CompTIA Security+ Certification Exam (SY0-501) Free Practice Test

Question 1

An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization's requirements?

A. Enable WPA2-PSK, disable all other modes, and implement MAC filtering along with port security.

B. Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients.

C. Use WPA2-Enterprise with RADIUS and disable pre-shared keys.

D. Use WPA2-PSK with a 24-character complex password and change the password monthly.

Correct Answer: D

Question 2

A penetration tester has been hired to scan a company's network for potentially active hosts. The company's IPS system blocks the ICMP echo reply and echo request packets. Which of the following can be used to scan the network?

A. ARP

B. Ping

C. IPSec

D. OSPF

Correct Answer: A

Question 3

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

A. Container breakout

B. Fog computing

C. VM escape

D. Software-defined networking

E. Image forgery

Correct Answer: C

Question 4

A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst interested?

A. DMZ

B. Honeypot

C. Sandboxing

D. Staging

Correct Answer: C

Question 5

A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Select TWO).

A. PAP

B. PEAP

C. MSCHAP

D. SAML

E. NTLM

Correct Answer: B,C

Question 6

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:
* www company com (mam website)
* contactus company com (for locating a nearby location)
* quotes company com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com. Which of the following certificate types would BEST meet the requirements?

A. Extended validation

B. SAN

C. Self-signed

D. Wildcard

Correct Answer: D

Question 7

An organization wants to control user accounts and privileged access to database servers. The organization wants to create an audit trail of account requests and approval. but also wants to facilitate operational efficiency when account and access changes are needed. The organization has the following account management practices:
Which of the following should the security consultant configure in the MDM policies for the tables? (Select TWO.)

A. GPS tagging

B. Geofencing

C. Screen locks

D. Cable locks

E. Remote wipe

F. Carrier unlocking

Correct Answer: B,E

Question 8

A security analyst is determining the point of compromise after a company was hacked. The analyst checks the server logs and sees that a user account was logged in at night, and several large compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated. Which of the following should the security analyst recommend to prevent this type of attack in the future? (Select TWO).

A. Review and update the firewall settings.

B. Disable all user accounts that are not logged in to for 180 days.

C. Create a honeypot to catch the hacker.

D. Enable a login banner prohibiting unauthorized use.

E. Perform an audit of all company user accounts.

F. Restrict the compromised user account.

Correct Answer: A,B

Question 9

A technician is evaluating a security appliance solution. The company needs a system that continues to pass traffic if the system crashes. Which of the following appliance feature would BEST meet the company's needs?

A. Fall closed.

B. Fall open

C. Fall Safe

D. Fall Secure

Correct Answer: B

Question 10

A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to defect the following message: "Special privileges assigned to new logon.' Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A. Buffer overflow

B. Cross-site scripting

C. Session replay

D. Pass-the-hash

Correct Answer: A

Question 11

Passive reconnaissance during a penetration test consists of:

A. non-intrusive vulnerability scanning

B. social engineering to obtain target information

C. open-source intelligence gathering

D. probing the target network in a methodical manner

Correct Answer: C

Welcome to TestSimulate

CompTIA Security+ Certification (SY0-501) Free Practice Test