Free CompTIA SYO-501 Practice Test & Real Exam Questions

Exam Code/Number: SYO-501
Exam Name/Title: CompTIA Security+ Certification Exam
Certification Provider: CompTIA
Corresponding Certification: Security+

Exam Questions: 715
Updated On: Jun 12, 2026

Question #11

A Chief Security Officer (CSO) has implemented a policy to prevent the reuse of hard drives due to the risk of information spillage to unauthorized users. Which of the following would be the MOST practical process to decommission the workstations?

A. Remove all the hard drives and purge them.

B. Remove all the hard drives and dispose of them in the trash.

C. Remove all the hard drives and degauss them.

D. Remove all the hard drives and shred the disks.

Discussion 0

Correct Answer: D Vote an answer

Question #12

A small enterprise decides to implement a warm site to be available for business continuity in case of a disaster. Which of the following BEST meets its requirements?

A. A fully operational site that has all the equipment in place and full data backup tapes on site

B. An operational site requiring some equipment to be relocated as well as data transfer to the site

C. A site used for its data backup storage that houses a full-time network administrator

D. A site staffed with personnel requiring both equipment and data to be relocated there in case of disaster

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #13

Which of the following is the BEST use of a WAF?

A. To maintain connection status of all HTTP requests

B. To deny access to all websites with certain contents

C. To allow access to web services of internal users of the organization

D. To protect sites on web servers that are publicly accessible

Discussion 0

Correct Answer: D Vote an answer

Question #14

A security analyst is reviewing the following log:

Which of the following should the analyst report to the security manager?

A. An external host is attempting to perform NAT traversal

B. A host is attempting to enumerate the firewall ACL using an Xmas scan

C. An external host is scanning an internal host for vulnerable services

D. Host 192-168.214.10 is performing a scan of well-known ports

Discussion 0

Correct Answer: C Vote an answer

Question #15

A security analyst received an after-hours alert indicating that a large number of accounts with the suffix "admin'' were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?

A. The threshold for locking out administrator accounts is too high, and it should be changed from five to three to prevent unauthorized access attempts.

B. The company has implemented time-of-day restrictions, and this triggered a false positive alert when the administrators tried to log in.

C. The administrator accounts do not have rigid password complexity rules, and this made them easier to crack.

D. The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack.

Discussion 0

Correct Answer: D Vote an answer

Question #16

The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9. and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following:

Which of the following should the security analyst request NEXT based on the UTM firewall analysis?

A. Request the application team to reconfigure the application and allow RPC communication.

B. Request the application team to allow TCP port 87 to listen on 10.17.36.5.

C. Request the network team to turn of IPS for 10.13.136.8 going to 10.17.36.5.

D. Request the network team to open port 1433 from 10.13.136.9 to 10.17.36.5.

Discussion 0

Correct Answer: D Vote an answer

Question #17

A government contracting company Issues smartphones lo employees lo enable access lo corporate resources. Several employees will need to travel to a foreign country (or business purposes and will require access lo their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?

A. Disable location services.

B. Disable wipe.

C. Disable push notification services.

D. Disable firmware OTA updates.

Discussion 0

Correct Answer: D Vote an answer

Question #18

An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network. Which of the following would be MOST appropriate based on the engineer's requirements?

A. NIPS

B. HIDS

C. Elastic load balancer

D. Web proxy

E. NAC

Discussion 0

Correct Answer: A Vote an answer

Question #19

Which of the following is an example of federated access management?

A. Applying a new user account with a complex password

B. Implementing a AAA framework for network access

C. Using a popular website login to provide access to another website

D. Windows passing user credentials on a peer-to-peer network

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).

Question #20

During a routine check, a security analyst discovered the script responsible for the backup of the corporate file server had been changed to the following.

Which of the following BEST describes the type of malware the analyst discovered?

A. Key logger

B. RAT

C. Logic bomb

D. Rootkit

Discussion 0

Correct Answer: C Vote an answer

Download Free CompTIA SYO-501 Demo

Simply submit your e-mail address below to get started with our free demo of your CompTIA SYO-501 exam.