[2026] CompTIA Security+ Certification - SYO-501 무료 시험 문제

문제1

Which of the following attacks can be mitigated by proper data retention policies?

A. Watering hole

B. Man-in-the-browser

C. Spear phishing

D. Dumpster diving

정답: D

문제2

A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost effective?

A. Purchase a load balancer and install a single certificate on the load balancer.

B. Create and install a self-signed certificate on each of the servers in the domain.

C. Purchase a wildcard certificate and implement it on every server.

D. Purchase individual certificates and apply them to the individual servers.

정답: A

문제3

Which of the following is MOST likely caused by improper input handling?

A. Breach of firewall ACLs

B. Power off reboot loop

C. Untrusted certificate warning

D. Loss of database tables

정답: D

문제4

A contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?

A. Retain the data for a period no more than one year.

B. Consult data disposition policies in the contract.

C. Burn hard copies containing PII or PHI

D. Use a pulper or pulverizer for data destruction.

정답: B

문제5

After successfully breaking into several networks and infecting multiple machines with malware. hackers contact the network owners, demanding payment to remove the infection and decrypt files. The hackers threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers?

A. Organized crime

B. Hacktivists

C. Insiders

D. Gray hat hackers

정답: A

설명: (Fast2test 회원만 볼 수 있음)

문제6

A security analyst performs a vulnerability scan on the local network. Several items are flagged on the report as being critical issues. The security analyst researches each of the vulnerabilities and discovers that one of the critical issues on the report was mitigated in a previous scan. Which of the following MOST likely happened?

A. A patch was removed

B. The tool has a high crossover error rate

C. A false positive occurred

D. A necessary service was not running

정답: C

문제7

A Chief Security Officer's (CSO's) key priorities are to improve preparation response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident

C. Implement application whitelisting and centralized event-log management and perform regular testing and validation of full backups.

D. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks

정답: A

문제8

A security analyst wants to obfuscate some code and decides to use ROT13. Which of the following is an example of the text "HELLO WORLD" in ROT13?

A. QYEBJ BYYRU

B. URYYB JBEYQ

C. DLROWOLLEH

D. KHOOR ZRUOG

정답: B

문제9

A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as 'Troj.Generic'. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company's network?

A. Botnet

B. Rootkit

C. Trojan

D. Spyware

정답: C

문제10

Two companies need to exchange a large number of confidential files Both companies run high availability UTM devices They do not want to use email systems to exchange the data Since the data needs to be exchanged m both directions, which of the following solutions should a security analyst recommend7

A. Establishing a site-to-site VPN between the two companies

B. Configuring the remote access feature on both UTMs

C. Configuring an FTP server in one company

D. Exchanging data by using a free cloud-storage product

정답: A

문제11

A buffer overflow can result in:

A. reduced key strength due to salt manipulation.

B. privilege escalation caused by TPN override.

C. loss of data caused by unauthorized command execution.

D. repeated use of one-time keys.

정답: B

문제12

Which of the following provides PFS?

A. AES

B. DHE

C. RC4

D. HMAC

정답: B

문제13

The Chief Information Officer (CIO) has heard concerns from the business and the help desk about frequent user account lockouts Which of the following account management practices should be modified to ease the burden?

A. Time-of-day restrictions

B. Account disablement

C. False-rejection rate

D. Password complexity

정답: D

문제14

A security analyst is determining the point of compromise after a company was hacked. The analyst checks the server logs and sees that a user account was logged in at night, and several large compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated. Which of the following should the security analyst recommend to prevent this type of attack in the future? (Select TWO).

A. Restrict the compromised user account.

B. Review and update the firewall settings.

C. Perform an audit of all company user accounts.

D. Create a honeypot to catch the hacker.

E. Enable a login banner prohibiting unauthorized use.

F. Disable all user accounts that are not logged in to for 180 days.

정답: B,F

CompTIA Security+ Certification - SYO-501무료 덤프문제 풀어보기

우리와 연락하기

유용한 링크

최신 업데이트