SY0-501 PRACTICE Test (CompTIA Security, Computer
Science) 77 Multiple Choice Questions and Answers
1. Management within your organization has defined a use case to support confidentiality of
PII stored in a database. Which of the following solution will BEST need this need?
A. Hashing
B. Digital signature
C. Encryption
D. Smart card - ANSWER-C. Encryption
Encryption is the best choice to provide confidentiality of any type of information, including
Personally Identifiable Information (PII) stored in a database. Hashing will support a use case of
supporting integrity. Digital signatures will support a use case of supporting non-repudiation. A
smart card will support a use case of supporting authentication.
2. Management has implemented a policy stating that messages sent between upper-level
executives must arrive without any changes. The IT department is tasked with
implementing technical controls to meet this need. Which security goal does this address?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication - ANSWER-B. Integrity
Integrity provides assurances that data has not been modified and integrity is commonly enforced
with hashing. Confidentiality prevents unauthorized disclosure of data, but doesn’t address
,modifications of data. Availability ensures systems are up and operational when needed and uses
fault tolerance and redundancy methods. Authentication provides proof that users are who they
claim to be.
3. You organization recently implemented two servers that act as failover devices for each
other. Which security goal is your organization pursuing?
A. Obfuscation
B. Integrity
C. Confidentiality
D. Availability - ANSWER-D. Availability
Failover devices increase availability. A failover cluster uses redundant servers to ensure a
service will continue to operate even if one of the servers fails. Obfuscation methods attempt to
make something unclear or difficult to understand and are not related to failover devices.
Integrity methods ensure that data has not been modified. Confidentiality methods such as
encryption prevent the unauthorized disclosure of data.
4. You are tasked with improving the overall security for a database sever. Which of the
following is a preventive control that will assist with this goal?
A. Disabling unnecessary services
B. Identifying the initial baseline configuration
C. Monitoring logs for trends
D. Implementing a backup and restoration plan - ANSWER-A. Disabling
unnecessary services
,Disabling unnecessary services is one of several steps you can take to harden a server. It is a
preventive control because it helps prevent an incident. Identifying the initial baseline
configuration is useful to determine the security posture of the system, but by itself it doesn’t
prevent attacks. Monitoring logs and trend analysis are detective controls, not preventive
controls. A backup and restoration plan is a corrective control.
5. An IT department recently had its hardware budget reduced, but the organization still
expects them to maintain availability of services. Which of the following choices would
BEST help them maintain availability with a reduced budget?
A. Failover clusters
B. Virtualization
C. Bollards
D. Hashing - ANSWER-B. Virtualization
Virtualization provides increased availability because it is much easier to rebuild a virtual server
than a physical server after a failure. Virtualization supports a reduced budget because virtual
servers require less hardware, less space in a data center, less power, and less heating and air
conditioning. Failover clusters are more expensive. Bollards are physical barriers that block
vehicles. Hashing provides integrity, not availability.
6. You want to test new security controls before deploying them. Which of the following
technologies provides the MOST flexibility to meet this goal?
A. Baselines
B. Hardening techniques
C. Virtualization technologies
D. Patch management programs - ANSWER-C. Virtualization technologies
, Virtualization provides a high degree of flexibility when testing security controls because testers
can easily rebuild virtual systems or revert them using a snapshot. Baselines provide a known
starting point, but aren’t flexible because they stay the same. Hardening techniques make
systems more secure than their default configuration. Patch management programs ensure
patches are deployed, but do not test security controls.
7. You suspect that traffic in your network is being rerouted to an unauthorized router
within your network. Which of the following command-line tools would help you narrow
down the problem?
A. ping
B. tracert
C. ipconfig
D. netstat - ANSWER-B. tracert
You can use tracert to track packet flow through a network and if an extra router has been added
to your network, tracert will identify it. You can use ping to check connectivity with a remote
system, but it doesn’t show the route. The ipconfig command will show the network settings on a
Windows computer, but it doesn’t identify failed routers. Netstat shows active connections and
other network statistics on a local system, but it doesn’t identify network paths.
8. The First Bank of Springfield has been experiencing widespread fraud recently. Attackers
are transferring funds out of customer accounts to other banks. The bank began requiring
customers to obtain credentials in person at the bank. However, this hasn't reduced the
number of fraudulent transactions. After reviewing available logs, investigators
determined that these fraudulent transactions are conducted with the customer's actual
Science) 77 Multiple Choice Questions and Answers
1. Management within your organization has defined a use case to support confidentiality of
PII stored in a database. Which of the following solution will BEST need this need?
A. Hashing
B. Digital signature
C. Encryption
D. Smart card - ANSWER-C. Encryption
Encryption is the best choice to provide confidentiality of any type of information, including
Personally Identifiable Information (PII) stored in a database. Hashing will support a use case of
supporting integrity. Digital signatures will support a use case of supporting non-repudiation. A
smart card will support a use case of supporting authentication.
2. Management has implemented a policy stating that messages sent between upper-level
executives must arrive without any changes. The IT department is tasked with
implementing technical controls to meet this need. Which security goal does this address?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication - ANSWER-B. Integrity
Integrity provides assurances that data has not been modified and integrity is commonly enforced
with hashing. Confidentiality prevents unauthorized disclosure of data, but doesn’t address
,modifications of data. Availability ensures systems are up and operational when needed and uses
fault tolerance and redundancy methods. Authentication provides proof that users are who they
claim to be.
3. You organization recently implemented two servers that act as failover devices for each
other. Which security goal is your organization pursuing?
A. Obfuscation
B. Integrity
C. Confidentiality
D. Availability - ANSWER-D. Availability
Failover devices increase availability. A failover cluster uses redundant servers to ensure a
service will continue to operate even if one of the servers fails. Obfuscation methods attempt to
make something unclear or difficult to understand and are not related to failover devices.
Integrity methods ensure that data has not been modified. Confidentiality methods such as
encryption prevent the unauthorized disclosure of data.
4. You are tasked with improving the overall security for a database sever. Which of the
following is a preventive control that will assist with this goal?
A. Disabling unnecessary services
B. Identifying the initial baseline configuration
C. Monitoring logs for trends
D. Implementing a backup and restoration plan - ANSWER-A. Disabling
unnecessary services
,Disabling unnecessary services is one of several steps you can take to harden a server. It is a
preventive control because it helps prevent an incident. Identifying the initial baseline
configuration is useful to determine the security posture of the system, but by itself it doesn’t
prevent attacks. Monitoring logs and trend analysis are detective controls, not preventive
controls. A backup and restoration plan is a corrective control.
5. An IT department recently had its hardware budget reduced, but the organization still
expects them to maintain availability of services. Which of the following choices would
BEST help them maintain availability with a reduced budget?
A. Failover clusters
B. Virtualization
C. Bollards
D. Hashing - ANSWER-B. Virtualization
Virtualization provides increased availability because it is much easier to rebuild a virtual server
than a physical server after a failure. Virtualization supports a reduced budget because virtual
servers require less hardware, less space in a data center, less power, and less heating and air
conditioning. Failover clusters are more expensive. Bollards are physical barriers that block
vehicles. Hashing provides integrity, not availability.
6. You want to test new security controls before deploying them. Which of the following
technologies provides the MOST flexibility to meet this goal?
A. Baselines
B. Hardening techniques
C. Virtualization technologies
D. Patch management programs - ANSWER-C. Virtualization technologies
, Virtualization provides a high degree of flexibility when testing security controls because testers
can easily rebuild virtual systems or revert them using a snapshot. Baselines provide a known
starting point, but aren’t flexible because they stay the same. Hardening techniques make
systems more secure than their default configuration. Patch management programs ensure
patches are deployed, but do not test security controls.
7. You suspect that traffic in your network is being rerouted to an unauthorized router
within your network. Which of the following command-line tools would help you narrow
down the problem?
A. ping
B. tracert
C. ipconfig
D. netstat - ANSWER-B. tracert
You can use tracert to track packet flow through a network and if an extra router has been added
to your network, tracert will identify it. You can use ping to check connectivity with a remote
system, but it doesn’t show the route. The ipconfig command will show the network settings on a
Windows computer, but it doesn’t identify failed routers. Netstat shows active connections and
other network statistics on a local system, but it doesn’t identify network paths.
8. The First Bank of Springfield has been experiencing widespread fraud recently. Attackers
are transferring funds out of customer accounts to other banks. The bank began requiring
customers to obtain credentials in person at the bank. However, this hasn't reduced the
number of fraudulent transactions. After reviewing available logs, investigators
determined that these fraudulent transactions are conducted with the customer's actual
