Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

SY0-501Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 51

Which of the following should be implemented to stop an attacker from interacting with the hypervisor through another guest?

  • A: Containers
  • B: VM escape protection
  • C: Security broker
  • D: Virtual desktop

Question 52

An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it. The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks. Which of the following should the administrator implement?

  • A: NTLMv2
  • B: TACACS+
  • C: Kerberos
  • D: Shibboleth

Question 53

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

  • A: The firewall should be configured to prevent user traffic form matching the implicit deny rule.
  • B: The firewall should be configured with access lists to allow inbound and outbound traffic.
  • C: The firewall should be configured with port security to allow traffic.
  • D: The firewall should be configured to include an explicit deny rule.

Question 54

A security consultant is analyzing data from a recent compromise. The following data points are documented:
✑ Access to data on share drives and certain networked hosts was lost after an employee logged in to an interactive session as a privileged user.
✑ The data was unreadable by any known commercial software.
✑ The issue spread through the enterprise via SMB only when certain users accessed data.
Removal instructions were not available from any major antivirus vendor.

Image 1

Which of the following types of malware is this an example of?

  • A: RAT
  • B: Ransomware
  • C: Backdoor
  • D: Keylogger
  • E: Worm

Question 55

An organization handling highly confidential information needs to update its systems. Which of the following is the BEST method to prevent data compromise?

  • A: Wiping
  • B: Degaussing
  • C: Shredding
  • D: Purging

Question 56

A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for auditing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit log integrity?

  • A: Enforcing stricter onboarding workflow policies
  • B: Applying least privilege to user group membership
  • C: Following standard naming conventions for audit group users
  • D: Restricting audit group membership to service accounts

Question 57

Joe, a new employee, discovered a thumb drive with the company's logo on it while walking in the parking lot. Joe was curious as to the contents of the drive and placed it into his work computer. Shortly after accessing the contents, he noticed the machine was running slower, started to reboot, and displayed new icons on the screen. Which of the following types of attacks occurred?

  • A: Social engineering
  • B: Brute force attack
  • C: MITM
  • D: DoS

Question 58

A security analyst receives the following output:

Image 1

Which of the following MOST likely occurred to produce this output?

  • A: The host-based firewall prevented an attack from a Trojan horse
  • B: USB-OTG prevented a file from being uploaded to a mobile device
  • C: The host DLP prevented a file from being moved off a computer
  • D: The firewall prevented an incoming malware-infected file

Question 59

Which of the following BEST explains likelihood of occurrence?

  • A: The chance that an event will happen regardless of how much damage it may cause
  • B: The overall impact to the organization once all factors have been considered
  • C: The potential for a system to have a weakness or flaw that might be exploited
  • D: The probability that a threat actor will target and attempt to exploit an organization's systems

Question 60

When choosing a hashing algorithm for storing passwords in a web database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?

  • A: HMAC provides hardware acceleration, thus speeding up authentication
  • B: HMAC adds a transport layer handshake, which improves authentication
  • C: HMAC-MD5 can be decrypted faster, speeding up performance
  • D: HMAC-MD5 is more resistant to brute forcing

Question 61

Given the following:

Image 1

Which of the following concepts of cryptography is shown?

  • A: Collision
  • B: Salting
  • C: Steganography
  • D: Stream cipher

Question 62

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Choose two.)
A.

Image 1

B.

Image 2

C. dig `"axfr comptia.org @example.org

D. ipconfig /flushDNS -
E.

Image 3

F. dig @example.org comptia.org -

Question 63

A technician wants to configure a wireless router at a small office that manages a family-owned dry cleaning business. The router will support five laptops, personal smartphones, a wireless printer, and occasional guests. Which of the following wireless configurations is BEST implemented in this scenario?

  • A: Single SSID with WPA2-Enterprise
  • B: 802.1X with a guest VLAN
  • C: Dual SSID with WPA2-PSK
  • D: Captive portal with two-factor authentication

Question 64

A systems administrator just issued the ssh-keygen `"t rsa command on a Linux terminal. Which of the following BEST describes what the rsa portion of the command represents?

  • A: A key generation algorithm
  • B: A hashing algorithm
  • C: A public key infrastructure type
  • D: A certificate authority type

Question 65

A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings?

  • A: Identification
  • B: Lessons learned
  • C: Recovery
  • D: Preparation
  • E: Eradication

Question 66

A security analyst has identified malware that is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network?

  • A: Virus
  • B: Worm
  • C: Logic bomb
  • D: Backdoor

Question 67

An organization allows the use of open-source software as long as users perform a file integrity check on the executables and verify the file against hashes of known malware. A user downloads the following files from an open-source website:

Image 1

After submitting the hashes to the malware registry, the user is alerted that 2f40 3221 33ad 8f34 1032 1adc 13ef 51a4 matches a known malware signature. The organization has been running all of the above software with no known issues. Which of the following actions should the user take and why?

  • A: Download and run the software but notify the organization's cybersecurity office. The malware registry has a false positive since the software has been running without any issues.
  • B: Do not run any of the software and notify the organization's cybersecurity office. The open-source website has been compromised, and none of the software can be trusted.
  • C: Download and run only webserver_82.exe and opendatabase_44.exe and notify the organization's cybersecurity office. Legacy versions of the software have been compromised.
  • D: Do not run webserver_82.exe and notify the organization's cybersecurity office. The software is malware.

Question 68

An administrator needs to protect five websites with SSL certificates. Three of the websites have different domain names, and two of the websites share the domain name but have different subdomain prefixes. Which of the following SSL certificates should the administrator purchase to protect all the websites and be able to administer them easily at a later time?

  • A: One SAN certificate
  • B: One Unified Communications Certificate and one wildcard certificate
  • C: One wildcard certificate and two standard certificates
  • D: Five standard certificates

Question 69

A security administrator begins assessing a network with software that checks for available exploits against a known database, using both credentials and external scripts. A report will be compiled and used to confirm patching levels. This is an example of:

  • A: penetration testing
  • B: fuzzing
  • C: static code analysis
  • D: vulnerability scanning

Question 70

A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between directory servers. The penetration testers recommended encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding?

  • A: DNSSEC
  • B: SFTP
  • C: Kerberos
  • D: LDAPS

Question 71

Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Choose two.)

  • A: To prevent server availability issues
  • B: To verify the appropriate patch is being installed
  • C: To generate a new baseline hash after patching
  • D: To allow users to test functionality
  • E: To ensure users are trained on new functionality

Question 72

Which of the following are disadvantages of full backups? (Choose three.)

  • A: They rely on other backups for recovery
  • B: They require the most storage
  • C: They demand the most bandwidth
  • D: They have the slowest recovery time
  • E: They are impossible in virtual environments
  • F: They require on-site storage
  • G: They are time-consuming to complete

Question 73

A security analyst performs a vulnerability scan on the local network. Several items are flagged on the report as being critical issues. The security analyst researches each of the vulnerabilities and discovers that one of the critical issues on the report was mitigated in a previous scan. Which of the following MOST likely happened?

  • A: A patch was removed
  • B: A false positive occurred
  • C: The tool has a high crossover error rate
  • D: A necessary service was not running

Question 74

A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?

  • A: ISA
  • B: NDA
  • C: MOU
  • D: SLA

Question 75

Which of the following would meet the requirements for multifactor authentication?

  • A: Username, PIN, and employee ID number
  • B: Fingerprint and password
  • C: Smart card and hardware token
  • D: Voice recognition and retina scan
Page 3 of 42 • Questions 51-75 of 1043
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!