If you’re preparing for the Security+ SY0-501 exam, you might like to check your readiness with a few free practice test questions. This page includes six free practice test questions, one from each of the six domains in the Security+ SY0-501 exam. After you’re done, check out this page for six more.
Master Security+ Performance Based Questions Video
Security+ Practice Test Question 1
Q. Terwilliger installed code designed to enable his account automatically if he ever lost his job as a sidekick on a television show. The code was designed to reenable his account three days after it is disabled. Which of the following does this describe?
A. Logic bomb
B. Rootkit
C. Spyware
D. Ransomware
Answer at end of post.
Security+ Practice Test Question 2
Q. A penetration tester is running several tests on a server within your organization’s DMZ. The tester wants to identify the operating system of the remote host. Which of the following tools or methods are MOST likely to provide this information?
A. Banner grabbing
B. Vulnerability scan
C. Password cracker
D. Protocol analyzer
Answer at end of post.
Pass the Security+ SY0-501 exam the first time you take it
CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
Security+ Practice Test Question 3
Q. Your organization recently purchased a new hardware-based firewall. Administrators need to install it as part of a DMZ within the network. Which of the following references will provide them with the MOST appropriate instructions to install the firewall?
A. A regulatory framework
B. A non-regulatory framework
C. A general-purpose firewall guide
D. A vendor-specific guide
Answer at end of post.
Security+ Practice Test Question 4
Q. Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?
A. One-factor
B. Dual-factor
C. Something you are
D. Somewhere you are
D. Social engineering
Answer at end of post.
Available through LearnZapp on your mobile phone
Security+ Practice Test Question 5
Q. Martin has worked as a network administrator for several years within your Over time, he has been tasked with performing several jobs, including database administration and application development. Security personnel are concerned that his level of access represents a serious risk. Which of the following is the BEST solution to reduce this risk?
A. Mandatory vacations
B. Exit interview
C. Change management
D. Separation of duties
Answer at end of post.
Learn by listening
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
Over one hour and 20 minutes of audio from the “Remember This” blocks
Over three hours and 20 minutes of questions and answers on audio.
Security+ Practice Question 6
Q. An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it couldn’t meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid?
A. Digital signature
B. Integrity
C. Repudiation
D. Encryption
Answer at end of post.
You may also like to check out these Security+ blogs:
- Active Fingerprinting vs Passive Fingerprinting
- Ports
- Intrusion Detection Systems and Intrusion Prevention Systems
- DoS, Smurf, and Fraggle Attacks
- Three Factors of Authentication and Multifactor Authentication
SY0-501: Exam Answer 1
Q. Terwilliger installed code designed to enable his account automatically if he ever lost his job as a sidekick on a television show. The code was designed to reenable his account three days after it is disabled. Which of the following does this describe?
A. Logic bomb
B. Rootkit
C. Spyware
D. Ransomware
A is correct. A logic bomb is code that executes in response to an event. In this scenario, the logic bomb executes when it discovers the account is disabled (indicating Bob Terwilliger is no longer employed at the company). In this scenario, the logic bomb is creating a backdoor.
B is incorrect. A rootkit includes hidden processes, but it does not activate in response to an event.
C is incorrect. Spyware is software installed on user systems without their awareness or consent. Its purpose is often to monitor the user’s computer and the user’s activity.
D is incorrect. Ransomware demands payment as ransom.
Objective: 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
All Security+ domain objectives are fully explained in the
CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
SY0-501 Exam: Answer 2
Q. A penetration tester is running several tests on a server within your organization’s DMZ. The tester wants to identify the operating system of the remote host. Which of the following tools or methods are MOST likely to provide this information?
A. Banner grabbing
B. Vulnerability scan
C. Password cracker
D. Protocol analyzer
A is correct. Banner grabbing is a technique used to gain information about a remote server and it will identify the operating system of the system in the demilitarized zone (DMZ).
B is incorrect. A vulnerability scanner checks for vulnerabilities.
C is incorrect. A password cracker attempts to discover passwords.
D is incorrect. A protocol analyzer collects packets sent across a network and can be used to analyze the packets.
Objective: 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
SY0-501: Answer 3
Q. Your organization recently purchased a new hardware-based firewall. Administrators need to install it as part of a DMZ within the network. Which of the following references will provide them with the MOST appropriate instructions to install the firewall?
A. A regulatory framework
B. A non-regulatory framework
C. A general-purpose firewall guide
D. A vendor-specific guide
Answer D is correct. A vendor-specific guide for the new hardware-based firewall will have the most appropriate instructions for installing it.
A and B are incorrect. Frameworks (regulatory or non-regulatory) provide structures that can be followed for different purposes, but they wouldn’t be available for a specific firewall.
C is incorrect. A general-purpose guide will provide general instructions, but not instructions for a specific vendor’s firewall.
Objective: 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
If you’re looking for more information on the CompTIA Security+ exam, click here.
The link provides a listing of relevant blogs on the Get Certified Get Ahead site.
SY0-501: Answer 4
Q. Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?
A. One-factor
B. Dual-factor
C. Something you are
D. Somewhere you are
Answer A is correct. This is using one-factor authentication—something you know. The application uses the username for identification and the password for authentication. Note that even though the application is logging the location using Global Positioning System (GPS), there isn’t any indication that it is using this information for Dual-factor authentication requires another factor of authentication.
B is incorrect. If the application verified you were logging on from a specific GPS location as part of the authentication, it would be dual-factor authentication (something you know and somewhere you are).
C is incorrect. Something you are refers to biometric authentication methods.
D is incorrect. The somewhere you are authentication method verifies you are somewhere, such as in a specific GPS location, but this isn’t being used for authentication in this scenario.
Objective: 4.1 Compare and contrast identity and access management concepts.
SY0-501 Exam: Answer 5
Q. Martin has worked as a network administrator for several years within your Over time, he has been tasked with performing several jobs, including database administration and application development. Security personnel are concerned that his level of access represents a serious risk. Which of the following is the BEST solution to reduce this risk?
A. Mandatory vacations
B. Exit interview
C. Change management
D. Separation of duties
Answers D is correct. A separation of duties policy prevents any single person from performing multiple job functions that might allow the person to commit fraud. In this scenario, the administrator has accumulated privileges across several job functions, which represents the risk.
A is incorrect. A mandatory vacation policy is useful to discover fraud committed by an individual, but this scenario clearly indicates this individual controls too many job functions.
B is incorrect. An exit interview is performed when an employee leaves the organization.
C is incorrect. Change management ensures changes are reviewed before being
Objective: 5.1 Explain the importance of policies, plans and procedures related to organizational security.
SY0-501 Exam: Answer 6
Q. An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it couldn’t meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid?
A. Digital signature
B. Integrity
C. Repudiation
D. Encryption
A is correct. If Acme submitted the bid via email using a digital signature, it would provide proof that the bid was submitted by Acme. Digital signatures provide verification of who sent a message, non-repudiation preventing them from denying it, and integrity verifying the message wasn’t modified.
B is incorrect. Integrity verifies the message wasn’t modified.
C is incorrect. Repudiation isn’t a valid security concept.
D is incorrect. Encryption protects the confidentiality of data, but it doesn’t verify who sent it or provide non-repudiation.
Objective: 6.1 Compare and contrast basic concepts of cryptography.
If you want to take and pass the Security+ exam the first time you take it, check out the
CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.
Success is within your reach.