CompTIA SY0-501 Actual Free Exam Questions & Community Discussion

Exam Code/Number: SY0-501
Exam Name/Title: CompTIA Security+ Certification Exam
Certification Provider: CompTIA
Corresponding Certification: Security+

Exam Questions: 715
Updated On: Jun 02, 2026

Question #71

Which of the following BEST represent detective controls? (Select TWO)

A. Mantrap

B. Camera

C. Security guard

D. Bollards

E. Fencing

Discussion 0

Correct Answer: B,C Vote an answer

Question #72

Which of the following methods is used by internal security teams to assess the security of internally developed applications?

A. Active reconnaissance

B. Persistence

C. White box testing

D. Pivoting

Discussion 0

Correct Answer: C Vote an answer

Question #73

A systems administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of the following should the systems administrator configure?

A. EAP with MSCHAPv2

B. EAP-FAST

C. EAP-TTLS

D. EAP with PEAP

E. EAP-TLS

Discussion 0

Correct Answer: E Vote an answer

Question #74

Which of the following control types would a backup of server data provide in case of a system issue?

A. Corrector

B. Detective

C. Deterrent

D. Preventive

Discussion 0

Correct Answer: A Vote an answer

Question #75

A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increases in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case?

A. Redundancy

B. Elasticity

C. High availability

D. Non-persistence

Discussion 0

Correct Answer: B Vote an answer

Question #76

After discovering a buffer overflow vulnerability an application the security analyst needs to report it to the development team leader. Which of the following are MOST to appear m the impact section of the report? (Select TWO).

A. An attacker can execute arbitrary code using the application

B. An attacker can pivot to other servers using the application

C. An attacker can obtain privileged data handled by the application

D. An attacker can execute a DDoS on the server

E. An attacker can inject DLLs into the server via the application

Discussion 0

Correct Answer: A,D Vote an answer

Question #77

An organization requires three separate factors for authentication to sensitive systems. Which of the following would BEST satisfy the requirement?

A. fingerprint, voice recognition, and password

B. fingerprint, PIN, and mother's maiden name

C. Password, one-time password sent to a smartphone, and text message sent to a smartphone

D. One-time password sent to a smartphone, thumbprint, and home street address

Discussion 0

Correct Answer: D Vote an answer

Question #78

Which of the following disaster recovery sites would require the MOST time to get operations beck online?

A. Hot

B. Colocation

C. Warm

D. Cold

Discussion 0

Correct Answer: D Vote an answer

Question #79

After a business performed a risk assessment, the current RPO has been deemed insufficient for its needs. The business decides on a new RPO. Which of the following steps should be taken NEXT?

A. The company should review its access controls to guarantee the new RPO is covered

B. The company should review its MTTR to guarantee it is higher than the new RPO.

C. The company should review its MTBF to guarantee it is tower than the new RPO

D. The company should match its backup procedures against the new RPO.

Discussion 0

Correct Answer: D Vote an answer

Question #80

A company has users and porters in multiple geographic locations and the printers are locked in common areas of the offices. To preserve the confidentially of PII, a security administrator needs to implement the appropriate controls Which of the following would BEST meet the confidentiality requirements of the data?

A. Conducting regular account maintenance at each location

B. Adding location to the standard naming convention

C. Enforcing location-based policy restrictions

D. implementing time-of-day restrictions based on location

Discussion 0

Correct Answer: A Vote an answer

Question #81

A credentialed vulnerability scan is often preferred over a non-credentialed scan because credentialed scans:

A. generates more false positives.

B. rely solely on passive measures.

C. provide more accurate data.

D. are always non-intrusive.

Discussion 0

Correct Answer: C Vote an answer

Question #82

Which of the following are examples of two-factor authentication? (Select THREE)

A. Smart card and PIN

B. Password and TOTP

C. Proximity reader and password

D. Voice recognition and fingerprint

E. Smart card and ID badge

F. User ID and password

Discussion 0

Correct Answer: A,B,C Vote an answer

Question #83

To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used?

A. PFS

B. SPF

C. DMARC

D. DNSSEC

Discussion 0

Correct Answer: D Vote an answer

Question #84

After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

A. Multifactor authentication

B. Biometrics

C. Something you can do

D. Two-factor authentication

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Download Free CompTIA SY0-501 Demo

Simply submit your e-mail address below to get started with our free demo of your CompTIA SY0-501 exam.