Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

SY0-501 by CompTIA - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

An auditor is reviewing the following output from a password-cracking tool:

Question 4

In which of the following ways does phishing and smishing differ?

A One is primarily based on social engineering, and the other is based on evading spam filters
B One uses SMS as a delivery mechanism, and the other uses email
C Smishing relies on hard-wired connections and mobile code updates
D Phishing leverages poor email tagging to exploit SPIM settings

Question 5

A security analyst is determining the point of compromise after a company was hacked. The analyst checks the server logs and sees that a user account was logged in at night, and several large compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated.
Which of the following should the security analyst recommend to prevent this type of attack in the future? (Choose two.)

A Review and update the firewall settings
B Restrict the compromised user account
C Disable all user accounts that are not logged in to for 180 days
D Enable a login banner prohibiting unauthorized use
E Perform an audit of all company user accounts
F Create a honeypot to catch the hacker

Question 6

An analysis of a threat actor, which has been active for several years, reveals the threat actor has high levels of funding, motivation, and sophistication. Which of the following types of threat actors does this BEST describe?

A Advanced persistent threat
B Hacktivist
C Organized crime
D Insider

Question 7

Given the following output:

Question 8

When an initialization vector is added to each encryption cycle, it is using the:

A ECB cipher mode
B MD5 cipher mode
C XOR cipher mode
D CBC cipher mode

Question 9

During a routine check, a security analyst discovered the script responsible for the backup of the corporate file server has been changed to the following:

Question 10

An organization requires three separate factors for authentication to sensitive systems. Which of the following would BEST satisfy the requirement?

A Fingerprint, PIN, and mother's maiden name
B One-time password sent to a smartphone, thumbprint, and home street address
C Fingerprint, voice recognition, and password
D Password, one-time password sent to a smartphone, and text message sent to a smartphone

Question 11

A security analyst has been asked to implement secure protocols to prevent cleartext credentials from being transmitted over the internal network. Which of the following protocols is the security analyst MOST likely to implement? (Choose two.)

A SNMPv3
B S/MIME
C DNSSEC
D SSH
E SFTP

Question 12

Buffer overflow can be avoided using proper:

A memory leak prevention
B memory reuse
C input validation
D implementation of ASLR

Question 13

Which of the following systems, if compromised, may cause great danger to the integrity of water supplies and their chemical levels?

A UAV
B SCADA
C HVAC
D MFD

Question 14

Which of the following must be intact for evidence to be admissible in court?

A Chain of custody
B Order of volatility
C Legal hold
D Preservation

Question 15

An organization has the following written policies:
✑ Users must request approval for non-standard software installation.
✑ Administrators will perform all software installations.
✑ Software must be installed from a trusted repository.
A recent security audit identified crypto-currency software installed on one user's machine. There are no indications of compromise on this machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?

A The user's machine was infected with malware; implement the organization's incident response
B The user installed the software on the machine; implement technical controls to enforce the written policies
C The crypto-currency software was misidentified and is authorized; add the software to the organization's approved list
D Administrators downloaded the software from an untrusted repository; add a policy that requires integrity checking for all software.

Question 16

Employees receive a benefits enrollment email from the company's human resources department at the beginning of each year. Several users have reported receiving the email but are unable to log in to the website with their usernames and passwords. Users who enter the URL for the human resources website can log in without issue. Which of the following security issues is occurring?

A Several users' computers were not configured to use HTTPS to access the website
B The human resources servers received a large number of requests, resulting in a DoS
C The internal DNS server was compromised, directing users to a hacker's server
D Users received a social engineering email and were directed to an external website

Question 17

An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?

A 802.11n support on the WAP
B X.509 certificate on the server
C CCMP support on the network switch
D TLS 1.0 support on the client

Question 18

An organization is setting up a satellite office and wishes to extend the corporate network to the new site. Which of the following is the BEST solution to allow the users to access corporate resources while focusing on usability and security?

A Federated services
B Single sign-on
C Site-to-site VPN
D SSL accelerators

Question 19

A NIPS administrator needs to install a new signature to observe the behavior of a worm that may be spreading over SMB. Which of the following signatures should be installed on the NIPS?

A PERMIT from ANY:ANY to ANY:445 regex '.SMB.'
B DROP from ANY:445 to ANY:445 regex '.SMB.'
C DENY from ANY:ANY to ANY:445 regex '.SMB.'
D RESET from ANY:ANY to ANY:445 regex '.SMB.'

Question 20

Exploitation of a system using widely known credentials and network addresses that results in DoS is an example of:

A improper error handling
B default configurations
C untrained users
D lack of vendor support

Question 21

Which of the following is an example of the second A in the AAA model?

A The encryption protocol successfully completes the handshake and establishes a connection
B The one-time password is keyed in, and the login system grants access
C The event log records a successful login with a type code that indicates an interactive login
D A domain controller confirms membership in the appropriate group

Question 22

Which of the following threat actors is motivated primarily by a desire for personal recognition and a sense of accomplishment?

A A script kiddie
B A hacktivist
C An insider threat
D An industrial saboteur

Question 23

A vulnerability scanner that uses its running service's access level to better assess vulnerabilities across multiple assets within an organization is performing a:

A Credentialed scan.
B Non-intrusive scan.
C Privilege escalation test.
D Passive scan.

Question 24

An attacker has gained control of several systems on the Internet and is using them to attack a website, causing it to stop responding to legitimate traffic. Which of the following BEST describes the attack?

A MITM
B DNS poisoning
C Buffer overflow
D DDoS

Question 25

A company has users and printers in multiple geographic locations, and the printers are located in common areas of the offices. To preserve the confidentiality of
PII, a security administrator needs to implement the appropriate controls. Which of the following would BEST meet the confidentiality requirements of the data?

A Enforcing location-based policy restrictions
B Adding location to the standard naming convention
C Implementing time-of-day restrictions based on location
D Conducting regular account maintenance at each location

Page 1 of 42 • Questions 1-25 of 1043

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

DRAG DROP -
A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center.

INSTRUCTIONS -
Drag and drop the applicable controls to each asset type.
Controls can be used multiple times and not all placeholders need to be filled.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Select and Place:

Which of the following attacks specifically impact data availability?

A DDoS
B Trojan
C MITM
D Rootkit

Which of the following methods did the auditor MOST likely use?

A Hybrid
B Dictionary
C Brute force
D Rainbow table

Which of the following BEST describes the scanned environment?

A A host was identified as a web server that is hosting multiple domains
B A host was scanned, and web-based vulnerabilities were found
C A connection was established to a domain, and several redirect connections were identified
D A web shell was planted in company.com's content management system

Which of the following BEST describes the type of malware the analyst discovered?

A Keylogger
B Rootkit
C RAT
D Logic bomb

SY0-501Preview