SY0-501 | CompTIA SY0-501 Forum 2020

It is more faster and easier to pass the CompTIA SY0-501 exam by using 100% Correct CompTIA CompTIA Security+ Certification Exam questuins and answers. Immediate access to the Abreast of the times SY0-501 Exam and find the same core area SY0-501 questions with professionally verified answers, then PASS your exam with a high score now.

Online SY0-501 free questions and answers of New Version:


Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?

  • A. Passwords written on the bottom of a keyboard
  • B. Unpatched exploitable Internet-facing services
  • C. Unencrypted backup tapes
  • D. Misplaced hardware token

Answer: B


Which of the following should a security analyst perform FIRST to determine the vulnerabilities of a legacy

  • A. Passive scan
  • B. Aggressive scan
  • C. Credentialed scan
  • D. Intrusive scan

Answer: A


A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The main culprit of CPU utilization is the antivirus program. Which of the following issue could occur if left unresolved? (Select TWO)

  • A. MITM attack
  • B. DoS attack
  • C. DLL injection
  • D. Buffer overflow
  • E. Resource exhaustion

Answer: BE


A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented?

  • A. Recovery agent
  • B. Ocsp
  • C. Crl
  • D. Key escrow

Answer: B


A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user.
Which of the following mobile device capabilities should the user disable to achieve the stated goal?

  • A. Device access control
  • B. Location based services
  • C. Application control
  • D. GEO-Tagging

Answer: D


A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an authorized user is logged into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network.
SY0-501 dumps exhibit
Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?

  • A. Apply MAC filtering and see if the router drops any of the systems.
  • B. Physically check each of the authorized systems to determine if they are logged onto the network.
  • C. Deny the “unknown” host because the hostname is not known and MAC filtering is not applied to this host.
  • D. Conduct a ping sweep of each of the authorized systems and see if an echo response is received.

Answer: C


A security analyst observes the following events in the logs of an employee workstation:
SY0-501 dumps exhibit
Given the information provided, which of the following MOST likely occurred on the workstation?

  • A. Application whitelisting controls blocked an exploit payload from executing.
  • B. Antivirus software found and quarantined three malware files.
  • C. Automatic updates were initiated but failed because they had not been approved.
  • D. The SIEM log agent was not tuned properly and reported a false positive.

Answer: A


A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant. Given this scenario, which of the following would be the BEST method of configuring the load balancer?

  • A. Round-robin
  • B. Weighted
  • C. Least connection
  • D. Locality-based

Answer: D


Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?

  • A. Sandboxing
  • B. Encryption
  • C. Code signing
  • D. Fuzzing

Answer: A


A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the Internet regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this?

  • A. Configure the OS default TTL to 1
  • B. Use NAT on the R&D network
  • C. Implement a router ACL
  • D. Enable protected ports on the switch

Answer: A


A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFIenabled baby monitor while the baby's parents were sleeping.
Which of the following BEST describes how the intruder accessed the monitor?

  • A. Outdated antivirus
  • B. WiFi signal strength
  • C. Social engineering
  • D. Default configuration

Answer: D


An organization has several production-critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software?

  • A. Configure a firewall with deep packet inspection that restricts traffic to the systems.
  • B. Configure a separate zone for the systems and restrict access to known ports.
  • C. Configure the systems to ensure only necessary applications are able to run.
  • D. Configure the host firewall to ensure only the necessary applications have listening ports

Answer: A


An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users.
Which of the following types of attack is MOST likely occurring?

  • A. Policy violation
  • B. Social engineering
  • C. Whaling
  • D. Spear phishing

Answer: D


A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?

  • A. Put the desktops in the DMZ.
  • B. Create a separate VLAN for the desktops.
  • C. Air gap the desktops.
  • D. Join the desktops to an ad-hoc network.

Answer: C


Drag and drop the correct protocol to its default port.
SY0-501 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

FTP uses TCP port 21. Telnet uses port 23. SSH uses TCP port 22.
All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).
Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). SMTP uses TCP port 25. Port 69 is used by TFTP.
SNMP makes use of UDP ports 161 and 162.


A security analyst has received the following alert snippet from the HIDS appliance:
SY0-501 dumps exhibit
Given the above logs, which of the following is the cause of the attack?

  • A. The TCP ports on destination are all open
  • B. FIN, URG, and PSH flags are set in the packet header
  • C. TCP MSS is configured improperly
  • D. There is improper Layer 2 segmentation

Answer: B


A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

  • A. Enforce authentication for network devices
  • B. Configure the phones on one VLAN, and computers on another
  • C. Enable and configure port channels
  • D. Make users sign an Acceptable use Agreement

Answer: A


Upon entering an incorrect password, the logon screen displays a message informing the user that the password does not match the username provided and is not the required length of 12 characters. Which of the following secure coding techniques should a security analyst address with the application developers to follow security best practices?

  • A. Input validation
  • B. Error handling
  • C. Obfuscation
  • D. Data exposure

Answer: B


Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)

  • A. To prevent server availability issues
  • B. To verify the appropriate patch is being installed
  • C. To generate a new baseline hash after patching
  • D. To allow users to test functionality
  • E. To ensure users are trained on new functionality

Answer: AD


A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact?

  • A. Launch an investigation to identify the attacking host
  • B. Initiate the incident response plan
  • C. Review lessons learned captured in the process
  • D. Remove malware and restore the system to normal operation

Answer: D


A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset types?
Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.
SY0-501 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Company Manages Smart Phone Screen Lock
Strong Password Device Encryption Remote Wipe GPS Tracking
Pop-up blocker
Data Center Terminal Server Cable Locks
Host Based Firewall Proximity Reader Sniffer


In an effort to reduce data storage requirements, some company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

  • A. MD5
  • B. SHA
  • D. AES

Answer: B


An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server. Which of the following should a security analyst do FIRST?

  • A. Make a copy of everything in memory on the workstation.
  • B. Turn off the workstation.
  • C. Consult information security policy.
  • D. Run a virus scan.

Answer: A


AChief Information Officer (CIO) recently saw on the news that a significant security flaws exists with a specific version of a technology the company uses to support many critical application. The CIO wants to know if this reported vulnerability exists in the organization and, if so, to what extent the company could be harmed. Which of the following would BEST provide the needed information?

  • A. Penetration test
  • B. Vulnerability scan
  • C. Active reconnaissance
  • D. Patching assessment report

Answer: A


After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.
The systems administrator reviews the output below:
SY0-501 dumps exhibit
Based on the above information, which of the following types of malware was installed on the user's computer?

  • A. RAT
  • B. Keylogger
  • C. Spyware
  • D. Worm
  • E. Bot

Answer: D


A security analyst is updating a BIA document. The security analyst notices the support vendor's time to replace a server hard drive went from eight hours to two hours. Given these new metrics, which of the following can be concluded? (Select TWO)

  • A. The MTTR is faster.
  • B. The MTTR is slower.
  • C. The RTO has increased.
  • D. The RTO has decreased.
  • E. The MTTF has increased.
  • F. The MTTF has decreased.

Answer: AD


Thanks for reading the newest SY0-501 exam dumps! We recommend you to try the PREMIUM Certifytools SY0-501 dumps in VCE and PDF here: (544 Q&As Dumps)