Download Free 2021 CompTIA Security+ SY0-601 Questions and Answers

test2022-05-31T03:14:55+00:00

By test CompTIA Security+, SY0-601, SY0-601 free dumps, SY0-601 free questions, SY0-601 pdf, SY0-601 practice test, SY0-601 questions and answers, SY0-601 study guide 0 Comments

CompTIA Security+ tends to the most recent online protection patterns and strategies – covering the most specialized abilities in hazard evaluation and the board, occurrence reaction, crime scene investigation, undertaking organizations, half breed/cloud activities, and security controls, guaranteeing superior at work.

We free share CompTIA Security+ SY0-601 Questions and Answers for you to practice online, it can help you test your skills in the preparation of CompTIA Security+ SY0-601 exam. If you prepare with our SY0-601 full version, you can pass your SY0-601 exam and get CompTIA Security+ certification in an easy way.

Page 1 of 12

1. Preconfigure the client for an incoming guest.

The guest AD credentials are:

User: guest01

Password: guestpass

2. Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody.

Which of the following should Ann use?

Chain of custody

Checksums

Non-repudiation

Legal hold

3. After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker.

Which of the following will the company MOST likely review to trace this transaction?

The public ledger

The NetFlow data

A checksum

The event log

4. A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided.

During which of the following stages of the response process will this activity take place?

Recovery

Identification

Lessons learned

Preparation

5. A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network.

Which of the following would be BEST to help mitigate this concern?

Create consultant accounts for each region, each configured with push MFA notifications.

Create one global administrator account and enforce Kerberos authentication

Create different accounts for each region. limit their logon times, and alert on risky logins

Create a guest account for each region. remember the last ten passwords, and block password reuse

6. To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials.

Which of the following will BEST ensure the site’s users are not compromised after the reset?

A password reuse policy

Account lockout after three failed attempts

Encrypted credentials in transit

A geofencing policy based on login history

7. A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization’s network.

Which of the following will the analyst MOST likely use to accomplish the objective?

A table exercise

NST CSF

MTRE ATT$CK

OWASP

8. Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Block cipher

Hashing

Private key

Perfect forward secrecy

Salting

Symmetric keys

9. A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has Just informed investigators that other log files are available for review.

Which of the following did the administrator MOST likely configure that will assist the investigators?

Memory dumps

The syslog server

The application logs

The log retention policy

10. Which of the following types of controls is a turnstile?

Physical

Detective

Corrective

Technical

Page 2 of 12

11. Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?

OWASP

Vulnerability scan results

NIST CSF

Third-party libraries

12. An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely.

Which of the following is the organization experiencing?

Reputation damage

Identity theft

Anonymlzation

Interrupted supply chain

13. A user is concerned that a web application will not be able to handle unexpected or random input without crashing.

Which of the following BEST describes the type of testing the user should perform?

Code signing

Fuzzing

Manual code review

Dynamic code analysis

14. A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred.

Which of the following is the analyst MOST likely seeing?

A)

Option A

Option B

Option C

Option D

15. An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model.

Which of the following BEST describes the configurations the attacker exploited?

Weak encryption

Unsecure protocols

Default settings

Open permissions

16. A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP.

Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Segmentation

Firewall whitelisting

Containment

isolation

17. A company has drafted an insider-threat policy that prohibits the use of external storage devices.

Which of the following would BEST protect the company from data exfiltration via removable media?

Monitoring large data transfer transactions in the firewall logs

Developing mandatory training to educate employees about the removable media policy

Implementing a group policy to block user access to system files

Blocking removable-media devices and write capabilities using a host-based security tool

18. An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions.

Which of the following sources of information would BEST support this solution?

Web log files

Browser cache

DNS query logs

Antivirus

19. An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications.

Which of the following BEST represents the type of testing that will occur?

Bug bounty

Black-box

Gray-box

White-box

20. 1.Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection.

Which of the following should administrator implement to protect the environment from this malware?

Install a definition-based antivirus.

Implement an IDS/IPS

Implement a heuristic behavior-detection solution.

Implement CASB to protect the network shares.

Page 3 of 12

21. Which of the following represents a biometric FRR?

Authorized users being denied access

Users failing to enter the correct PIN

The denied and authorized numbers being equal

The number of unauthorized users being granted access

22. The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities.

Which of the following would BEST help the team ensure the application is ready to be released to production?

Limit the use of third-party libraries.

Prevent data exposure queries.

Obfuscate the source code.

Submit the application to QA before releasing it.

23. An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab.

Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

The theft of portable electronic devices

Geotagging in the metadata of images

Bluesnarfing of mobile devices

Data exfiltration over a mobile hotspot

24. A network administrator at a large organization Is reviewing methods to improve the security of the wired LAN Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only.

Which of the following should the administrator recommend?

802.1X utilizing the current PKI infrastructure

SSO to authenticate corporate users

MAC address filtering with ACLs on the router

PAM for user account management

25. A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague.

Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

Create an OCSP

Generate a CSR

Create a CRL

Generate a .pfx file

26. An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload.

Which of the following services would BEST meet the criteria?

TLS

PFS

ESP

27. During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode.

Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

Check the SIEM for failed logins to the LDAP directory.

Enable MAC filtering on the switches that support the wireless network.

Run a vulnerability scan on all the devices in the wireless network

Deploy multifactor authentication for access to the wireless network

Scan the wireless network for rogue access points.

Deploy a honeypot on the network

28. A small company that does not have security staff wants to improve its security posture.

Which of the following would BEST assist the company?

MSSP

SOAR

IaaS

PaaS

29. After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company.

Which of the following risk management strategies is the manager adopting?

Risk acceptance

Risk avoidance

Risk transference

Risk mitigation

30. A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message.

Which of the following is the MOST likely cause of the issue?

The S/MME plug-in is not enabled.

The SLL certificate has expired.

Secure IMAP was not implemented

POP3S is not supported.

Page 4 of 12

31. The cost of '©movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer <CSO) has several concerns about proprietary data being exposed once the interconnections are established.

Which of the following security features should the network administrator implement lo prevent unwanted data exposure to users in partner laboratories?

VLAN zoning with a file-transfer server in an external-facing zone

DLP running on hosts to prevent file transfers between networks

NAC that permits only data-transfer agents to move data between networks

VPN with full tunneling and NAS authenticating through the Active Directory

32. A company has limited storage available and online presence that cannot for more than four hours.

Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space?

Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations.

Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m

Implement nightly full backups every Sunday at 8:00 p.m

Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00

33. A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

Secure cookies

Input validation

Code signing

Stored procedures

34. An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports.

Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)?

SFTP FTPS

SNMPv2 SNMPv3

HTTP, HTTPS

TFTP FTP

SNMPv1, SNMPv2

Telnet SSH

TLS, SSL

POP, IMAP

35. An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device.

Which of the following MDM configurations must be considered when the engineer travels for business?

Screen locks

Application management

Geofencing

Containerization

36. A security engineer has enabled two-factor authentication on all workstations.

Which of the following approaches are the MOST secure? (Select TWO).

Password and security question

Password and CAPTCHA

Password and smart card

Password and fingerprint

Password and one-time token

Password and voice

37. A security administrator suspects there may be unnecessary services running on a server.

Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Nmap

Wireshark

Autopsy

DNSEnum

38. An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com. The attacker's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users.

Which of the following social-engineering attacks does this describe?

Information elicitation

Typo squatting

Impersonation

Watering-hole attack

39. A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message.

Which of the following actions MOST likely supports an investigation for fraudulent submission?

Establish chain of custody

Inspect the file metadata

Reference the data retention policy

Review the email event logs

40. A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members.

Which of the following should the administrator implement?

DAC

ABAC

SCAP

SOAR

Page 5 of 12

41. A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime.

Which of the following would BEST meet this objective? (Choose two.)

Dual power supply

Off-site backups

Automatic OS upgrades

NIC teaming

Scheduled penetration testing

Network-attached storage

42. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Unsecure protocols

Use of penetration-testing utilities

Weak passwords

Included third-party libraries

Vendors/supply chain

Outdated anti-malware software

43. A security analyst is reviewing the following command-line output:

Which of the following Is the analyst observing?

IGMP spoofing

URL redirection

MAC address cloning

DNS poisoning

44. A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked.

Which of the following would BEST these requirement?

OCSP

CRL

CSR

45. The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Password history

Account expiration

Password complexity

Account lockout

46. An organization needs to implement more stringent controls over administrator/root credentials and service accounts.

Requirements for the project include:

✑ Check-in/checkout of credentials

✑ The ability to use but not know the password

✑ Automated password changes

✑ Logging of access to credentials

Which of the following solutions would meet the requirements?

OAuth 2.0

Secure Enclave

A privileged access management system

An OpenID Connect authentication system

47. A user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides.

Which of the following authentication concepts are in use?

Something you know, something you have, and somewhere you are

Something you know, something you can do, and somewhere you are

Something you are, something you know, and something you can exhibit

Something you have, somewhere you are, and someone you know

48. Which of the following is the correct order of volatility from MOST to LEAST volatile?

Memory, temporary filesystems, routing tables, disk, network storage

Cache, memory, temporary filesystems, disk, archival media

Memory, disk, temporary filesystems, cache, archival media

Cache, disk, temporary filesystems, network storage, archival media

49. A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use.

Which of the following should the engineer do to determine the issue? (Choose two.)

Perform a site survey

Deploy an FTK Imager

Create a heat map

Scan for rogue access points

Upgrade the security protocols

Install a captive portal

50. A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed.

Which of the following is required to assess the vulnerabilities resident in the application?

Repository transaction logs

Common Vulnerabilities and Exposures

Static code analysis

Non-credentialed scans

Page 6 of 12

51. After entering a username and password, and administrator must gesture on a touch screen.

Which of the following demonstrates what the administrator is providing?

Multifactor authentication

Something you can do

Biometric

Two-factor authentication

52. An organization has decided to host its web application and database in the cloud.

Which of the following BEST describes the security concerns for this decision?

Access to the organization's servers could be exposed to other cloud-provider clients

The cloud vendor is a new attack vector within the supply chain

Outsourcing the code development adds risk to the cloud provider

Vendor support will cease when the hosting platforms reach EO

53. A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer.

Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

Dual power supplies

A UPS

A generator

APDU

54. A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A rainbow table attack

A password-spraying attack

A dictionary attack

A keylogger attack

55. Which of the following utilize a subset of real data and are MOST likely to be used to assess the features and functions of a system and how it interacts or performs from an end user's perspective against defined test cases? (Select TWO).

Production

Test

Research and development

PoC

UAT

SDLC

56. During a security assessment, a security finds a file with overly permissive permissions.

Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

chflags

chmod

leof

setuid

57. In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts.

In which of the following incident response phases is the security engineer currently operating?

Identification

Preparation

Eradiction

Recovery

Containment

58. Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?

MOU

MTTR

SLA

NDA

59. A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.

Which of the following will the CISO MOST likely recommend to mitigate this risk?

Upgrade the bandwidth available into the datacenter

Implement a hot-site failover location

Switch to a complete SaaS offering to customers

Implement a challenge response test on all end-user queries

60. A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks.

Which of the following would be BEST for the security manager to use in a threat mode?

Hacktivists

White-hat hackers

Script kiddies

Insider threats

Page 7 of 12

61. An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.

Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

Using geographic diversity to have VPN terminators closer to end users

Utilizing split tunneling so only traffic for corporate resources is encrypted

Purchasing higher-bandwidth connections to meet the increased demand

Configuring QoS properly on the VPN accelerators

62. A hospital's administration is concerned about a potential loss of patient data that is stored on tablets. A security administrator needs to implement controls to alert the SOC any time the devices are near exits.

Which of the following would BEST achieve this objective?

Geotargeting

Geolocation

Geotagging

Geofencing

63. A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment.

Which of the following recommendations would BEST address the CSO’s concern?

Deploy an MDM solution.

Implement managed FD

Replace all hard drives with SEDs.

Install DLP agents on each laptop.

64. A large enterprise has moved all Hs data to the cloud behind strong authentication and

encryption A sales director recently had a laptop stolen and later, enterprise data was round to have been compromised database.

Which of the following was the MOST likely cause?

Shadow IT

Credential stuffing

SQL injection

Man-in-the-browser

Bluejacking

65. Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

Footprinting

White-box testing

A drone/UAV

Pivoting

66. A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations.

Which of the following would address the CSO's concerns?

SPF

DMARC

SSL

DKIM

TLS

67. A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications.

Which of the following implementations would be BEST to prevent the issue from reoccurring?

CASB

SWG

Containerization

Automated failover

68. A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess Its security.

Strategy for mitigating risks within the perimeter.

Which of the following solutions would BEST support the organization's strategy?

FIM

DLP

EDR

UTM

69. An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete.

Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.

incremental backups Monday through Friday at 6:00 p.m and full backups hourly.

Full backups Monday through Friday at 6:00 p.m and differential backups hourly.

70. A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees.

Which of the following controls. should the company consider using as part of its IAM strategy? (Select TWO).

A complex password policy

Geolocation

An impossible travel policy

Self-service password reset

Geofencing

Time-based logins

Page 8 of 12

71. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all white boars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Loss of proprietary information

Damage to the company’s reputation

Social engineering

Credential exposure

72. A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN.

Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

135

139

143

161

443

445

73. A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:

http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us

The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL:

http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us

Which of the following application attacks is being tested?

Pass-the-hash

Session replay

Object deference

Cross-site request forgery

74. A network administrator has been alerted that web pages are experiencing long load times.

After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

Which of the following is the router experiencing?

DDoS attack

Memory leak

Buffer overflow

Resource exhaustion

75. A security operations analyst is using the company's SIEM solution to correlate alerts.

Which of the following stages of the incident response process is this an example of?

Eradication

Recovery

Identification

Preparation

76. Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

Tabletop

Parallel

Full interruption

Simulation

77. A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports.

Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

Trusted Platform Module

A host-based firewall

A DLP solution

Full disk encryption

A VPN

Antivirus software

78. The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards.

Which of the following social-engineering techniques is the attacker using?

Phishing

Whaling

Typo squatting

Pharming

79. A company has determined that if its computer-based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment.

Which of the following must be less than 12 hours to maintain a positive total cost of ownership?

MTBF

RPO

RTO

MTTR

80. When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

Tokenization

Data masking

Normalization

Obfuscation

Page 9 of 12

81. Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity before sending him the prize.

Which of the following BEST describes this type of email?

Spear phishing

Whaling

Phishing

Vishing

82. A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.

Which of the following would BEST meet these requirements? (Select TWO).

Full-device encryption

Network usage rules

Geofencing

Containerization

Application whitelisting

Remote control

83. A security administrator is setting up a SIEM to help monitor for notable events across the enterprise.

Which of the following control types does this BEST represent?

Preventive

Compensating

Corrective

Detective

84. A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata.

Which of the following would be part of the images if all the metadata is still intact?

The GPS location

When the file was deleted

The total number of print jobs

The number of copies made

85. Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Integer overflow

Zero-day

End of life

Race condition

86. An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe.

To which of the following frameworks should the security officer map the existing controls? (Select TWO).

ISO

PCI DSS

SOC

GDPR

CSA

NIST

87. Which of the following refers to applications and systems that are used within an organization without consent or approval?

Shadow IT

OSINT

Dark web

Insider threats

88. Which of the following scenarios BEST describes a risk reduction technique?

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

A security control objective cannot be met through a technical change, so the company changes as method of operation

A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.

89. Which of the following BEST explains the difference between a data owner and a data custodian?

The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data

The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data

90. An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them.

Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

Voice

Gait

Vein

Facial

Retina

Fingerprint

Page 10 of 12

91. A security analyst b concerned about traffic initiated to the dark web from the corporate LAN.

Which of the following networks should he analyst monitor?

SFTP

Tor

IoC

92. Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

To provide data to quantity risk based on the organization's systems.

To keep all software and hardware fully patched for known vulnerabilities

To only allow approved, organization-owned devices onto the business network

To standardize by selecting one laptop model for all users in the organization

93. A security researcher has alerted an organization that its sensitive user data was found for sale on a website.

Which of the following should the organization use to inform the affected parties?

An incident response plan

A communications plan

A business continuity plan

A disaster recovery plan

94. A network engineer needs to build a solution that will allow guests at the company’s headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet.

Which of the following should the engineer employ to meet these requirements?

Implement open PSK on the APs

Deploy a WAF

Configure WIPS on the APs

Install a captive portal

95. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

96. Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems

Test the patches m a test environment apply them to the production systems and then apply them to a staging environment

Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment

97. A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet.

Which of the following would MOST likely allow the company to find the cause?

Checksums

Watermarks

Oder of volatility

A log analysis

A right-to-audit clause

98. Which of the following describes the ability of code to target a hypervisor from inside

Fog computing

VM escape

Software-defined networking

Image forgery

Container breakout

99. A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts.

Which of the following security practices would have addressed the issue?

A non-disclosure agreement

Least privilege

An acceptable use policy

Ofboarding

100. A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1,.

Which of the following BEST explains the findings?

Default settings on the servers

Unsecured administrator accounts

Open ports and services

Weak Data encryption

Page 11 of 12

101. A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports.

Which erf the following attacks in happening on the corporate network?

Man in the middle

Evil twin

Jamming

Rogue access point

Disassociation

102. A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text.

Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Create DLP controls that prevent documents from leaving the network

Implement salting and hashing

Configure the web content filter to block access to the forum.

Increase password complexity requirements

103. A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?

S/MIME

DLP

IMAP

HIDS

104. A security analyst Is hardening a Linux workstation and must ensure It has public keys forwarded to remote systems for secure login.

Which of the following steps should the analyst perform to meet these requirements? (Select TWO).

Forward the keys using ssh-copy-id.

Forward the keys using scp.

Forward the keys using ash -i.

Forward the keys using openssl -s.

Forward the keys using ssh-keyger.

105. Which of the following relets to applications and systems that are used within an organization without consent or approval?

Shadow IT

OSINT

Dark web

Insider threats

106. Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

Testing security systems and processes regularly

Installing and maintaining a web proxy to protect cardholder data

Assigning a unique ID to each person with computer access

Encrypting transmission of cardholder data across private networks

Benchmarking security awareness training for contractors

Using vendor-supplied default passwords for system passwords

107. The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk.

The security engineer is an example of a:

data controller.

data owner

data custodian.

data processor

108. A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message.

Which of the following BEST describes the cause of the error?

The examiner does not have administrative privileges to the system

The system must be taken offline before a snapshot can be created

Checksum mismatches are invalidating the disk image

The swap file needs to be unlocked before it can be accessed

109. After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices.

Which of the following will achieve the administrator's goal? (Select TWO).

Disabling guest accounts

Disabling service accounts

Enabling network sharing

Disabling NetBIOS over TCP/IP

Storing LAN manager hash values

Enabling NTLM

110. A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application.

Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

SIEM

DLP

CASB

SWG

Page 12 of 12

111. A security engineer is installing a WAF to protect the company’s website from malicious web requests over SSL.

Which of the following is needed to meet the objective?

A reverse proxy

A decryption certificate

A split-tunnel VPN

Load-balanced servers

112. HOTSPOT

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

113. Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime?

MSSP

Public cloud

Hybrid cloud

Fog computing

114. A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use.

Which of the following would add another factor of authentication?

Hard token

Retina scan

SMS text

Keypad PIN

115. Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences?

Stored procedures

Buffer overflows

Data bias

Code reuse

116. After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical.

Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

The IDS logs

The full packet capture data

The SIEM alerts

117. An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

Quarantining the compromised accounts and computers, only providing them with network access

Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.

Isolating the compromised accounts and computers, cutting off all network and internet access.

Logging off and deleting the compromised accounts and computers to eliminate attacker access.

118. While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior.

Which of the following is MOST likely occurring?

A RAT was installed and is transferring additional exploit tools.

The workstations are beaconing to a command-and-control server.

A logic bomb was executed and is responsible for the data transfers.

A fireless virus is spreading in the local network environment.

119. An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness.

Which of the following will the CSO MOST likely use?

An external security assessment

A bug bounty program

A tabletop exercise

A red-team engagement

Download Free 2021 CompTIA Security+ SY0-601 Questions and Answers

Download Free 2021 CompTIA Security+ SY0-601 Questions and Answers

Share this post

Author

Leave a Reply Cancel reply

Related Posts