Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CompTIA Security+ SY0-601 Exam 100 exam cert prep questions and correct answers, Exams of Computer Security

CompTIA Security+ SY0-601 Exam 100 exam cert prep questions and correct answers

Typology: Exams

2023/2024

Available from 06/28/2024

studyroom
studyroom 🇺🇸

5

(1)

2.3K documents

1 / 80

Toggle sidebar

Related documents


Partial preview of the text

Download CompTIA Security+ SY0-601 Exam 100 exam cert prep questions and correct answers and more Exams Computer Security in PDF only on Docsity!

CompTIA Security+ SY0-

601 Exam 100 exam cert

prep questions and

correct answers

CompTIA Security+ SY0-601 Exam 100 exam cert prep questions and correct answers

1.A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities. Which of the following would BEST meet this need? A. CVE B. SIEM C. SOAR D. CVSS Answer: D Explanation: The Common Vulnerability Scoring System (CVSS) is a system widely used in vulnerability management programs. CVSS indicates the severity of an information security vulnerability, and is an integral component of many vulnerability scanning tools.

  1. Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident? A. MOU B. MTTR C. SLA D. NDA Answer: C Explanation: Service level agreement (SLA). An SLA is an agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
  1. Which of the following describes the BEST approach for deploying application patches? A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems. B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment Answer: A
  2. An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:

A. business continuity plan B. communications plan. C. disaster recovery plan. D. continuity of operations plan Answer: C

  1. An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high- definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.) A. Voice B. Gait C. Vein D. Facial E. Retina F. Fingerpri nt Answer: B,D
  2. Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations? A. Least privilege B. Awareness training C. Separation of duties

D. Mandatory vacation Answer: C Explanation: Separation of duties - is a means of establishing checks and balances against the possibility that critical system or procedures can be compromised by insider threats. Duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers.

  1. A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review? A. Vulnerability feeds

B. Trusted automated exchange of indicator information C. Structured threat information expression D. Industry information-sharing and collaboration groups Answer: D

  1. A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement? A. Discretionary B. Rule-based C. Role-based D. Mandato ry Answer: D
  2. Which of the following describes the ability of code to target a hypervisor from inside A. Fog computing B. VM escape C. Software-defined networking D. Image forgery E. Container breakout Answer: B Explanation: Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. https://whatis.techtarget.com/definition/virtual-machine- escape#:~:text=Virtual machine escape is an,VMs) running on t hat host.
  1. A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case? A. SPIM B. Vishing C. Spear phishing D. Smishin g Answer: D
  2. A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture

while also protecting the company’s data? A. Containerization B. Geofencing C. Full-disk encryption D. Remote wipe Answer: A Explanation: https://www.hexnode.com/blogs/what-is-containerization-and-why-is- it-important-for- your-business/

  1. Which of the following BEST explains the difference between a data owner and a data custodian? A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data Answer: B Explanation: Data Owner - the administrator/CEO/board/president of a company Data custodian - the ones taking care of the actual data - like IT staff (generally) or HR staff (for HR- related data) https://security.stackexchange.com/questions/218049/what-is-the- difference-between-data-owner-data-custodian-and-system-owner https://www.nicola askham.com/blog/2019/4/12/whats-the-difference-

between-data-owners-and-data- custodians

13. HOTSPOT

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation: Web serverBotnet Enable DDoS protectionUser RAT Implement a host- based IPS Database server Worm Change the default application passwordExecutive KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA using push notification

  1. Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.) A. Alarms B. Signage C. Lighting D. Mantraps E. Fencing F. Sensors Answer: D,E
  2. A small business just recovered from a ransomware attack against

its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery? A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis B. Restrict administrative privileges and patch ail systems and applications. C. Rebuild all workstations and install new antivirus software

D. Implement application whitelisting and perform user application hardening Answer: A

  1. A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Salting the magnetic strip information B. Encrypting the credit card information in transit. C. Hashing the credit card numbers upon entry. D. Tokenizing the credit cards in the database Answer: C
  2. A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? A. Nmap B. Wireshark C. Autopsy D. DNSEnu m Answer: A Explanatio n: https://nmap.org/book/man-version-detection.html NMAP scans running services and can tell you what services are running
  3. An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance’s vulnerable state? A. The system was configured with weak default security settings.

B. The device uses weak encryption ciphers. C. The vendor has not supplied a patch for the appliance. D. The appliance requires administrative credentials for the assessment. Answer: C

  1. Which of the following refers to applications and systems that are used within an organization without consent or approval? A. Shadow IT B. OSINT

C. Dark web D. Insider threats Answer: A

  1. Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors? A. SSAE SOC 2 B. PCI DSS C. GDPR D. ISO 31000 Answer: C
  2. A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used? A. Man-in- the middle B. Spear-phishing C. Evil twin D. DNS poising Answer: D Explanation: DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer (or any other computer). https://en.wikipedia.org/wiki/DNS_spoofing
  1. A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select? A. 0 B. 1 C. 5 D. 6 Answer: B
  2. Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A. DLP

B. HIDS

C. EDR

D. NIPS

Answer: C

  1. An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization? A. Shadow IT B. An insider threat C. A hacktivist D. An advanced persistent threat Answer: D Explanation: https://www.imperva.com/learn/application-security/apt-advanced- persistent-threat/ https://csrc.nist.gov/glossary/term/advanced_persistent_threat
  2. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against. A. Loss of proprietary information B. Damage to the company’s reputation C. Social engineering D. Credential exposure Answer: A Explanation: In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information think phishing, spoofing. That is not

being demonstrated in this question. The company is protecting themselves from loss of proprietary information by clearing it all out. so that if anyone in the tour is looking to take it they will be out of luck

  1. A company has limited storage available and online presence that cannot for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time. In the event of a failure, which being maindful of the limited available storage space? A. Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape

rotations. B. Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m C. Implement nightly full backups every Sunday at 8:00 p.m D. Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00 Answer: B

  1. The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO’s concern? (Select TWO). A. Geolocation B. Time-of-day restrictions C. Certificates D. Tokens E. Geotagging F. Role-based access controls Answer: A,E
  2. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA? A. One-time passwords B. Email tokens

C. Push notifications D. Hardware authentication Answer: C

  1. An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers? A. SOU attack B. DLL attack C. XSS attack D. API attack Answer: C Explanatio n: Cross-site scripting attacks may occur anywhere that possibly malicious users are allowed to post unregulated material to a trusted website for the consumption of other valid users. The most common example can be found in bulletin-board websites which provide web based mailing list-style functionality. https://owasp.org/www-community/attacks/xss/ https://www.acunetix.com/websitesecurity/cross- site-scripting/

  1. In which of the following risk management strategies would cybersecurity insurance be used? A. Transference B. Avoidance C. Acceptance D. Mitigati

on Answer: A

  1. A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.) A. Dual power supply B. Off-site backups C. Automatic OS upgrades D. NIC teaming

E. Scheduled penetration testing F. Network-attached storage Answer: A,B Explanation: https://searchdatacenter.techtarget.com/definition/ resiliency

  1. A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring? A. Configure the perimeter firewall to deny inbound external connections to SMB ports. B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections. C. Deny unauthenticated users access to shared network folders. D. Verify computers are set to install monthly operating system, updates automatically. Answer: A
  2. A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring? A. Create a new acceptable use policy. B. Segment the network into trusted and untrusted zones. C. Enforce application whitelisting. D. Implement DLP at the network boundary. Answer: C