comptia sy0-501 practice test

CompTIA Security+

page 1 out of 76

Viewing questions 1-15 out of 1132


Question 1

A systems administrator wants to configure an enterprise wireless solution that supports authentication over HTTPS and
wireless encryption using AES. Which of the following should the administrator configure to support these requirements?
(Choose two.)

  • A. 802.1X
  • B. RADIUS federation
  • C. WPS
  • D. Captive portal
  • E. WPA2
  • F. WDS
Answer:

A E

Discussions
0 / 1000

Question 2

Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information
obtained from service banners?

  • A. False positive
  • B. Passive reconnaissance
  • C. Access violation
  • D. Privilege escalation
Answer:

A

Discussions
0 / 1000

Question 3

The phones at a business are being replaced with VoIP phones that get plugged in-line between the switch and PC. The
voice and data networks still need to be kept separate. Which of the following would allow for this?

  • A. NAT
  • B. Intranet
  • C. Subnetting
  • D. VLAN
Answer:

D

Discussions
0 / 1000

Question 4

After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of
confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to
generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?

  • A. One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
  • B. One key pair will be used for encryption. The other key pair will provide extended validation.
  • C. Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
  • D. One key pair will be used for internal communication, and the other will be used for external communication.
Answer:

A

Discussions
0 / 1000

Question 5

The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST
to ensure the objective?

  • A. Authentication
  • B. HVAC
  • C. Full-disk encryption
  • D. File integrity checking
Answer:

B

Discussions
0 / 1000

Question 6

Which of the following provides PFS?

  • A. AES
  • B. RC4
  • C. DHE
  • D. HMAC
Answer:

C

Discussions
0 / 1000

Question 7

An application developer is working on a new calendar and scheduling application. The developer wants to test new
functionality that is time/date dependent and set the local system time to one year in the future. The application also has a
feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a
separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?

  • A. The date is past the certificate expiration; reset the system to the current time and see if the connection still fails
  • B. The remote server cannot support SHA-256; try another hashing algorithm like SHA-1 and see if the application can connect
  • C. AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach
  • D. SSL is not the correct protocol to use in this situation; change to TLS and try the client-server connection again
Answer:

A

Discussions
0 / 1000

Question 8

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the
administrator use?

  • A. Key escrow
  • B. A self-signed certificate
  • C. Certificate chaining
  • D. An extended validation certificate
Answer:

D

Discussions
0 / 1000

Question 9

An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization.
The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers
were accessed using shared credentials that have been in place for some time. In addition, the team discovers
undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a
malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?

  • A. Keylogger
  • B. Botnet
  • C. Crypto-malware
  • D. Backdoor
  • E. Ransomware
  • F. DLP
Answer:

D

Discussions
0 / 1000

Question 10

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about
what happens to the data on the phone when they leave the company.
Which of the following portions of the company's mobile device management configuration would allow the company data to
be removed from the device without touching the new hire's data?

  • A. Asset control
  • B. Device access control
  • C. Storage lock out
  • D. Storage segmentation
Answer:

D

Discussions
0 / 1000

Question 11

Which of the following allows an application to securely authenticate a user by receiving credentials from a web domain?

  • A. TACACS+
  • B. RADIUS
  • C. Kerberos
  • D. SAML
Answer:

D

Discussions
0 / 1000

Question 12

A penetration tester is crawling a target website that is available to the public. Which of the following represents the actions
the penetration tester is performing?

  • A. URL hijacking
  • B. Reconnaissance
  • C. White box testing
  • D. Escalation of privilege
Answer:

B

Discussions
0 / 1000

Question 13

After a breach, a company has decided to implement a solution to better understand the technique used by the attackers.
Which of the following is the BEST solution to be deployed?

  • A. Network analyzer
  • B. Protocol analyzer
  • C. Honeypot network
  • D. Configuration compliance scanner
Answer:

C

Discussions
0 / 1000

Question 14

An organization wants to deliver streaming audio and video from its home office to remote locations all over the world. It
wants the stream to be delivered securely and protected from intercept and replay attacks.
Which of the following protocols is BEST suited for this purpose?

  • A. SSH
  • B. SIP
  • C. S/MIME
  • D. SRTP
Answer:

D

Discussions
0 / 1000

Question 15

A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal
basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The
temporary and contract personnel require access to network resources only when on the clock.
Which of the following account management practices are the BEST ways to manage these accounts?

  • A. Employ time-of-day restrictions.
  • B. Employ password complexity.
  • C. Employ a random key generator strategy.
  • D. Employ an account expiration strategy.
  • E. Employ a password lockout policy
Answer:

A

Discussions
0 / 1000
To page 2