CompTIA SY0-501 Braindumps 2021

for CompTIA certification, Real Success Guaranteed with Updated . 100% PASS SY0-501 CompTIA Security+ Certification Exam exam Today!

Free demo questions for CompTIA SY0-501 Exam Dumps Below:

NEW QUESTION 1
A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)
SY0-501 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
  • E. Option E
  • F. Option F

Answer: AC

NEW QUESTION 2
Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met?

  • A. Logic bomb
  • B. Trojan
  • C. Scareware
  • D. Ransomware

Answer: A

NEW QUESTION 3
A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following:
SY0-501 dumps exhibit There is no standardization.
SY0-501 dumps exhibit Employees ask for reimbursement for their devices.
SY0-501 dumps exhibit Employees do not replace their devices often enough to keep them running efficiently.
SY0-501 dumps exhibit The company does not have enough control over the devices.
Which of the following is a deployment model that would help the company overcome these problems?

  • A. BYOD
  • B. VDI
  • C. COPE
  • D. CYOD

Answer: D

NEW QUESTION 4
Which of the following BEST describes an important security advantage yielded by implementing vendor diversity?

  • A. Sustainability
  • B. Homogeneity
  • C. Resiliency
  • D. Configurability

Answer: C

NEW QUESTION 5
An actor downloads and runs a program against a corporate login page. The program imports a list of usernames and passwords, looking for a successful attempt.
Which of the following terms BEST describes the actor in this situation?

  • A. Script kiddie
  • B. Hacktivist
  • C. Cryptologist
  • D. Security auditor

Answer: A

NEW QUESTION 6
A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console:
The computer has not reported status in 30 days.
Given this scenario, which of the following statements BEST represents the issue with the output above?

  • A. The computer in QUESTION NO: has not pulled the latest ACL policies for the firewall.
  • B. The computer in QUESTION NO: has not pulled the latest GPO policies from the management server.
  • C. The computer in QUESTION NO: has not pulled the latest antivirus definitions from the antivirus program.
  • D. The computer in QUESTION NO: has not pulled the latest application software updates.

Answer: D

NEW QUESTION 7
An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?

  • A. Use a honeypot
  • B. Disable unnecessary services
  • C. Implement transport layer security
  • D. Increase application event logging

Answer: B

NEW QUESTION 8
A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?

  • A. Put the VoIP network into a different VLAN than the existing data network.
  • B. Upgrade the edge switches from 10/100/1000 to improve network speed
  • C. Physically separate the VoIP phones from the data network
  • D. Implement flood guards on the data network

Answer: A

NEW QUESTION 9
A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to
configure the new network segment?

  • A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.
  • B. The segment should be placed in the existing internal VLAN to allow internal traffic only.
  • C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic.
  • D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

Answer: A

NEW QUESTION 10
An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement?

  • A. Tunnel mode
  • B. Transport mode
  • C. AH-only mode
  • D. ESP-only mode

Answer: A

Explanation: In both ESP and AH cases with IPSec Transport mode, the IP header is exposed. The IP header is not exposed in IPSec Tunnel mode.

NEW QUESTION 11
A security analyst is reviewing the following packet capture of an attack directed at a company's server located in the DMZ:
SY0-501 dumps exhibit
Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption?

  • A. DENY TCO From ANY to 172.31.64.4
  • B. Deny UDP from 192.168.1.0/24 to 172.31.67.0/24
  • C. Deny IP from 192.168.1.10/32 to 0.0.0.0/0
  • D. Deny TCP from 192.168.1.10 to 172.31.67.4

Answer: D

NEW QUESTION 12
A web developer improves client access to the company's REST API. Authentication needs to be tokenized but not expose the client's password. Which of the following methods would BEST meet the developer's requirements?

  • A. SAML
  • B. LDAP
  • C. OAuth
  • D. Shibboleth

Answer: A

NEW QUESTION 13
Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work?

  • A. Taking pictures of proprietary information and equipment in restricted areas.
  • B. Installing soft token software to connect to the company's wireless network.
  • C. Company cannot automate patch management on personally-owned devices.
  • D. Increases the attack surface by having more target devices on the company's campus

Answer: A

NEW QUESTION 14
A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender's private key? (Select TWO)

  • A. Non-repudiation
  • B. Email content encryption
  • C. Steganography
  • D. Transport security
  • E. Message integrity

Answer: AE

NEW QUESTION 15
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)

  • A. Public key
  • B. Shared key
  • C. Elliptic curve
  • D. MD5
  • E. Private key
  • F. DES

Answer: AE

NEW QUESTION 16
An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine.
Which of the following is being described?

  • A. Zero-day exploit
  • B. Remote code execution
  • C. Session hijacking
  • D. Command injection

Answer: A

NEW QUESTION 17
Which of the following could help detect trespassers in a secure facility? (Select TWO)

  • A. Faraday cages
  • B. Motion-detection sensors
  • C. Tall, chain-link fencing
  • D. Security guards
  • E. Smart cards

Answer: BD

P.S. Certleader now are offering 100% pass ensure SY0-501 dumps! All SY0-501 exam questions have been updated with correct answers: https://www.certleader.com/SY0-501-dumps.html (540 New Questions)