CompTIA Security+ SY0-501 Practice Test

This is a 30 (5+25 see update below) free CompTIA Security+ SY0-501 practice test. This practice test consists of multiple-choice questions demonstrating the level of complexity you can expect at the actual exam.

NOTE:

The sample questions below are all multiple choice. To access interactive questions as well as grading, reports, and your custom “Personal Testing Plan”, you will need the CertBlaster exam simulation software.

25 BONUS QUESTIONS!

We have just updated this free CompTIA  Security+ SY0-501 practice test by adding another 25 questions past the below first 5 questions so make sure to scroll all the way down!

Understanding the CompTIA Security+ Exam

This a 6 – 7 page PDF explaining the CompTIA Security+ exam in some detail. Click on the link 5 Steps to Security+ Certification Success. It will take you to a form, under “Preferred Certification Track” pick your exam.

Question 1

During an IT meeting, your colleague Anne-Marie suggests that there is a single point of failure in the single load balancer in place for the company website ordering system. She suggests having two load balancers configured, with only one in service at a given time. What type of load balancing configuration is Anne-Marie recommending?

          a) Round robin

          b) Active-active

          c) Active-passive

          d) Least connections

Answer

Active-passive configurations consist of two load balancers, one of which is active. When the active load balancer is unresponsive, the second load balancer takes over. a, b, and d are incorrect. Round robin and least connections are load balancer scheduling algorithms and are not related to fault tolerance with multiple load balancers. Active-active means that both load balancers function at the same time and work together to distribute incoming traffic to back-end nodes. So the correct choice is c.

CompTIA Security+ SY0-501 exam objectives addressed by question 1

Main exam objective: 2.0 Technologies and Tools

Exam sub-objective: 2.1 Install and configure network components, both hardware- and software-based, to support organizational security.

Question 2

You are a business networking consultant and have a large retail outlet as a client. Your project for them consists of configuring a wireless router at their coffee shop area. The wireless connection will be used by waiting customers to connect to the Internet. You want to ensure that wireless clients can connect to the Internet but cannot connect to internal computers owned by the retail outlet’s offices. Where will you plug in the wireless router?

          a) LAN

          b) Port 24 on the switch

          c) Port 1 on the switch

          d) DMZ

Answer

Using the LAN connection would allow customers access to the business’s internal network and devices. The ports do not address the separation of functional requirements. A demilitarized zone (DMZ) is a network that allows external unsecure access to resources while preventing direct access to internal resources. If the wireless access point is plugged into the DMZ, this will provide Internet access to customers while not allowing them access to internal business computers. The correct choice is therefore d.

CompTIA Security+ SY0-501 exam objectives addressed by question 2

Main exam objective: 3.0 Architecture and Design

Exam sub-objective: 3.2 Given a scenario, implement secure network architecture concepts.

Question 3

The Microsoft Group Policy setting for password complexity is “Password must meet complexity requirements.” The policy states that when the setting is enabled, the user password must contain:

English uppercase characters (A through Z),

English lowercase characters (a through z),

Digits (0 through 9), and

Non-alphabetic characters (!, $, #, %).

According to the policy, passwords must contain characters from how many of these different groups?

          a) Four

          b) Three

          c) Two

          d) One

Answer

Password complexity policy must contain characters from three of the following four categories— English uppercase characters (A through Z), English lowercase characters (a through z), digits (0 through 9), and non-alphabetic characters (!, $, #, %). The correct choice is b.

CompTIA Security+ SY0-501 exam objectives addressed by question 3

Main exam objective: 4.0 Identity and Access Management

Exam sub-objective: 4.4 Given a scenario, differentiate common account management practices.

Question 4

You are an IT consultant for a business located in a coastal area that is susceptible to storms and occasional flooding. Because of your company’s location, there is an emphasis on continued business operation. Which of the following plans focus on ensuring that personnel, customers, and IT systems are minimally affected after a disaster?

          a) Risk management

          b) Fault tolerance

          c) Disaster recovery

          d) Business continuity

Answer

Business continuity is considered the key goal in which disaster recovery plays a part. Disaster recovery involves implementing steps to get a business operational. Business continuity ensures business operation after the implementation of the DRP. The correct choice is d.

CompTIA Security+ SY0-501 exam objectives addressed by question 4

Main exam objective: 5.0 Risk Management

Exam sub-objective: 5.6 Explain disaster recovery and continuity of operation concepts.

Question 5

You are a computer security consultant, and your latest client is a military contractor who requires the utmost in security for transmitting messages during wartime. Which of the following provides the best security?

          a) AES

          b) 3DES

          c) One-time pad

          d) RSA

Answer:

One-time pads are used to combine completely random keys with plain text resulting in ciphertext, after which one-time pads are not used again. A randomized initialization vector (IV), or salt, is used to derive keys. An item used only once is referred to as a nonce. Both communicating parties must have the same one-time pads, which presents a problem if communicating with many entities. No amount of computing power or time can increase the likelihood of breaking this type of ciphertext. The correct choice is c.

CompTIA Security+ SY0-501 exam objectives addressed by question 5

Main exam objective: 6.0 Cryptography and PKI

Exam sub-objective: 6.1 Compare and contrast basic concepts of cryptography.

CertBlaster Exam Simulator for CompTIA Security+ SY0-501

The questions above are all multiple choice. Below is a screenshot of one of the performance-based questions available in the interactive CertBlaster exam simulation software.

The CertBlaster practice tests for Security+ SY0-501 includes in excess of 450 questions. It also includes the CompTIA Performance Based Question type (PBQ).  Below is a screengrab of a PBQ.

Practice question in a CertBlaster Security+ practice test
Example of a script based performance based question in a CertBlaster Security+ practice test

 

HERE ARE THE 25 BONUS QUESTIONS!

Question 1

Which of the following types of malware delivery, usually through a Trojan, includes demands for payment?

          a) Backdoors

          b) Ransomware

          c) Botnets

          d) Logic Bombs

Answer: Ransomware

Explanation: Ransomware software takes control of a system by encrypting the hard drive or changing a password and requires the user to pay an extortion to revert their system back to normal.

Security+ SY0-501 Main Domain 1.0 – Threats, Attacks and Vulnerabilities
Sub-Objective: 1.1 – “Given a scenario, analyze indicators of compromise and determine the type of malware.”

Question 2

Review the malware related compromises listed. Which type of malware can make its presence and that of its accompanying payload invisible to the system?

          a) Crypto-malware

          b) Worm

          c) Rootkit

          d) Ransomware

Answer: Rootkit

Explanation: The primary function of a rootkit is to become undetectable and mask its functions from the operating system. Crypto malware encrypts files, drives and even networks quite visibly. Ransomware cripples user interaction until a fee is paid. A worm’s primary function is to multiply and spread.

Security+ SY0-501 Main Domain 1.0 – Threats, Attacks and Vulnerabilities
Sub-Objective: 1.1 – “Given a scenario, analyze indicators of compromise and determine the type of malware.”

Question 3

The act of pretending to be the proper owner of an address or the provider of a service, when another system is actually the true provider, is referred to as ___________.

          a) Man in the middle

          b) Spoofing

          c) Denial of service

          d) Zombie attack

Answer: Spoofing

Explanation: Spoofing is pretending to be someone else by imitating that person or system.

Security+ SY0-501 Main Domain 1.0 – Threats, Attacks and Vulnerabilities
Sub-Objective: 1.2 – “Compare and contrast types of attacks.”

Question 4

Which type of network penetration attack model requires an attacker to have the highest skill level?

          a) Black box

          b) Gray box

          c) White box

          d) None of these are correct.

Answer: Black box

Explanation: The White Box Model of penetration testing treats the attacker as a trusted insider giving them considerable network knowledge and combining it with an advanced skill set. The parameters of the attack are designed by upper management and the White Box tester will report only to upper management. Gray box testing is a hybrid of White Box and Black Box methodology and its focus is determined by the client’s management team. Reporting will be specified in the attack plan. The Black Box attack will have less information about the network and the attacker will require a higher skill set by first gaining access to the target then finding and exploiting any vulnerabilities.

Security+ SY0-501 Main Domain 1.0 – Threats, Attacks and Vulnerabilities
Sub-Objective: 1.4 – “Explain penetration testing concepts.”

Question 5

Which one of the listed tools scans for known security threats on groups of computers?

          a) Packet sniffer

          b) Vulnerability scanner

          c) Risk scanner

          d) Port scanner

Answer: Vulnerability scanner

Explanation: Vulnerability scanners such as Nmap normally use an updated database of known security vulnerabilities and misconfigurations for various operating systems and network devices. This database is compared against a single host or a network scan to determine whether any hosts or devices are vulnerable. Reports can then be generated from the scan. Network scans can also reveal the presence of rogue systems and re-route traffic through attacker systems for unauthorized detailed traffic examination.

Security+ SY0-501 Main Domain 1.0 – Threats, Attacks and Vulnerabilities
Sub-Objective: 1.5 – “Explain vulnerability scanning concepts.”

Question 6

The IPsec protocol suite uses all but one of the choices listed below. Which of these is NOT relevant to IPsec?

          a) Tunnel mode

          b) TLS

          c) ESP

          d) AH

          e) Transport mode

Answer: TLS

Explanation: IPsec offers greater overall protection than TLS. IPsec uses the Authentication Header protocol (AH) for authentication and the Encapsulating Security Payload (ESP) for confidentiality. IPsec operates in both transport mode and the more secure tunnel mode.

Security+ SY0-501 Main Domain 2.0 – Technologies and Tools
Sub-Objective: 2.1 – “Install and configure network components, both hardware- and software-based, to support organizational security.”

Question 7

You have a multilayer switch. Which layers does it operate at?

          a) 1 and 2

          b) 2 and 3

          c) 3 and 4

          d) 5 and 6

Answer: 2 and 3

Explanation: A multilayer switch operates at Layers 2 and 3. Considering Layer 2 vs. Layer 3 operation, the Layer 3 switch will outperform a router on VLANS because the Layer 3 switch has both a MAC address table and an IP routing table.

Security+ SY0-501 Main Domain 2.0 – Technologies and Tools
Sub-Objective: 2.1 – “Install and configure network components, both hardware- and software-based, to support organizational security.”

Question 8

Which choice listed below describes the deployment of a network device in order to conduct academic research or detect attackers inside the organization’s network perimeter?

          a) DMZ

          b) Honeypot

          c) IDS

          d) SIRT

Answer: Honeypot

Explanation: Honeypots are network resources designed with the idea that they will be attacked so that the attackers can be analyzed and documented.

Security+ SY0-501 Main Domain 2.0 – Technologies and Tools
Sub-Objective: 2.2 – “Given a scenario, use appropriate software tools to assess the security posture of an organization.”

Question 9

A service on a local server cannot communicate with its database server running on another machine. The database server is functioning correctly and all network connections are working properly. What is most likely causing this issue?

          a) Insider threat

          b) Unauthorized software

          c) UTM

          d) Misconfigured firewall

Answer: Misconfigured firewall

Explanation: A misconfigured firewall would prevent the local service from being able to connect to a service on a different machine over the network.

Security+ SY0-501 Main Domain 2.0 – Technologies and Tools
Sub-Objective: 2.3 – “Given a scenario, troubleshoot common security issues.”

Question 10

The host-based intrusion detection system can be referred to as which of the following?

          a) NDIS

          b) HDIS

          c) HIDS

          d) NIDS

Answer: HIDS

Explanation: (none)

Security+ SY0-501 Main Domain 2.0 – Technologies and Tools
Sub-Objective: 2.3 – “Given a scenario, troubleshoot common security issues.”

Question 11

A simple way to keep virus, spyware and other malware from attacking your network while allowing BYOD is to use which of the following?

          a) Application control

          b) Asset Tracking

          c) Guest network

          d) Device Access Controls

Answer: Guest network

Explanation: The use of a guest network for BYOD connections allows users a WiFi network for Internet connections only and no connection to the company network.

Security+ SY0-501 Main Domain 3.0 – Architecture and Design
Sub-Objective: 3.2 – “Given a scenario, implement secure network architecture concepts.”

Question 12

Which of the following methods would generally speaking be the most basic method to mitigate security risks on a network?

          a) Updates

          b) Network segmentation and security layers

          c) Application firewalls

          d) Wrappers

Answer: Network segmentation and security layers

Explanation: Network segmentations divides your network into segments with each connection point protected with their own security features such as firewalls and IDS.

Security+ SY0-501 Main Domain 3.0 – Architecture and Design
Sub-Objective: 3.2 – “Given a scenario, implement secure network architecture concepts.”

Click Here for the CertBlaster Security+ SY0-501 Exam Simulator

Question 13

Which of the following BYOD security measures would allow separation between work and personal data?

          a) Device encryption

          b) Remote wipe

          c) Application control

          d) Storage segmentation

Answer: Storage segmentation

Explanation: Storage segmentation on a mobile device is used to keep persona and company data separate. Company data can also be encrypted by using storage segmentation.

Security+ SY0-501 Main Domain 3.0 – Architecture and Design
Sub-Objective: 3.2 – “Given a scenario, implement secure network architecture concepts.”

Question 14

UEFI is a new technology that is starting to replace the system BIOS and has several additional features. Which of these best identifies the security standard used along with UEFI to confirm that only trusted software and firmware is used to access a trusted operating system?

          a) HSM

          b) Secure Boot checking each digital certificate

          c) Attestation

          d) Hardware root of trust

Answer: Secure Boot checking each digital certificate

Explanation: Secure Boot is used in conjunction with UEFI to ensure the system boots from trusted software and firmware. HSM is a secure cryptographic processor. Attestation is a method of ensuring executable integrity against a set of known and trusted executables. The hardware root of trust is the first step in the chain of trust, which ensures a machine is able to boot to a trusted operating system.

Security+ SY0-501 Main Domain 3.0 – Architecture and Design
Sub-Objective: 3.3 – “Given a scenario, implement secure systems design.”

Question 15

Deploying least functionality along with disabling unnecessary ports and services are two methods of ________________. (Choose the best answer.)

          a) Attestation

          b) HSM

          c) Software trust

          d) Secure system design

Answer: Secure system design

Explanation: Deploying least functionality and disabling unnecessary ports and services are elements of secure system design. The least functionality concept restricts a user into having only the permissions necessary to perform his/her duties. Disabling unnecessary ports and services reduces the attack surface of the system.

Security+ SY0-501 Main Domain 3.0 – Architecture and Design
Sub-Objective: 3.3 – “Given a scenario, implement secure systems design.”

Question 16

The three step process of authentication, authorization, and accounting, is usually referred to as which of the following choices below?

          a) Multifactor authentication

          b) Ticket-granting

          c) The AAA model

          d) Nonrepudiation

Answer: The AAA model

Explanation: AAA stands for authentication, authorization and accounting. It refers to the security architecture for distributed systems for controlling which users are allowed access to which services, and tracking which resources they have used.

Security+ SY0-501 Main Domain 4.0 – Identity and Access Management
Sub-Objective: 4.1 – “Compare and contrast identity and access management concepts.”

Question 17

Which term describes the automatic creation of a two-way relationship between child and parent domains in a Microsoft AD forest?

          a) OAuth

          b) Open ID Connect

          c) Transitive trust

          d) Shibboleth

Answer: Transitive trust

Explanation: Transitive trusts are created automatically in the Microsoft Active Directory (AD) forest. The other choices describe federated SSO systems.

Security+ SY0-501 Main Domain 4.0 – Identity and Access Management
Sub-Objective: 4.1 – “Compare and contrast identity and access management concepts.”

Question 18

Multifactor authentication uses at least two of three possible authentication methods to identify a user. Which of the following is not one of the generally accepted methods?

          a) Passwords

          b) Biometrics

          c) Digital Signatures

          d) Tokens

Answer: Digital Signatures

Explanation: Multifactor authentication requires identification from at least one means of authentication from at least two of three factors. Common factors are something you know, something you have and something about you.

Security+ SY0-501 Main Domain 4.0 – Identity and Access Management
Sub-Objective: 4.1 – “Compare and contrast identity and access management concepts.”

Question 19

Also known as LDAPS, which protocol enabled connection allows authentication to the Microsoft DC and provides additional services?

          a) LDAP+

          b) XTACACS

          c) Secure LDAP

          d) LDAP

Answer: Secure LDAP

Explanation: Secure LDAP is essential to maintaining a secure connection with the Microsoft DC. The protocol provides transport of services and applications while allowing secure authentication.

Security+ SY0-501 Main Domain 4.0 – Identity and Access Management
Sub-Objective: 4.2 – “Given a scenario, install and configure identity and access services.”

Question 20

Choose the biometric authentication method that uses nodal points to identify the user.

          a) Iris scanner

          b) Retinal scanner

          c) Facial recognition

          d) All of these

Answer: Facial recognition

Explanation: Facial recognition software creates a map of data points from an image of the user’s face such as the size of the eyes, width of the nose, and shape of the jawline. These data points are referred to as nodal points.

Security+ SY0-501 Main Domain 4.0 – Identity and Access Management
Sub-Objective: 4.3 – “Given a scenario, implement identity and access management controls.”

Question 21

Your company’s standard operating procedure for onboarding includes an agreement targeted at minimizing the security risks involving transmitted data. What is the name of this agreement?

          a) MOU

          b) ISA

          c) BPA

          d) SLA

          e) NDA

Answer: ISA

Explanation: An Interconnection Security Agreement (ISA) is intended to address the security of transmitted data of both parties in the agreement. This includes VPN tunnels and any data transmitted over the network.

Security+ SY0-501 Main Domain 5.0 – Risk Management
Sub-Objective: 5.1 – “Explain the importance of policies, plans and procedures related to organizational security.”

Question 22

Which personnel management policy involves securing all sensitive data regardless of format (paper or digital) when an employee’s workspace will be unattended?

          a) Job rotation

          b) Mandatory vacations

          c) Separation of duties

          d) None of these

Answer: None of these

Explanation: Clean desk policy is a workspace security policy dealing with securing all sensitive data regardless of format when a workspace will be unattended. The other answers involve how, where, and when an employee works.

Security+ SY0-501 Main Domain 5.0 – Risk Management
Sub-Objective: 5.1 – “Explain the importance of policies, plans and procedures related to organizational security.”

Question 23

Which risk strategy is in use if a company is NOT implementing a countermeasure to a risk while realizing the potential risk?

          a) Risk acceptance

          b) Risk assessment

          c) Risk transference

          d) Risk mitigation

Answer: Risk acceptance

Explanation: Although not recommended, once a risk has been identified, it can be decided to continue without taking any countermeasures. This is known as risk acceptance.

Security+ SY0-501 Main Domain 5.0 – Risk Management
Sub-Objective: 5.3 – “Explain risk management processes and concepts.”

Question 24

What is considered an acceptable level of risk?

          a) There is an industry standard risk level (RFC 1027-59b).

          b) The acceptable risk level is determined by each organization individually.

          c) Generally there are three (3) standard risk level designations. Tier 1 has the best balance of security and accessibility.

          d) No level of risk is acceptable.

Answer: The acceptable risk level is determined by each organization individually.

Explanation: Unless an organization has unlimited funds and resources they will not be able to secure everything under their control. In order to manage risk valuable assets are identified and an assessment of risk to those assets is made to create a list of critical vulnerabilities to be addressed.

Security+ SY0-501 Main Domain 5.0 – Risk Management
Sub-Objective: 5.3 – “Explain risk management processes and concepts.”

Question 25

Which of the following is an internal threat?

          a) System Failure

          b) Flood

          c) Fire

          d) Burglar

Answer: System Failure

Explanation: Only system failure could be considered an internal threat because the cause of the threat comes from within the organization.

Security+ SY0-501 Main Domain 5.0 – Risk Management
Sub-Objective: 5.3 – “Explain risk management processes and concepts.”

We hope you enjoyed this free practice test security plus sy0-501!
Trust Guard Security Scanned
Share This
Real Time Web Analytics