CompTIA Security+ SY0-501 Questions & Answers Set 4

A financial institution is trying to ensure that their systems are safe and resistant to attackers. What is the term given to systems that are updated frequently, have their OS configured securely, and have rules and policies enforced to help govern the system?


Options are :

  • Protected
  • Virtual
  • Hardened (Correct)
  • Secure

Answer : Hardened

A firewall at Acme Inc. uses rules implemented as ACLs in order to identify traffic that is permitted and denied without taking in any context of the communication. What type of firewall packet filtering does not retain memory of previous packets and only scans packets as they come and go from the network?


Options are :

  • Stateless (Correct)
  • Connectionless
  • Connection-based
  • Stateful

Answer : Stateless

A government agency has begun to modernize their software development and deployment. They are looking for the best way to proceed and have decided to use the software development life cycle (SDLC). CompTIA outlines six steps for the SDLC that enable an effective development process. What is the first stage of the SDLC?



Options are :

  • Implementation
  • Design
  • Planning (Correct)
  • Analysis

Answer : Planning

You are working for a new financial startup that is considering a new workstation fleet. They are looking for secure operating systems to ensure that they are protected from malicious attackers. What is required for an operating system to be considered a Trusted Operating System (TOS)?


Options are :

  • Regular patches each week
  • An installed antivirus
  • Strong policies concerning updates and patching (Correct)
  • Remote administration policies

Answer : Strong policies concerning updates and patching

An organization has implemented an access control policy that is centralized and managed through the systems on the network. What access control policy is determined by computers, not by a user or owner?


Options are :

  • Discretionary
  • Centralized
  • Mandatory (Correct)
  • Server

Answer : Mandatory

Security breaches are more common than most would like to admit, and this raises concerns for the security of information that an organization may collect and store. This information requires consideration and additional safeguards to prevent attackers from using it for their own gain. What is the term given to sensitive data that is used to identify a customer or patient?


Options are :

  • Personally identifiable information (Correct)
  • Acceptable use information
  • Personal identity record
  • User information

Answer : Personally identifiable information

With the advent of Windows Vista, a new type of security control was introduced to further lock user accounts down and prevent malware from gaining control of a system. What name is given to the process that keeps all users except the administrator in standard user mode?


Options are :

  • MAC
  • UAC (Correct)
  • ACL
  • DLP

Answer : UAC

During a routine system audit, an administrator discovers a serious software vulnerability. The administrator is concerned that it may affect more systems and that there may be other vulnerabilities that the organization is not aware of. Now the administrator is looking into how to effectively manage discovering, documenting, and mitigating vulnerabilities. What is this practice called?


Options are :

  • Detective controls
  • Technical controls
  • Vulnerability management (Correct)
  • Operational management

Answer : Vulnerability management

A network penetration tester is attempting to breach their client's network in order to find vulnerabilities. They are investigating the coaxial cable used to run the cable line into the business. What type of wiretap is used on coax cable?


Options are :

  • Leak
  • Static
  • Faraday
  • Vampire (Correct)

Answer : Vampire

An attacker has infiltrated a government agency and intends to exfiltrate information to sell at a profit. In order to hide their tracks, they embed the sensitive information within the bits of normal documents that would be sent to their personal email address. Upon receipt at home, the attacker decrypts the information and provides it to the recipient. Which of the following techniques did they likely use in this scenario?


Options are :

  • Replay
  • IV attack
  • Collision
  • Steganography (Correct)

Answer : Steganography

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions