Take A Quiz
Take a practice test
7 Quiz Set/s
7 Quiz Sets
SY0-501 CompTIA Security+ Certification Exam
Can you answer
questions in 10 minutes?
SY0-501 CompTIA Security+ Certification Exam |
Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization?
The server should connect to external Stratum 0 NTP servers for synchronization
The server should connect to internal Stratum 0 NTP servers for synchronization
The server should connect to external Stratum 1 NTP servers for synchronization
Which of the following cryptography algorithms will produce a fixed-length, irreversible output?
While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?
Offline password cracker
Which of the following uses precomputed hashes to guess passwords?
Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled?
Which of the following are MOST susceptible to birthday attacks?
One time passwords
A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?
Using software to repeatedly rewrite over the disk space
Using magnetic fields to erase the data
Using Blowfish encryption on the hard drives
Removing the hard drive from its enclosure
A systems administrator has isolated an infected system from the network and terminated the malicious process from executing. Which of the following should the administrator do NEXT according to the incident response process?
Restore lost data from a backup.
Wipe the system.
Document the lessons learned.
Determine the scope of impact.
A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?
Separation of duties
Security awareness training
A company wants to host a publicly available server that performs the following functions: Evaluates MX record lookup Can perform authenticated requests for A and AAA records Uses RRSIG Which of the following should the company use to fulfill the above requirements?
A. administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users?
Set the Boolean selinux value to allow FTP home directory uploads
Configure the FTP daemon to utilize PAM authentication pass through user permissions
Create an ACL to allow the FTP service write access to user directories
Reconfigure the ftp daemon to operate without utilizing the PSAV mode
A security analyst is reviewing the following packet capture of an attack directed at a company's server located in the DMZ: Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption?
Deny IP from 192.168.1.10/32 to 0.0.0.0/0
Deny UDP from 192.168.1.0/24 to 172.31.67.0/24
DENY TCO From ANY to 172.31.64.4
Deny TCP from 192.168.1.10 to 172.31.67.4
When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK?
A Chief Information Officer (CIO) has decided it is not cost effective to implement safeguards against a known vulnerability. Which of the following risk responses does this BEST describe?
A. organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?
Use a honeypot
Disable unnecessary services
Implement transport layer security
Increase application event logging
A. organization wants to utilize a common, Internet-based third-party provider for authorization and authentication. The provider uses a technology based on OAuth 2.0 to provide required services. To which of the following technologies is the provider referring?
Open ID Connect
A. in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?
Unusual SFTP connections to a consumer IP address
Abnormally high numbers of outgoing instant messages that contain obfuscated text
Outgoing emails containing unusually large image files
Large-capacity USB drives on the tester's desk with encrypted zip files
A penetration tester harvests potential usernames from a social networking site. The penetration tester then uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a network server. Which of the following methods is the penetration tester MOST likely using?
Escalation of privilege
Which of the following network vulnerability scan indicators BEST validates a successful, active scan?
The scan data identifies the use of privileged-user credentials.
The scan results identify the hostname and IP address.
The scan output lists SQL injection attack vectors.
The scan job is scheduled to run during off-peak hours.
A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST:
Maintain the chain of custody.
Recover data at a later time.
Preserve the data.
Obtain a legal hold.
Which of the following refers to the term used to restore a system to its operational state?
The IT department needs to prevent users from installing untested applications. Which of the following would provide the BEST solution?
A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients. Which of the following is being used?
Gray box vulnerability testing
Bypassing security controls
A user clicked an email link that led to a website than infected the workstation with a virus. The virus encrypted all the network shares to which the user had access. The virus was not deleted or blocked by the company’s email filter, website filter, or antivirus. Which of the following describes what occurred?
The user’s account was over-privileged.
Improper error handling triggered a false negative in all three controls.
The email originated from a private email server with no malware protection.
The virus was a zero-day attack.
After a recent internal breach, a company decided to regenerate and reissue all certificates used in the transmission of confidential information. The company places the greatest importance on confidentiality and non-repudiation, and decided to generate dual key pairs for each client. Which of the following BEST describes how the company will use these certificates?
One key pair will be used for internal communication, and the other will be used for external communication.
One key pair will be used for encryption. The other key pair will provide extended validation.
Data will be encrypted once by each key, doubling the confidentiality and non-repudiation strength.
One key pair will be used for encryption and decryption. The other will be used to digitally sign the data.
Please login to subscribe
The First & Only Encyclopedia of Self Help,
Self Improvement & Career Advice
250+ Easy-to-Follow Guides
5000+ Proven Tips
13 Types of Essential Skills Covered
Get The Value of 100+ Best Books in 1 Book.
502 Pages | $3.99 | PDF / EPub, Kindle Ready
Please login/register to bookmark chapters.
Basic Life Skills
Entrance and Placement Exams
Jobs and Occupations
Trades and Vocational
Science and Technology
Education Standards and Boards
Browse Fatskills by topics
All Subjects on Fatskills
Popular Tests on Fatskills
Fatskills Career Aptitude Tests
Fatskills on Facebook
Please report any error in fatskills quizzes and questions to 'simpleversity at gmail.com'.
Without work one finishes nothing. - Ralph Waldo Emerson