• Home
  • Blogs
  • [Q151-Q176] Best Quality CompTIA SYO-501 Exam Questions Exam4Docs Realistic Practice Exams [2021]

[Q151-Q176] Best Quality CompTIA SYO-501 Exam Questions Exam4Docs Realistic Practice Exams [2021]

Share

Best Quality CompTIA SYO-501 Exam Questions Exam4Docs Realistic Practice Exams [2021]

Critical Information To CompTIA Security+ Certification Exam Pass the First Time

NEW QUESTION 151
A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again?

  • A. Lessons learned
  • B. Containment
  • C. Recovery
  • D. Eradication
  • E. Identification
  • F. Preparation

Answer: C

 

NEW QUESTION 152
To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?

  • A. SaaS
  • B. MaaS
  • C. PaaS
  • D. IaaS

Answer: A

 

NEW QUESTION 153
While performing surveillance activities an attacker determines that an organization is using
802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security controls?

  • A. ARP poisoning
  • B. Xmas attack
  • C. Pharming
  • D. MAC spoofing

Answer: A

 

NEW QUESTION 154
A chief information officer (CIO) is concerned about PII contained in the organization's various data warehouse platforms. Since not all of the PII transferred to the organization is required for proper operation of the data warehouse application, the CIO requests the in needed PII data be parsed and securely discarded. Which of the following controls would be MOST appropriate in this scenario?

  • A. Creation of policies and procedures
  • B. Execution of PII data identification assessments
  • C. Encryption of data-at-rest
  • D. Implementation of data sanitization routines
  • E. Introduction of education programs and awareness training

Answer: A

 

NEW QUESTION 155
A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should the technician configure to enforce the use of client-side certificates?

  • A. 802.1X with PEAP
  • B. WPA2-PSK
  • C. EAP-TLS
  • D. RADIUS Federation

Answer: C

 

NEW QUESTION 156
An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message?

  • A. Steganography
  • B. Diffusion
  • C. Obfuscation
  • D. BCRYPT

Answer: C

 

NEW QUESTION 157
A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring?

  • A. Principle of least privilege
  • B. Fraud
  • C. External intruder
  • D. Conflict of Interest

Answer: A

Explanation:
Explanation
The principle of least privilege works by allowing only enough access to perform the required job. In an IT environment, adhering to the principle of least privilege reduces the risk of attackers gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application.

 

NEW QUESTION 158
A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to verify they cannot connect. Which of the following is being tested?

  • A. Layer 3 routing
  • B. Secure IMAP
  • C. Port security
  • D. S/MIME

Answer: C

 

NEW QUESTION 159
An authorized user is conducting a penetration scan of a system for an organization. The tester has a set of network diagrams. Source code, version numbers of applications. and other information about the system.
Including hostnames and network addresses. Which of the following BEST describes this type of penetration test?

  • A. Blue team exercise
  • B. Black-boxtestlng
  • C. Red team exercise
  • D. Gray-box testing
  • E. White-box testing

Answer: E

 

NEW QUESTION 160
An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view.
Which of the following BEST describes this type of message?

  • A. Steganography
  • B. Diffusion
  • C. Obfuscation
  • D. BCRYPT

Answer: C

 

NEW QUESTION 161
A company notices that at 10 a.m. every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below:

Based on the above information, which of the following types of malware was discovered?

  • A. RAT
  • B. Backdoor
  • C. Rootkit
  • D. Logic bomb

Answer: D

 

NEW QUESTION 162
Joe noticed that there is a larger than normal account of network on the printer VLAN of his organization, causing users to have to wait a long time for a print job. Upon investigation Joe discovers that printers were ordered and added to the network without his knowledge. Which of the following will reduce the risk of this occurring again in the future?

  • A. Rule-based management
  • B. Access control list
  • C. Log analysis
  • D. Loop protection

Answer: A

 

NEW QUESTION 163
Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive.
Which of the following procedures did Joe follow?

  • A. Recovery procedure
  • B. Chain of custody
  • C. Incident isolation
  • D. Order of volatility

Answer: D

 

NEW QUESTION 164
A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.)

  • A. Generate an X.509-compliant certificate that is signed by a trusted CA.
  • B. Install and configure an SSH tunnel on the LDAP server.
  • C. Ensure port 636 is open between the clients and the servers using the communication.
  • D. Ensure port 389 is open between the clients and the servers using the communication.
  • E. Remote the LDAP directory service role from the server.

Answer: B,C

 

NEW QUESTION 165
Drag and drop the correct protocol to its default port.

Answer:

Explanation:

Explanation

FTP uses TCP port 21. Telnet uses port 23.
SSH uses TCP port 22.
All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).
Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). SMTP uses TCP port 25.
Port 69 is used by TFTP.
SNMP
makes use of UDP ports 161 and 162. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

NEW QUESTION 166
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

Answer:

Explanation:

Explanation

Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away Proximity badge + reader Safe is a hardware/physical security measure Mantrap can be used to control access to sensitive areas. CCTV can be used as video surveillance.
Biometric reader can be used to control and prevent unauthorized access. Locking cabinets can be used to protect backup media, documentation and other physical artefacts.

 

NEW QUESTION 167
An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:

Which of the following vulnerabilities is present?

  • A. Backdoor
  • B. Integer overflow
  • C. Buffer overflow
  • D. Bad memory pointer

Answer: C

 

NEW QUESTION 168
A company is currently using the following configuration:
A security administrator needs to configure a new wireless setup with the following configurations:
Which of the following forms of authentication are being used? (Select two.)

  • A. EAP
  • B. PEAP
  • C. MSCHAP
  • D. PAP
  • E. EAP-PEAP
  • F. PEAP- MSCHAP

Answer: D,E

 

NEW QUESTION 169
A security analyst is reviewing the following output from an IPS:

Given this output, which of the following can be concluded? (Select TWO).

  • A. The source IP of the attack is coming from 250 19.18 71.
  • B. The attacker sent a malformed TCP packet, triggering the alert.
  • C. The source IP of the attack is coming from 250.19 18.22.
  • D. The TTL value is outside of the expected range, triggering the alert.
  • E. The attacker sent a malformed IGAP packet, triggering the alert.

Answer: D

 

NEW QUESTION 170
SIMULATION
A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS
Click on each firewall to do the following:
1. Deny cleartext web traffic
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.


  • A. In Firewall 1, HTTP inbound Action should be DENY. As shown below

    In Firewall 2, Management Service should be DNS, As shown below.

    In Firewall 3, HTTP Inbound Action should be DENY, as shown below
  • B. In Firewall 1, HTTP inbound Action should be DENY. As shown below

    In Firewall 2, Management Service should be DNS, As shown below.

    In Firewall 3, HTTP Inbound Action should be DENY, as shown below

Answer: A

 

NEW QUESTION 171
An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection.
Which of the following steps should the responder perform NEXT?

  • A. Use a remote desktop client to collect and analyze the malware m real time
  • B. Capture and document necessary information to assist in the response.
  • C. Ask the user to back up files for later recovery
  • D. Request the user capture and provide a screenshot or recording of the symptoms

Answer: B

 

NEW QUESTION 172
A technician has installed a new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company's routers and switches.

Members of the network team successfully test their ability to log on to various network devices configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample:

Which of the following should the auditor recommend based on the above information?

  • A. Remove the DOMAIN_USERS group from ALLOW_ACCESS group.
  • B. Disable groups nesting for the ALLOW_ACCESS group in the AAA server.
  • C. Move the NETWORK_TEAM group to the top of the ALLOW_ACCESS access list.
  • D. Configure the ALLOW_ACCESS group logic to use AND rather than OR.

Answer: A

 

NEW QUESTION 173
After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.
The systems administrator reviews the output below:

Based on the above information, which of the following types of malware was installed on the user's computer?

  • A. Bot
  • B. RAT
  • C. Spyware
  • D. Worm
  • E. Keylogger

Answer: D

 

NEW QUESTION 174
After running an online password cracking tool, an attacker recovers the following password:
gh;jSKSTOi;618&
Based on the above information, which of the following technical controls have been implemented (Select TWO).

  • A. Complexity
  • B. Hashing
  • C. Salting
  • D. Encryption
  • E. Stretching
  • F. Length

Answer: A,F

 

NEW QUESTION 175
The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?

  • A. Social engineering
  • B. Passive reconnaissance
  • C. Phishing
  • D. Insider threat

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 176
......

SYO-501 EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.exam4docs.com/SYO-501-study-questions.html

Related Blogs

more
CompTIA SYO-501 Certification Practice Exam

Our study guide torrent covers most questions of real test and can help you pass exam certainly. The high pass rate bring help you pass at the first attempt.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 EXAM4DOCS.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy