. HVAC
  • C. Full-disk encryption
  • D. File integrity checking
Answer:

B

Discussions

Question 6

Which of the following provides PFS?

  • A. AES
  • B. RC4
  • C. DHE
  • D. HMAC
Answer:

C

Discussions

Question 7

An application developer is working on a new calendar and scheduling application. The developer wants to test new
functionality that is time/date dependent and set the local system time to one year in the future. The application also has a
feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a
separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?

  • A. The date is past the certificate expiration; reset the system to the current time and see if the connection still fails
  • B. The remote server cannot support SHA-256; try another hashing algorithm like SHA-1 and see if the application can connect
  • C. AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach
  • D. SSL is not the correct protocol to use in this situation; change to TLS and try the client-server connection again
Answer:

A

Discussions

Question 8

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the
administrator use?

  • A. Key escrow
  • B. A self-signed certificate
  • C. Certificate chaining
  • D. An extended validation certificate
Answer:

D

Discussions

Question 9

An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization.
The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers
were accessed using shared credentials that have been in place for some time. In addition, the team discovers
undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a
malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?

  • A. Keylogger
  • B. Botnet
  • C. Crypto-malware
  • D. Backdoor
  • E. Ransomware
  • F. DLP
Answer:

D

Discussions

Question 10

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about
what happens to the data on the phone when they leave the company.
Which of the following portions of the company's mobile device management configuration would allow the company data to
be removed from the device without touching the new hire's data?

  • A. Asset control
  • B. Device access control
  • C. Storage lock out
  • D. Storage segmentation
Answer:

D

Discussions
To page 2