Updated CompTIA Security+ Exam SY0-501 Practice Questions

1. Which of the following access control methodologies provides an individual with the most restrictive access rights to successfully perform their authorized duties?

2. An administrator wants to provide onboard hardware based cryptographic processing and secure key storage for full-disk encryption.

Which of the following should the administrator use to fulfil the requirements?

3. When viewing IPS logs the administrator see systems all over the world scanning the network for servers with port 22 open.

The administrator concludes that this traffic is a(N):

4. Ann a user has been promoted from a sales position to sales manager.

Which of the following risk mitigation strategies would be MOST appropriate when a user changes job roles?

5. A system administrator is implementing a firewall ACL to block specific communication to and from a predefined list of IP addresses, while allowing all other communication.

Which of the following rules is necessary to support this implementation?

6. Joe a system architect wants to implement appropriate solutions to secure the company’s distributed database.

Which of the following concepts should be considered to help ensure data security? (Select TWO)

7. A forensics analyst is tasked identifying identical files on a hard drive. Due to the large number of files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate.

Which of the following should be selected?

8. A government agency wants to ensure that the systems they use have been deployed as security as possible.

Which of the following technologies will enforce protections on these systems to prevent files and services from operating outside of a strict rule set?

9. An organization receives an email that provides instruction on how to protect a system from being a target of new malware that is rapidly infecting systems. The incident response team investigates the notification and determines it to invalid and notifies users to disregard the email.

Which of the following Best describes this occurrence?

10. Joe an employee has reported to Ann a network technician an unusual device plugged into a USB port on a workstation in the call center. Ann unplugs the workstation and brings it to the IT department where an incident is opened.

Which of the following should have been done first?

11. A company is implementing a system to transfer direct deposit information to a financial institution. One of the requirements is that the financial institution must be certain that the deposit amounts within the file have not been changed.

Which of the following should be used to meet the requirement?

12. An organization uses a Kerberos-based LDAP service for network authentication. The service is also utilized for internal web applications. Finally access to terminal applications is achieved using the same authentication method by joining the legacy system to the Kerberos realm.

This company is using Kerberos to achieve which of the following?

13. A recent audit has revealed that all employees in the bookkeeping department have access to confidential payroll information, while only two members of the bookkeeping department have job duties that require access to the confidential information.

Which of the following can be implemented to reduce the risk of this information becoming compromised in this scenario? (Select TWO)

14. A Chief Executive Officer (CEO) is steering company towards cloud computing. The CEO is requesting a federated sign-on method to have users sign into the sales application.

Which of the following methods will be effective for this purpose?

15. An administrator is configuring a new Linux web server where each user account is confined to a cheroot jail.

Which of the following describes this type of control?

16. Recently clients are stating they can no longer access a secure banking site’s webpage.

In reviewing the clients’ web browser settings, the certificate chain is showing the following:

Certificate Chain:

X Digi Cert

Digi Cert High assurance C3

* banksite.com

Certificate Store:

Digi Cert – Others Certificate Store

Digi Cert High assurance C3 – Others Certificate Store

Based on the information provided, which of the following is the problem when connecting to the website?

17. A company often processes sensitive data for the government. The company also processes a large amount of commercial work and as such is often providing tours to potential customers that take them into various workspaces.

Which of the following security methods can provide protection against tour participants viewing sensitive information at minimal cost?

18. Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further confirmed that Joe still has his badge and it was last used to exit the facility.

Which of the following access control methods is MOST appropriate for preventing such occurrences in the future?

19. A security architect is designing an enterprise solution for the sales force of a corporation which handles sensitive customer data. The solution must allow users to work from remote offices and support traveling users.

Which of the following is the MOST appropriate control for the architect to focus onto ensure confidentiality of data stored on laptops?

20. A security administrator needs a method to ensure that only employees can get onto the internal network when plugging into a network switch.

Which of the following BEST meets that requirement?