Updated CompTIA Security+ Certification SY0-501 Dumps Online

1. The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9. and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked.

The analyst then looks at the UTM firewall logs and sees the following:

Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

2. A security administrator is investigating a report that a user is receiving suspicious emails. The user’s machine has an old functioning modem installed.

Which of the following security concerns need to be identified and mitigated? (Choose two.)

3. Which of the following BEST explains why a development environment should have the same database server secure baseline that exists in production even if there is no PII in the database?

4. An organization is looking to build its second head ofce in another city. which has a history of ooding with an average of two oods every ‘I00 years. The estimated building cost is $1 million. and the estimated damage due to flooding is half of the buildings cost.

Given this information, which of the following is the SLE?

5. While reviewing system logs, a security analyst notices that a large number of end users are changing their passwords four times on the day the passwords are set to expire. The analyst suspects they are cycling their passwords to circumvent current password controls.

Which of the following would provide a technical control to prevent this activity from occurring?

6. A company recently updated its website to increase sales. The new website uses PHP forms for leads and provides a directory with sales staff and their phone numbers.

A systems administrator is concerned about the new website and provides the following log to support the concern:

Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above?

7. An organization has created a review process to determine how to best handle data with different sensitivity levels.

The process includes the following requirements:

• Soft copy Pll must be encrypted.

• Hard copy Pll must be placed In a locked container.

• Soft copy PHI must be encrypted and audited monthly.

• Hard copy PHI must be placed in a locked container and inventoried monthly.

Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer {CSO}.

While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers.

Which of the following actions should the employee take?

8. A user from the financial aid office is having trouble interacting with the finaid directory on the university’s ERP system.

The systems administrator who took the call ran a command and received the following output:

Subsequently, the systems administrator has also confirmed the user is a member of the finaid group on the ERP system.

Which of the following is the MOST likely reason for the issue?

9. A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end.

Which of the following is an AAA solution that will provide the required wireless authentication?

10. A security analyst recommends implementing SSL for an existing web service. A technician installs the SSL certificate and successfully tests the connection on the server Soon after, the help desk begins receiving calls from users who are unable to log in After further investigation, it becomes clear that no users have successfully logged in since the certificate installation.

Which of the following is MOST likely the issue?

11. A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use.

Which of the following should the engineer do to determine the issue? (Select Two)

12. A malicious actor compromises a legitimate website, configuring it to deliver malware to visitors of the website.

Which of the following attacks does this describe?

13. A security administrator is choosing an algorithm to generate password hashes.

Which of the following would offer the BEST protection against offline brute force attacks?

14. A forensics analyst is investigating a hard drive for evidence of suspected illegal activity.

Which of the following should the analyst do FIRST?

15. A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company’s revenue, referrals, and reputation.

Which of the following is an element of the BIA that this action is addressing?

16. Which of the following could an attacker use to overwrite instruction pointers in order to execute malicious code?

17. A security administrator is creating a risk assessment on BYOD.

One of the requirements of the risk assessment is to address the following

• Centrally managing mobile devices

• Data loss prevention

Which of the following recommendations should the administrator include in the assessment? (Select TWO).

18. Condential corporate data was recently stolen by an attacker who exploited data transport protections.

Which of the following vulnerabilities is the MOST likely cause of this data breach?

19. A user wants to send a condential message to a customer to ensure unauthorized users cannot access the information.

Which of the following can be used to ensure the security of the document while in transit and at rest?

20. When accessing a popular website, a user receives a warning that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users.

Which of the following is the MOST likely cause for this?

21. An organization has the following written policies:

• Users must request approval for non-standard software installation

• Administrators will perform all software installations

• Software must be installed from a trusted repository

A recent security audit identified crypto-currency software installed on one user's machine There are no indications of compromise on this machine.

Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence'?

22. A security analyst is asked to check the configuration of the company's DNS service on the server.

Which of the following command line tools should the analyst use to perform the Initial assessment?

23. Which of the following is a security consideration for IoT devices?

24. The Chief Information Officer (CIO) has heard concerns from the business and the help desk about frequent user account lockouts.

Which of the following account management practices should be modified to ease the burden?

25. A security consultant is analyzing data from a recent compromise.

The following data points are documented

• Access to data on share drives and certain networked hosts was lost after an employee logged in to an interactive session as a privileged user.

• The data was unreadable by any known commercial software.

• The issue spread through the enterprise via SMB only when certain users accessed data.

• Removal instructions were not available from any major antivirus vendor.

Which of the following types of malware is this example of?

26. An attacker is able to capture the payload for the following packet:

IP 192.168.1.22:2020 10.10.10.5:443

IP 192.166.1.10:1030 10.10.10.1:21

IP 192.168.1.57:5217 10.10.10.1:3389

During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company.

Which of the following is the MOST likely reason?

27. Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

28. During certain vulnerability scanning scenarios, It is possible for the target system to react in unexpected ways.

This type of scenario is MOST commonly known as:

29. Several systems and network administrators are determining how to manage access to a facility and enable managers to allow after-hours access.

Which of the following access control methods should managers use to assign after-hours access to the employees?

30. A technician is configuring an intrusion prevention system to improve its ability to find and stop threats In the past, the system did not detect and stop some threats.

Which of the following BEST describes what the technician is trying to correct with the new configuration?

31. A government organization recently contacted three different vendors to obtain cost quotes for a desktop PC refresh. The quote from one of the vendors was significantly lower than the other two and was selected for the purchase. When the PCs arrived, a technician determined some NICs had been tampered with.

Which of the following MOST accurately describes the security risk presented in this situation?

32. The CSIRT is reviewing the lessons learned from a recent incident A worm was able to spread unhindered throughout the network and infect a large number of computers and servers.

Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

33. A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM.

Which of the following is the administrator protecting against?

34. Given the information below:

MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883

MD5HASH image.jpg 049eab40fd36caadlfab10b3cdf4a883.

Which of the following concepts are described above? (Choose two.)

35. A chief information security officer (CISO) asks the security architect to design a method for contractors to access the company's internal wiki, corporate directory, and email services securely without allowing access to systems beyond the scope of their project.

Which of the following methods would BEST fit the needs of the CISO?

36. A company is deploying a wireless network. It is a requirement that client devices must use X.509 certifications to mutually authenticate before connecting to the wireless network.

Which of the following protocols would be required to accomplish this?

37. Which of the following implements a lossy algorithm?

38. A technician is implementing 802 1X with dynamic VLAN assignment based on a user Active Directory group membership.

Which of the following configurations supports the VLAN definitions?

39. Some call center representatives ‘workstations were recently updated by a contractor, who was able to collect customer information from the call center workstations.

Which of the following types of malware was installed on the call center users’ systems?

40. Which of the following is the BEST example of a reputation impact identified during a risk assessment?

41. A system uses an application server and database server Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams).

The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit.

Which of the following approaches would BEST meet the organization's goals?

42. A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates.

Which of the following should the technician implement?

43. A company uses WPA2-PSK, and it appears there are multiple unauthorized connected to the wireless network. A technician suspects this is because the wireless passwords has been shared with unauthorized individuals.

Which of the following should the technician implement to BEST reduce the risk of this happening in the future?

44. An authorized user is conducting a penetration scan of a system for an organization. The tester has a set of network diagrams. Source code, version numbers of applications. and other information about the system. Including hostnames and network addresses.

Which of the following BEST describes this type of penetration test?

45. A security analyst is reviewing the password policy for a service account that is used for a critical network service.

The password policy for this account is as follows:

Enforce password history: Three passwords remembered

Maximum password age: 30 days

Minimum password age: Zero days

Complexity requirements: At least one special character, one uppercase

Minimum password length: Seven characters

Lockout duration: One day

Lockout threshold: Five failed attempts in 15 minutes

Which of the following adjustments would be the MOST appropriate for the service account?

46. A security administrator needs to conduct a full inventory of all encryption protocols and cipher suites.

Which of the following tools will the security administrator use to conduct this inventory MOST efficiently?

47. A network administrator has been asked to install an IDS to improve the security posture of an organization.

Which of the following control types Is an IDS?

48. A technician is required to congure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates.

Which of the following should the technician implement?

49. A systems engineer is setting up a RADIUS server to support a wireless network that uses certificate authentication.

Which of the following protocols must be supported by both the RADIUS server and the WAPs?

50. A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat.

@echo off

:asdhbawdhbasdhbawdhb

start notepad.exe

start notepad.exe

start calculator.exe

start calculator.exe

goto asdhbawdhbasdhbawdhb

Given the file contents and the system’s issues, which of the following types of malware is present?

51. Which of the following identity access methods creates a cookie on the rst logic to a central authority to allow logins to subsequent applications without referring credentials?

52. A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the public-facing servers in the domain.

Which of the following is a secure solution that is the MOST cost effective?

53. A security administrator wants to better prepare the incident response team for possible security events. The IRP has been updated and distributed to incident response team members.

Which of the following is the BEST option to fulfill the administrator's objective?

54. To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving.

Which of the following cloud models would BEST meet the needs of the organization?

55. Which of the following BEST describes why an air gap is a useful security control?

56. A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

57. A security engineer wants to add SSL to the public web server.

Which of the following would be the FIRST step to implement the SSL certificate?

58. A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text.

Which of the following algorithms should the analyst use to validate the integrity of the file?

59. An organization has the following password policies:

• Passwords must be at least 16 characters long.

• Three tailed login attempts will lock the account (or live minutes.

• Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol.

A database server was recently breached, and the incident response team suspects the passwords were compromised. Users with permission on that database server were forced to change their passwords for that server. Unauthorized and suspicious logins are now being detected on the same server.

Which of the following is MOST likely the issue, and what should be done?

60. An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running.

Which of the following should be acquired LAST?

61. A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee’s position.

Which of the following practices would BEST help to prevent this situation in the future?

62. A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall.

Which of the following protocols does the technician MOST likely need to configure?

63. A company recently experienced a security incident in which its domain controllers were the target of a DoS attack.

In which of the following steps should technicians connect domain controllers to the net-work and begin authenticating users again?

64. Which of the following describes the BEST approach for deploying application patches?

65. An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails.

Which of the following is the MOST likely cause and next step?

66. A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:

• The VPN must support encryption of header and payload.

• The VPN must route all traffic through the company's gateway.

Which of the following should be configured on the VPN concentrator?

67. Which of the following BEST explains ‘likelihood of occurrence'?

68. A network administrator needs to restrict the users of the company's WAPs to the sales department. The network administrator changes and hides the SSID and then discovers several employees had connected their personal devices to the wireless network.

Which of the following would limit access to the wireless network to only organization-owned devices in the sales department?

69. The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained.

Which of the following would be BEST to improve the incident response process?

70. An organization needs to integrate with a third-party cloud application. The organization has 15000 users and does not want to allow the cloud provider to query its LDAP authentication server directly.

Which of the following is the BEST way for the organization to integrate with the cloud application?

71. A security analyst has recently deployed an MDM solution that requires biometric authentication for company-issued smartphones As the solution was implemented the help desk has seen a dramatic increase in calls by employees frustrated that company-issued phones take several attempts to unlock using the fingerprint scanner.

Which of the following should be reviewed to mitigate this problem?

72. The Chief Executive Officer (CEO) received an email from the Chief Financial Ofcer (CFO), asking the CEO to send nancial details. The CEO thought it was strange that the CFO would ask for the nancial details via email. The email address was correct in the "From “section of the email. The CEO clicked the form and sent the financial information as requested.

Which of the following caused the incident?

73. After a systems administrator installed and configured Kerberos services, several users experienced authentication issues.

Which of the following should be installed to resolve these issues?

74. A systems administrator needs to integrate multiple loT and small embedded devices into the company's wireless network securely.

Witch of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network?

75. Given the following:

> md5.exe filel.txt

> ADIFAB103773DC6A1E6021B7E503A210

> md5.exe file2.txt

> ADIFAB103773DC6A1E602lB7E503A210

Which of the following concepts of cryptography is shown?

76. After deploying an antivirus solution on some network-isolated industrial computers, the service desk team received a trouble ticket about the following message being displayed on then computer’s screen:

Which of the following would be the SAFEST next step to address the issue?

77. A technician, who is managing a secure B2B connection, noticed the connection broke last night. All networking equipment and media are functioning as expected, which leads the technician to question certain PKI components.

Which of the following should the technician use to validate this assumption? (Choose two.)

78. A company recently installed fingerprint scanners at all entrances to increase the facility’s security. The scanners were installed on Monday morning, and by the end of the week it was determined that 1.5% of valid users were denied entry.

Which of the following measurements do these users fall under?

79. A technician wants to implement PKI-based authentication on an enterprise wireless network.

Which of the following should configure to enforce the use for client-site certificates?

80. Staff members of an organization received an email message from the Chief Executive Officer (CEO) asking them for an urgent meeting in the main conference room. When the staff assembled, they learned the message received was not actually from the CEO.

Which of the following BEST represents what happened?

81. Given the following output:

Which of the following BEST describes the scanned environment?

82. An administrator is beginning an authorized penetration test of a corporate network.

Which of the following tools would BEST assist in identifying potential attacks?

83. A salesperson often uses a USB drive to save and move files from a corporate laptop. The corporate laptop was recently updated, and now the files on the USB are read-only.

Which of the following was recently added to the laptop?

84. A developer is building a new web portal for internal use. The web portal will only the accessed by internal users and will store operational documents.

Which of the following certicate types should the developer install if the company is MOST interested in minimizing costs?