CompTIA Security+ Practice Test Questions and Answers to Pass SY0 501 Exam

CompTIA Security+ Practice Exam Sample Questions and Answers

Security + certification from CompTIA is a globally recognized certification that helps you to gain essential security functions. The CompTIA Security + certification focus on the latest trends in risk management, risk mitigation, etc. This Security + certification gives you basic knowledge of cybersecurity and takes a plunge into the fantastic IT security career. Our comprehensive list of free CompTIA Security+ practice exam sy0 501 question and answers will help you to recap your exam preparation and quickly glance before stepping into the certification test. The objectives of the CompTIA Security+ practice questions are to evaluate you to better reflect today’s best practices for risk management and risk mitigation. Demand for Security+ has increased for a broader variety of job roles and earning a Security + certification demonstrates your skills covered in Security+ to get cybersecurity jobs. CompTIA Security+ practice tests exam sy0 501 questions and answers are prepared to help candidates to screen their skills and earn passing score before appearing in the test, practicing with these CompTIA Security+ exam sample questions will help you to get certified as a successful candidate having knowledge and skills to install and configure systems.

CompTIA Security+ Exam Details: https://certification.comptia.org/certifications/security

Exam Code: SY0-501

Duration: 90 minutes

No. of questions: 90

Passing score: 70%

Validated against: Pearson VUE

Format: Multiple choices

Exam Cost: 339 USD

Question 1

Which one of the following options is a harmful program that is used for disrupting the operations of a computer, collects or steal private and sensitive information and data or to get some kind of unauthorized access to the computer systems?

•          Spyware
•          Adware
•          Ransomware
•          Malware

Malware is a file or program that is dangerous for a computer system as it causes various kinds of issues in the working of the device. Moreover, malware is used by some potential intruders in order to steal or delete some valuable information and data. It is mostly used for unethical cyber crimes that may cause serious harm to the computer device and the user both. A computer device always have an anti malware software for preventing them from entering the computer system.

----------------------------------------------------------------------------------------------------------------------------

Question 2

Which one of the following options can be considered as the definition of a computer virus?

•          Software for computer operations
•          Can get executed itself without any type of interaction
•          Attach itself to some computer program and gets executed
•          None of the above

A computer virus is a malicious program that has the ability to spread from one device to another device. This operates by getting attached with some another computer program that executes the virus with itself. The virus can put the computer into serious damage and can corrupt important information and data.

-----------------------------------------------------------------------------------------------------------------------------

Question 3

Which one of the following options is referred to as an example of crypto malware?

•          Rootkit
•          Keylogger
•          Backdoor
•          Ransomware

Ransomware is usually devastated by some organizations or an individual. In this cyber world, privacy on information and data is a myth and ransomware is malicious software made for denying access to a computer. It gets spread with the phishing of email or by entering a website affected with ransomware. The victim has to pay a lot of money to recover the information and data lost because of the ransomware.

----------------------------------------------------------------------------------------------------------------------------

Question 4

Which one of the following options is a type of malware that restricts computer system access by locking the system or encrypting the files until the user performs a specific action or activity?

•          Adware
•          Spyware
•          Grayware
•          None of the above

Adware is different software that supports advertisement and it creates profit for the developers. Spyware is another unwanted software that does infiltration of the computer. It steals private information and internet usage. Grayware is usually not considered as a virus but still, it can be irritating and provides harm to the computer. Sometimes it sends unwanted pop up messages and tracks online behaviour of the user. It is the most annoying program that mostly enters the computer by visiting unsecure websites. But all of the three types of the program does not lock or encrypt the computer system.

---------------------------------------------------------------------------------------------------------------------------

Question 5

Which one of the following options is a standalone malicious program that usually propagates it on a computer network and puts a negative impact on the network bandwidth and resources of the system?

•          Worm
•          Trojan
•          Spyware
•          Spam

A computer worm is a different type of malicious program that makes its own copies from computer to computer. It silently gets executed with another program and damages the computer without knowing to the user. It depletes the resources of the computer and overloads the shared network. If the worm is not removed then it can take control over the entire computer system and it can affect the entire operating system.

-------------------------------------------------------------------------------------------------------------------------

Question 6

Which one of the following options is the type of program that performs harmful and unwanted operations in disguise of a useful and legitimate program?

•          Virus
•          Worm
•          Adware
•          Trojan horse

The trojan horse has all the functionalities that are expected from a good program but it also consists of a malicious code that is dangerous for the entire computer system. Sometimes it is very difficult to identify these kinds of malicious programs as they appear to be a useful program. Some potential intruders create these programs to steal and damage the information and data of a target user. It basically tricks the user all time and the user does not even have any idea about it.

-------------------------------------------------------------------------------------------------------------------------

Question 7

Which one of the following options is a collection of software tools that the hackers use for obtaining admin level access and mask intrusion to a computer network or the entire computer system?

•          Trojan
•          Backdoor
•          Rootkit
•          Adware

A rootkit is mostly used for getting advanced level access to a computer system but sometimes it gets associated with malware, virus and worms that can completely damage the computer system. Some of the developers make use of rootkit to experiment with their computer devices by installing some third party applications. Rootkit actually gets access to the restricted area of a computer system because these restricted areas have the risk of computer system getting compromised.

-----------------------------------------------------------------------------------------------------------------------------

Question 8

Which one of the following options is a type of computer program that tracks the key pressed by the user in order to steal their username, passwords and other credentials of the user?

•          Packet sniffer
•          Keylogger
•          Adware
•          Worm

Keylogger is basically used to track the keyboard buttons pressed by users. It gets installed in the computer without knowing by the user and records their key mapping and what they typed. It can record username, passwords and other aspects in the computer system. Keylogger is the easiest way to steal credentials of the target user so the user should be aware of these kinds of attacks especially when using some public computer that is used by multiple users.

------------------------------------------------------------------------------------------------------------------------

Question 9

Which one of the following options is a malicious program that steals user’s information and data without their consent?

•          Ransomware
•          Adware
•          Spyware
•          Crypto malware

Spyware basically is some malicious programs that steal private information from computer systems and they are attached with some executable programs. When a user installs the program where spyware attached, it also gets installed in the background. Spyware can be installed automatically to the system with the attachment of another program so the user should make use of secure websites to gather data.

------------------------------------------------------------------------------------------------------------------------------

Question 10

Which one of the following options is a networked host that is infected by malware and controlled by a hacker?

•          Honeypot
•          Bot
•          Worm
•          Trojan horse

Bots are utilized in the computer system in order to perform some repetitive operations such as search engine indexing and they are able to take full control over the computer system. They are basically called as the web crawlers that automatically perform some specific tasks.

------------------------------------------------------------------------------------------------------------------------------

Question 11

Which one of the following terms are applied to a collection of a compromised computer system that is used as a DDoS attack platform?

•          Malware
•          Adware
•          Botnet
•          Quarantine network

A botnet is basically a group of computer systems that are interconnected with each other in order to perform a specific malicious task. The botnet is controlled by hackers and third parties that launch attacks and transmit viruses and malware in other computer systems.

------------------------------------------------------------------------------------------------------------------------------

Question 12

Which one of the following options is a type of Trojan that helps to enable illegal and unauthorized access to a computer system remotely?

•          MaaS
•          Pcap
•          Pfsense
•          RAT

RAT basically stands for remote access Trojan in which the potential intruders get admin level access to a computer from a remote location with the help of a remote network connection. This is different from desktop sharing because it comes under malicious and criminal activities. RAT is sent to the target user in the form of a software or some fraud email or file that makes the computer compromise after getting installed. RAT is a harmful Trojan that needs to be prevented quickly because it directly send the information to the hacker and they can make use of the information to perform criminal activities.

-----------------------------------------------------------------------------------------------------------------------------

Question 13

Which one of the given options is a malicious program code that is activated by some specific event?

•          Dropper
•          Logic bomb
•          Retrovirus
•          Backdoor

A logic bomb is a small portion of a program code that is inserted by hackers intentionally within a software system that performs some malicious activities in some specific conditions accordingly. Some programmers hide the portion of code that can delete the data so they can make wrong use of it if needed.

---------------------------------------------------------------------------------------------------------------------------

Question 14

Which one of the following options is a legitimate and undocumented way to get access to a computer system or a program?

•          Backdoor
•          Rootkit
•          Trojan
•          Logic bomb

Backdoor is basically a method to bypass the encryption in the computer device that is used by programmers so they can perform troubleshooting or some other operation in some specific situations. This is like a backup plan for computer security when the system is completely compromised due to some malware or virus attack.

-----------------------------------------------------------------------------------------------------------------------------

Question 15

Which one of the following options is an unauthorized activity to steal or access private information by manipulating user in a way so they will disclose their information?

•          Social engineering
•          Privilege escalation
•          Pen testing
•          Shoulder surfing

In social engineering, the attackers perform psychological manipulation of a user to make them reveal their private information. Many users get targeted from this attack if they are unaware of these attacks. It only involves human interaction where some threat actors present themselves as a trustful person and trick the target users. Many of these attacks get successful and the target users get fooled. Social engineering does not require a lot of technical knowledge this is why it is more harmful for the target users.

--------------------------------------------------------------------------------------------------------------------------

Question 16

Which one of the following options is an activity in which fraud emails request the recipient to disclose their personal information such as credentials and then used by the attacker in the form of identity theft?

•          Watering hole attack
•          Phishing
•          Bluejacking
•          Vishing

Phishing is termed as a fraud attempt for getting access to private data of a user such as passwords and credentials. The target user gets email or message on their computer system where they mistakenly provide their details and gets victimized. It is mostly used to steal passwords and credit card details of the users. Sometimes the hacker makes phishing webpage which is a fraud webpage of a website. The user thinks it is the page of the genuine website and enters their username and passwords and gets tricked easily.

---------------------------------------------------------------------------------------------------------------------------

Question 17

Which one of the following options is a technique of social engineering where hacker send a legitimate request to the user for getting access to the private data in an unauthorized manner?

•          Backdoor
•          Shoulder surfing
•          Privilege escalation
•          None of the above

Backdoor, shoulder surfing and privilege escalation do not send a legitimate request to the user for unauthorized access. It is done in phishing attacks where the user gets fooled by some fraud email or message.  Shoulder surfing is also different in which the hacker see the target user information from their shoulder.

------------------------------------------------------------------------------------------------------------------------------

Question 18

Which one of the following options is referred to as the phishing scams that target a specific group of individuals?

•          Spoofing
•          Spear phishing
•          Vishing
•          Whaling

Spear phishing is basically an email spoofing attack where some company or individual gets targeted to get unauthorized access. These attacks are mostly done by perpetrators in order to take financial gains, the secret of trade or military details. It is never done by some random person to a random target. These are some high-level security attacks that put a higher impact on the target organization or individual.

-------------------------------------------------------------------------------------------------------------------------

Question 19

Which one of the given options is referred to as the phishing scams that target only some high position individuals of a company or organization?

•          Whaling
•          Pharming
•          Bluesnarfing
•          Bluejacking

Whaling is done to target some high ranking individuals such as bankers or executives that have a powerful position within their company. It is like reeling a big fish where hackers can even target the government. The high position users need to be educated enough to prevent these kinds of attacks because it can put a large impact on their entire organizations on a high scale.

-----------------------------------------------------------------------------------------------------------------------------

Question 20

Which one of the following options is the practice in which a telephone system is used for manipulating the user to reveal their private information?

•          Pharming
•          Whaling
•          Phishing
•          Vishing

In vishing, the hacker connects to the private phone number of the target users where some automatically generated messages are used to trick the user. For example, a user gets IVR message saying their bank account is compromised and ask them to reset their settings. Then they get another voice call where the IVR voice asks for bank details. Here, the target user gets tricked and reveal his bank detail and passwords.

-----------------------------------------------------------------------------------------------------------------------------

Question 21

Which one of the following options is an activity of getting unauthorized access to the computer system’s restricted area by following some other person?

•          Tailgating
•          Phishing
•          Vishing
•          None of the above

In tailgating, some unauthorized person follows an authorized individual to get access in some secure system or premise. For examples, in some secure premises, some retina scanners also don’t work if the authorized person holds the access door for another person. For preventing this, there must be security guards or camera surveillance to prevent unauthorized access.

----------------------------------------------------------------------------------------------------------------------------

Question 22

Which one of the following options is a type of social engineering attack that completely depends upon identity theft?

•          Shoulder surfing
•          Dumpster diving
•          Watering hole
•          Impersonation

In impersonation, a person plays the role of a trusted person or convinces the target user enough to make him fool and get access to their office or too sensitive information. The target person thinks he is talking to the person he knows but in reality, there is another person who is trying to get unauthorized access.

--------------------------------------------------------------------------------------------------------------------------------

Question 23

Which one of the following options is a practice of sifting through the collection of deleted documents that consists of private data and then using this data for performing social engineering attacks?

•          Dumpster diving
•          Shoulder surfing
•          Phishing
•          None of the above

Dumpster diving is a method that is used to recover data from some deleted trash and make use of it to perform some criminal and malicious activity. It is like finding treasure in someone other’s garbage. These attacks are basically done on a computer network where the deleted data can be some phone list, sticky notes or some other data that is used by the hacker to attack the target user.

------------------------------------------------------------------------------------------------------------------------------

Question 24

Which one of the following options is a situation where the hacker can see the display of a user or their keyboard to steal their information and credentials?

•          Spoofing
•          Shoulder surfing
•          Tailgating
•          None of the above

Shoulder surfing is a social engineering attack in which the sensitive information of a user is stolen over their shoulder. This is mostly done into ATMs where the attacker tries to see the PIN number with using some vision-enhancing devices such as binoculars. These attacks mostly did in crowded areas where the target user is vulnerable the most. To prevent these attacks, the users must cover the key buttons by their hands or by taking some other cover.

---------------------------------------------------------------------------