2021 Update CompTIA Security+ SY0-501 Exam Questions (449 Q&As)

CompTIA Security+ SY0-501 Exam Questions are new updated from PassQuestion! You can download the newest PassQuestion CompTIA Security+ SY0-501 Exam Questions and Answers: https://www.passquestion.com/sy0-501.html (449 Q&As)

Test Online Latest CompTIA Security+ SY0-501 Free Questions

1. Topic 1, Exam Pool A

A security analyst received an after-hours alert indicating that a large number of accounts with the suffix "admin’’ were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert.

Which of the following is the BEST explanation for these alerts?


2. A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM.

Which of the following is the administrator protecting against?


3. A company recently updated its website to increase sales. The new website uses PHP forms for leads and provides a directory with sales staff and their phone numbers.

A systems administrator is concerned about the new website and provides the following log to support the concern:

Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above?


4. A credentialed vulnerability scan is often preferred over a non-credentialed scan because credentialed scans:


5. Fuzzing is used to reveal which of the following vulnerabilities in web applications?


6. An organization has decided to host its web application and database in the cloud.

Which of the following BEST describes the security concerns for this decision?


7. A user is unable to obtain an IP address from the corporate DHCP server.

Which of the following is MOST likely the cause?


8. A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution.

Which of the following should the company implement to ease these concerns?


9. Which of the following describes the ability of code to target a hypervisor from inside a guest OS?


10. After segmenting the network, the network manager wants to control the traffic between the segments.

Which of the following should the manager use to control the network traffic?


11. An email recipient is unable to open a message encrypted through PKI that was sent from another organization.

Which of the following does the recipient need to decrypt the message?


12. Which of the following is an example of the second A in the AAA model?


13. An organization has the following written policies:

• Users must request approval for non-standard software installation

• Administrators will perform all software installations

• Software must be installed from a trusted repository

A recent security audit identified crypto-currency software installed on one user’s machine There are no indications of compromise on this machine.

Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence’?


14. An attacker has obtained the user ID and password of a datacenter’s backup operator and has gained access to a production system.

Which of the following would be the attacker’s NEXT action?


15. A systems administrator has created network file shares for each department with associated security groups for each role within the organization.

Which of the following security concepts is the systems administrator implementing?


16. A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates.

Which of the following should the technician implement?


17. When accessing a popular website, a user receives a warning that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users.

Which of the following is the MOST likely cause for this?


18. A manufacturing company updates a policy that instructs employees not to enter a secure area in groups and requires each employee to swipe their badge to enter the area When employees continue to ignore the policy, a mantrap is installed.

Which of the following BEST describe the controls that were implemented to address this issue? (Select TWO).


19. Ann a security analyst from a large organization has been instructed to use another more effective scanning tool After installing the tool on her desktop she started a full vulnerability scan After running the scan for eight hours. Ann finds that there were no vulnerabilities identified.

Which of the following is the MOST likely cause of not receiving any vulnerabilities on the network?


20. Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the windows/Currentversion/Run registry key?


21. A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company’s secure web servers must be inspected.

Which of the following configurations would BEST support this requirement?


22. A dumpster diver was able 10 retrieve hard drives from a competitor’s trash bin. After installing the and hard drives and running common date recovery software. Sensitive information was recovered.

In which of the following ways did the competitor apply media sanitation?


23. A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access.

Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?


24. A technician wants to add wireless guest capabilities to an enterprise wireless network that is currently implementing 802.1X EAP-TLS

The guest network must

• Support client Isolation.

• Issue a unique encryption key to each client.

• Allow guests to register using their personal email addresses

Which of the following should the technician implement? (Select TWO),


25. Several systems and network administrators are determining how to manage access to a facility and enable managers to allow after-hours access.

Which of the following access control methods should managers use to assign after-hours access to the employees?


26. A security administrator wants to determine if a company’s web servers have the latest operating system and application patches installed.

Which of the following types of vulnerability scans should be conducted?


27. A transitive trust:


28. A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI.

Which of the following configuration should the engineer choose?


29. Which of the following is the MOST likely motivation for a script kiddie threat actor?


30. A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users’ credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list.

Which of the following would be the BEST combination to reduce the risks discovered?


31. A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end.

Which of the following is an AAA solution that will provide the required wireless authentication?


32. A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer.

Which of the following would secure the credentials from sniffing?


33. A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time.

Which of the following is the BEST control to address this audit finding?


34. A member of the IR team has identified an infected computer.

Which of the following IR phases should the team member conduct NEXT?


35. A security administrator has received multiple calls from the help desk about customers who are unable to access the organization’s web server. Upon reviewing the log files the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources.

Which of the following attack types does this BEST describe?


36. Which of the following control types would a backup of server data provide in case of a system issue?


37. The security office has had reports of increased tailgating in the datacenter.

Which of the following controls should security put in place?


38. A security professional wants to test a piece of malware that was isolated on a user’s computer to document its effect on a system.

Which of the following is the FIRST step the security professional should take?


39. A technician, who is managing a secure B2B connection, noticed the connection broke last night. All

networking equipment and media are functioning as expected, which leads the technician to QUESTION NO: certain PKI components.

Which of the following should the technician use to validate this assumption? (Choose two.)


40. A company notices that at 10 a.m. every Thursday, three users’ computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup.

The contents of where.pdf.exe are shown below:

@echo off

if [c:file.txt] deltree C:

Based on the above information, which of the following types of malware was discovered?


41. A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.

Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).


42. A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat.

@echo off


start notepad.exe

start notepad.exe

start calculator.exe

start calculator.exe

goto asdhbawdhbasdhbawdhb

Given the file contents and the system’s issues, which of the following types of malware is present?


43. An organization recently acquired an ISO 27001 certification.

Which of the following would MOST likely be considered a benefit of this certification?


44. A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee’s position.

Which of the following practices would BEST help to prevent this situation in the future?


45. The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team’s application is and the destination IP is The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked.

The analyst then looks at the UTM firewall logs and sees the following:

Which of the following should the security analyst request NEXT based on the UTM firewall analysis?


46. A Chief Security Officer’s (CSO’s) key priorities are to improve preparation response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks.

Which of the following would BEST meet the CSO’s objectives?


47. Which of the following can be used to increase the time needed to brute force a hashed password?


48. A mobile application developer wants to secure an application that transmits sensitive information.

Which of the following should the developer implement to prevent SSL MITM attacks?


49. A security administrator is choosing an algorithm to generate password hashes.

Which of the following would offer the BEST protection against offline brute force attacks?


50. After being alerted to potential anomalous activity related to trivial DNS lookups, a security analyst looks at the following output of implemented firewall rules:

The analyst notices that the expected policy has no hit count for the day.

Which of the following MOST likely occurred?


51. An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts.

Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?


52. A preventive control differs from a compensating control in that a preventive control is:


53. A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at ‘the main location.

Which of the following networking concepts would BEST accomplish this?


54. A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management.

Which of the following would be the BEST solution for the CIO to implement?”


55. A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, internet and VoIP services are restored, only to go offline again at random intervals. typically, within four minutes of services being restored. Outages continue throughout the day. impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day. the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.

Which of the following BEST describe this type of attack? (Select TWO).


56. A systems engineer is setting up a RADIUS server to support a wireless network that uses certificate authentication.

Which of the following protocols must be supported by both the RADIUS server and the WAPs?


57. A user from the financial aid office is having trouble interacting with the finaid directory on the university’s ERP system.

The systems administrator who took the call ran a command and received the following output:

Subsequently, the systems administrator has also confirmed the user is a member of the finaid group on the ERP system.

Which of the following is the MOST likely reason for the issue?


58. An attacker is able to capture the payload for the following packet: IP IP IP During an investigation, an analyst discovers that the attacker was able to capture the information above and

use it to log on to other servers across the company.

Which of the following is the MOST likely reason?


59. A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:

• The VPN must support encryption of header and payload.

• The VPN must route all traffic through the company’s gateway.

Which of the following should be configured on the VPN concentrator?


60. A penetration tester is checking to see if an internal system is vulnerable to an attack using a remote listener.

Which of the following commands should the penetration tester use to verify if this vulnerability exists? (Choose two.)


61. A company moved into a new building next to a sugar mil. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure.

Which of the following BEST describes the type of threat the organization faces?


62. An email systems administrator is configuring the mail server to prevent spear phishing attacks through email messages.

Which of the following refers to what the administrator is doing?


63. Which of the following command line tools would be BEST to identify the services running in a server?


64. A Chief Information Security Officer (CISO) is concerned about the organization’s ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes server resources.

Which of the following will the CISO MOST likely recommend to mitigate this risk?


65. A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data.

Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks Is the researcher MOST likely experiencing?


66. A company has a backup site with equipment on site without any data. This is an example of:


67. An analyst is currently looking at the following output:

Which of the following security issues has been discovered based on the output?


68. An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues.

Which of the following should a security engineer employ to fulfill the requirements for the manager?


69. A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system.

Which of the following would reduce the attack surface added by the service and account? (Select TWO)


70. A member of the human resources department is searching for candidate resumes and encounters the following error message when attempting to access popular job search websites:

Which of the following would resolve this issue without compromising the company’s security policies?


71. An administrator needs to protect rive websites with SSL certificates Three of the websites have different domain names, and two of the websites share the domain name but have different subdomain prefixes.

Which of the following SSL certificates should the administrator purchase to protect all the websites and be able to administer them easily at a later time?


72. A security engineer is installing a WAF to protect the company’s website from malicious web requests over SSL.

Which of the following is needed to meet the objective?


73. A cryptographer has developed a new proprietary hash function for a company and solicited employees to test the function before recommending its implementation. An employee takes the plaintext version of a document and hashes it, then changes the original plaintext document slightly and hashes it, and continues repeating this process until two identical hash values are produced from two different documents.

Which of the following BEST describes this cryptographic attack?


74. Which of the following BEST explains how the use of configuration templates reduces organization risk?


75. A security administrator is investigating a report that a user is receiving suspicious emails. The user’s machine has an old functioning modem installed.

Which of the following security concerns need to be identified and mitigated? (Choose two.)


76. A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against.


77. Which of the following is a benefit of credentialed vulnerability scans?


78. Which of the following should a technician use to protect a cellular phone that is needed for an investigation, to ensure the data will not be removed remotely?


79. A security administrator found the following piece of code referenced on a domain controller’s task scheduler:

$var = GetDomainAdmins

If $var != ‘fabio’

SetDomainAdmins = NULL

With which of the following types of malware is the code associated?


80. An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view.

Which of the following BEST describes this type of message?


81. Given the following:

> md5.exe filel.txt

> ADIFAB103773DC6A1E6021B7E503A210

> md5.exe file2.txt

> ADIFAB103773DC6A1E602lB7E503A210

Which of the following concepts of cryptography is shown?


82. Company engineers regularly participate in a public Internet forum with other engineers throughout the industry.

Which of the following tactics would an attacker MOST likely use in this scenario?


83. Exploitation of a system using widely known credentials and network addresses that results in DoS is an example of:


84. A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home.

Some of the requirements are:

• Employees must provide an alternate work location (i.e., a home address).

• Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.

Which of the following BEST describes the MDM options the company is using?


85. A Security analyst has received an alert about PII being sent via email. The analyst’s Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care.

From which of the following did the alert MOST likely originate?


86. During an incident, a company’s CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC.

Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?


87. A network administrator has been alerted that web pages are experiencing long load times.

After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

Which of the following is the router experiencing?


88. A forensics analyst is investigating a hard drive for evidence of suspected illegal activity.

Which of the following should the analyst do FIRST?


89. An organization is drafting an IRP and needs to determine which employees have the authority to take systems offline during an emergency situation.

Which of the following is being outlined?


90. A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site.

Upon Investigation, a security analyst identifies the following:

• The legitimate website’s IP address is and eRecruit.local resolves to this IP.

• The forged website’s IP address appears to be based on NetFlow records.

• All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP.

• DNS query logs show one of the three DNS servers returned a result of (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?


91. The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized.

Which of the following types of malware MOST likely caused this to occur?


92. Ann. a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not.

Which of the following has MOST likely occurred on Ann’s computer?


93. If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?


94. A chief information security officer (CISO) asks the security architect to design a method for contractors to access the company’s internal wiki, corporate directory, and email services securely without allowing access to systems beyond the scope of their project.

Which of the following methods would BEST fit the needs of the CISO?


95. Which of the following attacks is used to capture the WPA2 handshake?


96. A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI.

Which of the following should the administrator configure?


97. Given the information below:

MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883

MD5HASH image.jpg 049eab40fd36caadlfab10b3cdf4a883.

Which of the following concepts are described above? (Choose two.)


98. An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network.

Which of the following would be MOST appropriate based on the engineer’s requirements?


99. A security engineer is concerned about susceptibility to HTTP downgrade attacks because the current customer portal redirects users from port 80 to the secure site on port 443.

Which of the following would be MOST appropriate to mitigate the attack?


100. Which of the following represents a multifactor authentication system?


Question 1 of 100

2021 Updated CompTIA A+ 220-1001 Questions and Answers (407 Q&As)

Leave a Reply

Your email address will not be published. Required fields are marked *