SY0-601 CompTIA Exam Questions and Free Practice Test

Jonnie Karnath2023-04-08T03:15:29+00:00

If you’re looking to pass the CompTIA SY0-601 exam, Certspot SY0-601 CompTIA exam questions and free practice test are an excellent choice. These SY0-601 questions and answers are designed to help you prepare for the exam by providing you with up-to-date and accurate information on the exam topics. One of the best things about Certspot SY0-601 CompTIA exam questions and free practice test is that it’s designed to be user-friendly and easy to understand. Whether you’re a beginner or an experienced professional, their preparation material will help you gain a better understanding of the subject matter and allow you to test your knowledge before the actual exam.

Page 1 of 16

1. Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Page files

Event logs

RAM

Cache

Stored files

HDD

2. A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data.

Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

A. Enable the remote-wiping option in the MDM software in case the phone is stolen.

B. Configure the MDM software to enforce the use of PINs to access the phone.

C. Configure MDM for FDE without enabling the lock screen.

D. Perform a factory reset on the phone before installing the company's applications.

3. A penetration tester was able to compromise a host using previously captured network traffic.

Which of the following is the result of this action?

Integer overflow

Race condition

Memory leak

Replay attack

4. 35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users―― HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp―admin/

Which of the following vulnerabilities is the attacker trying to exploit?

SSRF

CSRF

xss

SQLi

5. HOTSPOT

You received the output of a recent vulnerability assessment.

Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce.

Remediation options may be selected multiple times, and some devices may require more than one remediation.

If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.

6. An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue.

Which of the following attacks was used?

Cryptomalware

Hash substitution

Collision

Phishing

7. A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack.

While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customer name”.

Which of the following is most likely being attempted?

Directory traversal

SQL injection

Privilege escalation

Cross-site scripting

8. Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Vulnerability scanner

Open-source intelligence

Packet capture

Threat feeds

9. Which of the following environments can be stood up in a short period of time, utilizes either dummy

data or actual data, and is used to demonstrate and model system capabilities and functionality for a

fixed, agreed-upon

duration of time?

PoC

Production

Test

Development

10. Which of the following isa risk that is specifically associated with hesting applications iin the public cloud?

Unsecured root accounts

Zero day

Shared tenancy

Insider threat

Page 2 of 16

11. Which Of the following is the best method for ensuring non-repudiation?

SSO

Digital certificate

Token

SSH key

12. An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox.

Which of the following would be the best way for the security administrator to address this type of alert in the future?

Utilize a SOAR playbook to remove the phishing message.

Manually remove the phishing emails when alerts arrive.

Delay all emails until the retroactive alerts are received.

Ingest the alerts into a SIEM to correlate with delivered messages.

13. A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report.

Which of the following describes the administrator's activities?

Continuous deployment

Continuous integration

Continuous validation

Continuous monitoring

14. Which of the following involves the inclusion of code in the main codebase as soon as it is written?

Continuous monitoring

Continuous deployment

Continuous Validation

Continuous integration

15. Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Generators and UPS

Off-site replication

Additional warm site

Local

16. While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet.

Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Data loss prevention

Blocking IP traffic at the firewall

Containerization

File integrity monitoring

17. Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Hashing

DNS sinkhole

TLS inspection

Data masking

18. A security team is providing input on the design of a secondary data center that has the following requirements:

+ Anatural disaster at the primary site should not affect the secondary site. The secondary site should have the capability for failover during traffic surge situations.

+ The secondary site must meet the same physical security requirements as the primary site. The secondary site must provide protection against power surges and outages.

Which of the following should the security team recommend? (Select two).

Configuring replication of the web servers at the primary site to offline storage

Constructing the secondary site in a geographically disperse location

Deploying load balancers at the primary site

Installing generators

Using differential backups at the secondary site

Implementing hot and cold aisles at the secondary site

19. Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?

SSAE SOC 2

GDPR

PCI DSS

NIST CSF

20. A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources.

Which of the following types of attacks is the user MOST likely experiencing?

Bluejacking

Jamming

Rogue access point

Evil twin

Page 3 of 16

21. A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares.

Which of the following should the company implement?

DLP

CASB

HIDS

EDR

UEFI

22. Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

Crossover error rate

False match raw

False rejection

False positive

23. A security manager is attempting to meet multiple security objectives in the next fiscal year.

The security manager has proposed the purchase of the following four items:

Vendor A:

1- Firewall

1-12 switch

Vendor B:

1- Firewall

1-12 switch

Which of the following security objectives is the security manager attempting to meet? (Select two).

Simplified patch management

Scalability

Zero-day attack tolerance

Multipath

Replication

Redundancy

24. Which of the following is a primary security concern for a company setting up a BYOD program?

End of life

Buffer overflow

VM escape

Jailbreaking

25. Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

White team

Purple team

Green team

Blue team

Red team

26. A company is developing a new initiative to reduce insider threats.

Which of the following should the company focus on to make the greatest impact?

Social media analysis

Least privilege

Nondisclosure agreements

Mandatory vacation

27. A company has installed badge readers for building access but is finding unauthorized individuals roaming the hallways Of the following is the most likely cause?

Shoulder surfing

Phishing

Tailgating

Identity fraud

28. A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords.

Which of the following should the network analyst enable to meet the requirement?

MAC address filtering

802.1X

Captive portal

WPS

29. The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again.

Which of the following is MOST capable of accomplishing both tasks?

HIDS

Allow list

TPM

NGFW

30. DRAG DROP

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Page 4 of 16

31. A security administrator suspects there may be unnecessary services running on a server.

Which of the following tools will the administrator most likely use to confirm the suspicions?

Nmap

Wireshark

Autopsy

DNSEnum

32. A new plug-and-play storage device was installed on a PC in the corporate environment.

Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A. Change the default settings on the PC.

B. Define the PC firewall rules to limit access.

C. Encrypt the disk on the storage device.

D. Plug the storage device in to the UPS

33. DRAG DROP

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

34. Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Walk-throughs

Lessons learned

Attack framework alignment

Containment

35. A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter.

Which of the following is the BEST solution to reduce the risk of data loss?

Dual supply

Generator

PDU

Dally backups

36. The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.

Which of the following is the BEST security solution to reduce this risk?

CASB

VPN concentrator

MFA

VPC endpoint

37. An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders.

Which of the following kinds of controls describes this security method?

Detective

Deterrent

Directive

Corrective

38. A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which of the following types of attacks is being attempted and how can it be mitigated?

mplement a SIEM

CSR

implement an IPS

Directory traversal implement a WAF

SQL infection, mplement an IDS

39. A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.

The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:

✑ Mobile device OSs must be patched up to the latest release.

✑ A screen lock must be enabled (passcode or biometric).

✑ Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

Disable firmware over-the-air

Storage segmentation

Posture checking

Remote wipe

Full device encryption

Geofencing

40. A help desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks.

Which of the following should the technician do to validate the authenticity of the email?

Check the metadata in the email header of the received path in reverse order to follow the email’s path.

Hover the mouse over the CIO's email address to verify the email address.

Look at the metadata in the email header and verify the "From." line matches the CIO's email address.

Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Page 5 of 16

41. A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities.

Which of the following is the best solution to meet this objective?

SIEM

HIDS

CASB

EDR

42. A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses.

Which of the following will the engineer most likely recommended?

A content filter

AWAF

A next-generation firewall

An IDS

43. While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches.

Which of the following is the security analyst MOST likely observing?

SNMP traps

A Telnet session

An SSH connection

SFTP traffic

44. An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls.

Which of the following best describes these mitigations?

Corrective

Compensating

Deterrent

Technical

45. A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device.

Which of the following tools should the engineer select?

HIDS

NGF-W

DLP

46. After multiple on-premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats.

Which of the following can be used to optimize the incident response time?

CASB

VPC

SWG

CMS

47. A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext.

Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Create DLP controls that prevent documents from leaving the network.

Implement salting and hashing.

Configure the web content filter to block access to the forum.

Increase password complexity requirements.

48. A security administrator examines the ARP table of an access switch and sees the following output:

Which of the following is a potential threat that is occurring on this access switch?

DDoSonFa02 port

MAG flooding on Fa0/2 port

ARP poisoning on Fa0/1 port

DNS poisoning on port Fa0/1

49. The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers.

Which of the attacks has most likely occurred?

Privilege escalation

Buffer overflow

Resource exhaustion

Cross-site scripting

50. After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time.

Which of the following BEST explains what happened?

A The unexpected traffic correlated against multiple rules, generating multiple alerts.

B. Multiple alerts were generated due to an attack occurring at the same time.

C. An error in the correlation rules triggered multiple alerts.

D. The SIEM was unable to correlate the rules, triggering the alerts.

Page 6 of 16

51. A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down.

Which of the following should the web architect consider to address this concern?

Containers

Virtual private cloud

Segmentation

Availability zones

52. The application development team is in the final stages of developing a new healthcare application.

The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

Implementing a content filter

Anonymizing the data

Deploying DLP tools

Installing a FIM on the application server

53. After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session.

Which of the following types of attacks has occurred?

Privilege escalation

Session replay

Application programming interface

Directory traversal

54. Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

Quantitative risk assessment

Risk register

Risk control assessment

Risk matrix

55. A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running.

Which of the following should the engineer is to quickly contain the incident with the least amount of impact?

Configure firewall rules to block malicious inbound access.

Manually uninstall the update that contains the backdoor.

Add the application hash to the organization's blocklist.

Tum off all computers that have the application installed.

56. HOTSPOT

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infection and then deny each remaining hosts clean or infected.

57. A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage.

Which of the following is most likely the cause?

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

58. A security analyst is using OSINT to gather information to verify whether company data is available publicly.

Which of the following is the BEST application for the analyst to use?

the Harvester

Cuckoo

Nmap

Nessus

59. A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack.

Which of the following options will mitigate this issue without compromising the number of outlets available?

Adding a new UPS dedicated to the rack

Installing a managed PDU

Using only a dual power supplies unit

Increasing power generator capacity

60. A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats.

Which of the following should the security operations center implement?

the Harvester

Nessus

Cuckoo

Sn1per

Page 7 of 16

61. A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor.

Which of the following authentication methods should the systems administrator choose? (Select two).

passphrase

Time-based one-time password

Facial recognition

Retina scan

Hardware token

Fingerprints

62. Which of the following describes where an attacker can purchase DDoS or ransomware services?

Threat intelligence

Open-source intelligence

Vulnerability database

Dark web

63. A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website.

Which of the following best describes this type of attack?

Reconnaissance

Impersonation

Typo squatting

Watering-hole

64. Which of the following supplies non-repudiation during a forensics investigation?

Dumping volatile memory contents first

Duplicating a drive with dd

Using a SHA-2 signature of a drive image

Logging everyone in contact with evidence

Encrypting sensitive data

65. An organization needs to implement more stringent controls over administrator/root credentials and service accounts.

Requirements for the project include:

* Check-in/checkout of credentials

* The ability to use but not know the password

* Automated password changes

* Logging of access to credentials

Which of the following solutions would meet the requirements?

OAuth 2.0

Secure Enclave

A privileged access management system

An OpenID Connect authentication system

66. An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis.

Which of the following tools should the analyst use to further review the pcap?

Nmap

CURL

Neat

Wireshark

67. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Unsecure protocols

Use of penetration-testing utilities

Weak passwords

Included third-party libraries

Vendors/supply chain

Outdated anti-malware software

68. An organization wants seamless authentication to its applications.

Which of the following should the organization employ to meet this requirement?

SOAP

SAML

SSO

Kerberos

69. Which of the following would satisfy three-factor authentication requirements?

Password, PIN, and physical token

PIN, fingerprint scan, and ins scan

Password, fingerprint scan, and physical token

PIN, physical token, and ID card

70. A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage.

Which of the following is the best choice to achieve this objective?

Multipathing

RAID

Segmentation

8021.1

Page 8 of 16

71. As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners.

Which of the following will the company MOST likely implement?

TAXII

TLP

TTP

STIX

72. Which of the following should be addressed first on security devices before connecting to the network?

Open permissions

Default settings

API integration configuration

Weak encryption

73. Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

Devices with celular communication capabilities bypass traditional network security controls

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

These devices often lade privacy controls and do not meet newer compliance regulations

Unauthorized voice and audio recording can cause loss of intellectual property

74. A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems.

Which Of the following Company most likely complying with?

NIST CSF

GDPR

PCI OSS

ISO 27001

75. A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Capacity planning

Redundancy

Geographic dispersion

Tabletop exercise

76. Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

TOTP

Biometrics

Kerberos

LDAP

77. A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices.

Which of the following is a cost-effective approach to address these concerns?

Enhance resiliency by adding a hardware RAI

Move data to a tape library and store the tapes off-site

Install a local network-attached storage.

Migrate to a cloud backup solution

78. After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection.

Which of the following BEST describes the purpose of this device?

loT sensor

Evil twin

Rogue access point

On-path attack

79. A retail company that is launching @ new website to showcase the company’s product line and other information for online shoppers registered the following URLs:

* www companysite com

* shop companysite com

* about-us companysite com contact-us. companysite com secure-logon company site com

Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

A self-signed certificate

A root certificate

A code-signing certificate

A wildcard certificate

An extended validation certificate

80. A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring.

Which of the following concepts should the administrator utilize?

Provisioning

Staging

Development

Quality assurance

Page 9 of 16

81. A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched.

Which of the following should be done to prevent an attack like this from happening again? (Select three).

Install DLP software to prevent data loss.

Use the latest version of software.

Install a SIEM device.

Implement MD

Implement a screened subnet for the web server.

Install an endpoint security solution.

Update the website certificate and revoke the existing ones.

Deploy additional network sensors.

82. An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks.

Which of the following should the organization implement?

SIEM

SOAR

EDR

CASB

83. A company is enhancing the security of the wireless network and needs to ensure only employees

with a valid certificate can authenticate to the network.

Which of the following should the company implement?

PEAP

PSK

WPA3

WPS

84. Preconfigure the client for an incoming guest. The guest AD credentials are:

User: guest01

Password: guestpass

85. An organization is repairing the damage after an incident.

Which of the following controls is being implemented?

Detective

Preventive

Corrective

Compensating

86. Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations.

Which of the following documents did Ann receive?

An annual privacy notice

A non-disclosure agreement

A privileged-user agreement

A memorandum of understanding

87. During a recent cybersecurity audit, the auditors pointed out various types of vulnerabilities in the production area. The production area hardware runs applications that are critical to production.

Which of the following describes what the company should do first to lower the risk to the Production the hardware.

Back up the hardware.

Apply patches.

Install an antivirus solution.

Add a banner page to the hardware.

88. A security operations technician is searching the log named /vax/messages for any events that were associated with a workstation with the IP address 10.1.1.1.

Which of the following would provide this information?

cat /var/messages | grep 10.1.1.1

grep 10.1.1.1 | cat /var/messages

grep /var/messages | cat 10.1.1.1

cat 10.1.1.1 | grep /var/messages

89. A security administrator needs to provide secure access to internal networks for external partners

The administrator has given the PSK and other parameters to the third-party security administrator.

Which of the following is being used to establish this connection?

Kerberos

SSL/TLS

IPSec

SSH

90. A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.

Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

NIDS

MAC filtering

Jump server

IPSec

NAT gateway

Page 10 of 16

91. HOTSPOT

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

✑ WAP

✑ DHCP Server

✑ AAA Server

✑ Wireless Controller

✑ LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

92. Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public.

Which of the following security solutions would mitigate the risk of future data disclosures?

FDE

TPM

HIDS

VPN

93. During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP.

Which of the following BEST describes what is happening?

Birthday collision on the certificate key

DNS hijacking to reroute traffic

Brute force to the access point

ASSLILS downgrade

94. Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid.

Which of the following is impacted the MOST?

Identify theft

Data loss

Data exfiltration

Reputation

95. A financial institution recently joined a bug bounty program to identify security issues in the institution's new public platform.

Which of the following best describes who the institution is working with to identify security issues?

Script kiddie

Insider threats

Malicious actor

Authorized hacker

96. A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other.

Which of the following connection methods would BEST fulfill this need?

Cellular

NFC

Wi-Fi

Bluetooth

97. A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS.

Which of the following is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

The MRI vendor does not support newer versions of the O

Changing the OS breaches a support SLA with the MRI vendor.

The IT team does not have the budget required to upgrade the MRI scanner.

98. After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred.

Which Of the following describes the incident?

Supply chain attack

Ransomware attack

Cryptographic attack

Password attack

99. A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources.

Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

Identify rogue access points.

Check for channel overlaps.

Create heat maps.

Implement domain hijacking.

100. An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread.

Which of the following is the best course of action for the analyst to take?

Apply a DLP solution.

Implement network segmentation.

Utilize email content filtering.

Isolate the infected attachment.

Page 11 of 16

101. Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

EF x asset value

ALE / SLE

MTBF x impact

SLE x ARO

102. A security analyst needs to implement security features across smartphones. laptops, and tablets.

Which of the following would be the most effective across heterogeneous platforms?

Enforcing encryption

Deploying GPOs

Removing administrative permissions

Applying MDM software

103. 1.A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security.

Which f the following configuration should an analysis enable To improve security? (Select TWO.)

RADIUS

PEAP

WPS

WEP-EKIP

SSL

WPA2-PSK

104. An organization is repairing damage after an incident.

Which Of the following controls is being implemented?

Detective

Preventive

Corrective

Compensating

105. A security team discovered a large number of company-issued devices with non-work-related software installed.

Which of the following policies would most likely contain language that would prohibit this activity?

NDA

BPA

AUP

SLA

106. Which of the following controls would provide the BEST protection against tailgating?

Access control vestibule

Closed-circuit television

Proximity card reader

Faraday cage

107. A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier.

A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

Invalid trust chain

Domain hijacking

DNS poisoning

URL redirection

108. A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

Which of the following password attacks is taking place?

Dictionary

Brute-force

Rainbow table

Spraying

109. An organization wants to enable built-in FDE on all laptops.

Which of the following should the organization ensure is Installed on all laptops?

TPM

SAML

CRL

110. A company is concerned about individuals driving a car into the building to gain access.

Which of the following security controls would work BEST to prevent this from happening?

Bollard

Camera

Alarms

Signage

Access control vestibule

Page 12 of 16

111. Which of the following biometric authentication methods is the MOST accurate?

Gait

Retina

Signature

Voice

112. An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service.

Which of the following would be the best technology for the analyst to consider implementing?

DLP

VPC

CASB

Content filtering

113. Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur.

Which of the following Plans would fulfill this requirement?

Communication plan

Disaster recovery plan

Business continuity plan

Risk plan

114. A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private.".

Which of the following is the best way to fix this issue?

Ignore the warning and continue to use the application normally.

Install the certificate on each endpoint that needs to use the application.

Send the new certificate to the users to install on their browsers.

Send a CSR to a known CA and install the signed certificate on the application's server.

115. A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

RAT

PUP

Spyware

Keylogger

116. The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief

Information Security Officer to federate user digital identities using SAML-based protocols.

Which of the following will this enable?

SSO

MFA

PKI

OLP

117. An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services.

Given this output from Nmap:

Which of the following should the analyst recommend to disable?

21/tcp

22/tcp

23/tcp

443/tcp

118. A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash.

Which of the following is the next step according to the incident response process?

Recovery

Lessons learned

Containment

Preparation

119. A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds.

Which of the following types of attacks does this scenario describe?

Vishing

Phishing

Spear phishing

Whaling

120. Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Alarm

Signage

Lighting

Access control vestibules

Fencing

Sensors

Page 13 of 16

121. A global pandemic is forcing a private organization to close some business units and reduce staffing at others.

Which of the following would be best to help the organization's executives determine their next course of action?

An incident response plan

A communication plan

A disaster recovery plan

A business continuity plan

122. A company is moving to new location.

The systems administrator has provided the following server room requirements to the facilities staff:

✑ Consistent power levels in case of brownouts or voltage spikes

✑ A minimum of 30 minutes runtime following a power outage

✑ Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

Maintaining a standby, gas-powered generator

Using large surge suppressors on computer equipment

Configuring managed PDUs to monitor power levels

Deploying an appropriately sized, network-connected UPS device

123. Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities.

After further investigation, a security analyst notices the following:

• All users share workstations throughout the day.

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible.

• Sensitive data is being uploaded to external sites.

• All user account passwords were forced to be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?

Brute-force

Keylogger

Dictionary

Rainbow

124. Which of the following will increase cryptographic security?

High data entropy

Algorithms that require less computing power

Longer key longevity

Hashing

125. A company is required to continue using legacy software to support a critical service.

Which of the following BEST explains a risk of this practice?

Default system configuration

Unsecure protocols

Lack of vendor support

Weak encryption

126. An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected.

Which of the following techniques is the attacker using?

Watering-hole attack

Pretexting

Typosquatting

Impersonation

127. As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops.

The review yielded the following results.

• The exception process and policy have been correctly followed by the majority of users

• A small number of users did not create tickets for the requests but were granted access

• All access had been approved by supervisors.

• Valid requests for the access sporadically occurred across multiple departments.

• Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

128. A company wants the ability to restrict web access and monitor the websites that employees visit,.

Which Of the following would best meet these requirements?

Internet Proxy

VPN

WAF

Firewall

129. A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting.

Which of the following does this example describe?

laC

MSSP

Containers

SaaS

130. Which of the following would be used to find the most common web-applicalion vulnerabilities?

OWASP

MITRE ATT&CK

Cyber Kill Chain

SDLC

Page 14 of 16

131. Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team.

Which of the following would be MOST appropriate for the IT security team to analyze?

Access control

Syslog

Session Initiation Protocol traffic logs

Application logs

132. A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall.

Which of the following would be the best option to remove the rules?

# iptables -t mangle -X

# iptables -F

# iptables -2

# iptables -P INPUT -j DROP

133. An engineer is using scripting to deploy a network in a cloud environment.

Which the following describes this scenario?

SDLC

VLAN

SDN

SDV

134. A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner,.

Which of the following concepts describes this scenario?

Red-team exercise

Business continuity plan testing

Tabletop exercise

Functional exercise

135. Security engineers are working on digital certificate management with the top priority of making administration easier.

Which of the following certificates is the best option?

User

Wildcard

Self-signed

Root

136. A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze.

The analyst observes the following output:

Which of the following attacks does the analyst most likely see in this packet capture?

Session replay

Evil twin

Bluejacking

ARP poisoning

137. A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server.

Which of the following algorithms should the administrator use to split the number of the connections on each server in half?

Weighted response

Round-robin

Least connection

Weighted least connection

138. Which of the following authentication methods is considered to be the LEAST secure?

TOTP

SMS

HOTP

Token key

139. A security team will be outsourcing several key functions to a third party and will require that:

• Several of the functions will carry an audit burden.

• Attestations will be performed several times a year.

• Reports will be generated on a monthly basis.

Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

MOU

AUP

SLA

MSA

140. Which of the following conditions impacts data sovereignty?

Rights management

Criminal investigations

Healthcare data

International operations

Page 15 of 16

141. Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

VM escape

SQL injection

Buffer overflow

Race condition

142. An organization recently acquired an ISO 27001 certification.

Which of the following would MOST likely be considered a benefit of this certification?

It allows for the sharing of digital forensics data across organizations

It provides insurance in case of a data breach

It provides complimentary training and certification resources to IT security staff.

It certifies the organization can work with foreign entities that require a security clearance

It assures customers that the organization meets security standards

143. A software development manager wants to ensure the authenticity of the code created by the company.

Which of the following options is the most appropriate?

Testing input validation on the user input fields

Performing code signing on company-developed software

Performing static code analysis on the software

Ensuring secure cookies are used

144. During a security assessment, a security finds a file with overly permissive permissions.

Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

chflags

chmod

lsof

setuid

145. During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC.

Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Physical move the PC to a separate internet pint of presence

Create and apply micro segmentation rules.

Emulate the malware in a heavily monitored DM Z segment.

Apply network blacklisting rules for the adversary domain

146. A security engineer is hardening existing solutions to reduce application vulnerabilities.

Which of the following solutions should the engineer implement FIRST? (Select TWO)

Auto-update

HTTP headers

Secure cookies

Third-party updates

Full disk encryption

Sandboxing

Hardware encryption

147. A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks.

Which of the following would be the BEST control for the company to require from prospective vendors?

IP restrictions

Multifactor authentication

A banned password list

A complex password policy

148. Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

To provide data to quantify risk based on the organization's systems

To keep all software and hardware fully patched for known vulnerabilities

To only allow approved, organization-owned devices onto the business network

To standardize by selecting one laptop model for all users in the organization

149. The management team has requested that the security team implement 802.1X into the existing wireless network setup.

The following requirements must be met:

• Minimal interruption to the end user

• Mutual certificate validation

Which of the following authentication protocols would meet these requirements?

EAP-FAST

PSK

EAP-TTLS

EAP-TLS

150. A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system.

Which of the following is the CISO using to evaluate the environment for this new ERP system?

The Diamond Model of Intrusion Analysis

CIS Critical Security Controls

NIST Risk Management Framework

ISO 27002

Page 16 of 16

151. An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files.

Which of the following controls should the organization consider to mitigate this risk?

EDR

Firewall

HIPS

DLP

152. A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management.

Which of the following cloud models would best suit this company's priorities?

Public

Hybrid

Community

Private

153. The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office.

Which of the following should the CISO choose?

CASB

Next-generation SWG

NGFW

Web-application firewall

154. A security administrator is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used for administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

" Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements? (Give Explanation and Reference from CompTIA Security+ SY0-601 Official Text Book and Resources)

ABAC

SAML

PAM

CASB

155. A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26.

Which of the following describes this type of alert?

True positive

True negative

False positive

False negative

156. Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Compensating control

Network segmentation

Transfer of risk

SNMP traps

157. The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity.

Which of the following Is the BEST solution for the pilot?

Geofencing

Self-sovereign identification

PKl certificates

SSO

158. Which Of the following is a primary security concern for a setting up a BYOD program?

End of life

Buffer overflow

VM escape

Jailbreaking

Facebook Twitter LinkedIn Google + Email

SY0-601 CompTIA Exam Questions and Free Practice Test

SY0-601 CompTIA Exam Questions and Free Practice Test

Author

LEAVE A COMMENT Cancel reply

Related Posts