CompTIA Security+ Exam 2021 SY0-601 Practice Test Online

Regina2021-08-13T07:11:59+00:00

Since the English version of CompTIA Security+ certification SY0-501 exam has been retired, candidates need to take SY0-601 exam to complete their CompTIA Security plus certification. SY0-601 practice test from ITExamShop are online to provide actual exam questions with the verified answers. Candidates who use the CompTIA Security+ certification SY0-601 practice test questions can be ensured that they can pass CompTIA Security+ Exam 2021. There are 396 practice exam questions and answers in ITExamShop SY0-601 pdf file. Just read SY0-601 exam questions and try to understand and memorize them all to make sure you can answer actual CompTIA Security+ SY0-601 exam smoothly.

Read CompTIA Security Plus SY0-601 Free Questions To Check The Online Practice Test

Page 1 of 6

1. Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection.

Which of the following should administrator implement to protect the environment from this malware?

Install a definition-based antivirus.

Implement an IDS/IPS

Implement a heuristic behavior-detection solution.

Implement CASB to protect the network shares.

2. A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic.

Which of the following log sources would be BEST to show the source of the unusual traffic?

HIDS

UEBA

CASB

VPC

3. Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

An SLA

AnNDA

ABPA

AnMOU

4. A security analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization's new API to bypass a driver to perform privilege escalation on the organization's web servers. Upon looking at the API, the security analyst realizes the particular API call was to a legacy system running an outdated OS.

Which of the following is the MOST likely attack type?

Request forgery

Session replay

DLL injection

Shimming

5. A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process.

Which of the following methods would BEST accomplish this goal?

Salting the magnetic strip information

Encrypting the credit card information in transit.

Hashing the credit card numbers upon entry.

Tokenizing the credit cards in the database

6. An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them.

Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

Voice

Gait

Vein

Facial

Retina

Fingerprint

7. An organization is concerned that its hosted web servers are not running the most updated version of the software.

Which of the following would work BEST to help identify potential vulnerabilities?

hping3 -S corsptia.org -p 80

nc ―1 ―v comptia.org -p 80

nmap comptia.org -p 80 ―sV

nslookup -port=80 comptia.org

8. A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The file-sharing service is the same one used by company staff as one of its approved third-party applications. After further investigation, the security team

determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from reoccurring but does not want to impact existing business processes.

Which of the following would BEST meet the CSO's objectives?

DLP

SWG

CASB

Virtual network segmentation

Container security

9. A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices.

Which of the following solutions would BEST support the policy?

Mobile device management

Full-device encryption

Remote wipe

Biometrics

10. A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems.

Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?

Configure the DLP policies to allow all PII

Configure the firewall to allow all ports that are used by this application

Configure the antivirus software to allow the application

Configure the DLP policies to whitelist this application with the specific PII

Configure the application to encrypt the PII

Page 2 of 6

11. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly.

Which of the following technologies should the IT manager use when implementing MFA?

One-time passwords

Email tokens

Push notifications

Hardware authentication

12. A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer.

Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

Dual power supplies

A UPS

A generator

APDU

13. A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs.

Which of the following should the university use to BEST protect these assets deployed in the facility?

Visitor logs

Cable locks

Guards

Disk encryption

Motion detection

14. Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is

configured to use WPA3, AES, WPS, and RADIUS.

Which of the following should the analyst disable to enhance the access point security?

WPA3

AES

RADIUS

WPS

15. A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols.

A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

Allow DNS access from the internet.

Block SMTP access from the Internet

Block HTTPS access from the Internet

Block SSH access from the Internet.

16. A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network.

Which of the following would be BEST to help mitigate this concern?

Create consultant accounts for each region, each configured with push MFA notifications.

Create one global administrator account and enforce Kerberos authentication

Create different accounts for each region. limit their logon times, and alert on risky logins

Create a guest account for each region. remember the last ten passwords, and block password reuse

17. A company needs to centralize its logs to create a baseline and have visibility on its security events.

Which of the following technologies will accomplish this objective?

Security information and event management

A web application firewall

A vulnerability scanner

A next-generation firewall

18. A security auditor is reviewing vulnerability scan data provided by an internal security team.

Which of the following BEST indicates that valid credentials were used?

The scan results show open ports, protocols, and services exposed on the target host

The scan enumerated software versions of installed programs

The scan produced a list of vulnerabilities on the target host

The scan identified expired SSL certificates

19. An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft.

Which of the following would be the MOST acceptable?

SED

HSM

DLP

TPM

20. An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications.

Which of the following BEST represents the type of testing that will occur?

Bug bounty

Black-box

Gray-box

White-box

Page 3 of 6

21. An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day.

The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

The end user purchased and installed a PUP from a web browser

A bot on the computer is brute forcing passwords against a website

A hacker is attempting to exfiltrate sensitive data

Ransomware is communicating with a command-and-control server.

22. HOTSPOT

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

23. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all white boars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Loss of proprietary information

Damage to the company’s reputation

Social engineering

Credential exposure

24. A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced.

Which of the following MOST likely occurred?

Fileless malware

A downgrade attack

A supply-chain attack

A logic bomb

Misconfigured BIOS

25. The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers.

Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

Install a NIDS device at the boundary.

Segment the network with firewalls.

Update all antivirus signatures daily.

Implement application blacklisting.

26. An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload.

Which of the following services would BEST meet the criteria?

TLS

PFS

ESP

27. Which of the following describes the ability of code to target a hypervisor from inside

Fog computing

VM escape

Software-defined networking

Image forgery

Container breakout

28. A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release.

Which of the following BEST describes the tasks the developer is conducting?

Verification

Validation

Normalization

Staging

29. Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Risk matrix

Risk tolerance

Risk register

Risk appetite

30. Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Red team

While team

Blue team

Purple team

Page 4 of 6

31. Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff.

Which of the following would MOST likely help mitigate this issue?

DNSSEC and DMARC

DNS query logging

Exact mail exchanger records in the DNS

The addition of DNS conditional forwarders

32. A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers.

Which of the following frameworks should the management team follow?

Payment Card Industry Data Security Standard

Cloud Security Alliance Best Practices

ISO/IEC 27032 Cybersecurity Guidelines

General Data Protection Regulation

33. Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

To provide data to quantity risk based on the organization's systems.

To keep all software and hardware fully patched for known vulnerabilities

To only allow approved, organization-owned devices onto the business network

To standardize by selecting one laptop model for all users in the organization

34. A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices.

Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

Containerization

Geofencing

Full-disk encryption

Remote wipe

35. A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots.

Which of the following is the BEST defense against this scenario?

Configuring signature-based antivirus io update every 30 minutes

Enforcing S/MIME for email and automatically encrypting USB drives upon insertion.

Implementing application execution in a sandbox for unknown software.

Fuzzing new files for vulnerabilities if they are not digitally signed

36. DRAG DROP

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

37. A security operations analyst is using the company's SIEM solution to correlate alerts.

Which of the following stages of the incident response process is this an example of?

Eradication

Recovery

Identification

Preparation

38. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Unsecure protocols

Use of penetration-testing utilities

Weak passwords

Included third-party libraries

Vendors/supply chain

Outdated anti-malware software

39. A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.

Which of the following will the CISO MOST likely recommend to mitigate this risk?

Upgrade the bandwidth available into the datacenter

Implement a hot-site failover location

Switch to a complete SaaS offering to customers

Implement a challenge response test on all end-user queries

40. Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

A right-to-audit clause allowing for annual security audits

Requirements for event logs to be kept for a minimum of 30 days

Integration of threat intelligence in the company's AV

A data-breach clause requiring disclosure of significant data loss

Page 5 of 6

41. A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set.

Which of the following recommendations would BEST prevent this from reoccurring?

Create a new acceptable use policy.

Segment the network into trusted and untrusted zones.

Enforce application whitelisting.

Implement DLP at the network boundary.

42. After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session.

Which of the following types of attacks has occurred?

Privilege escalation

Session replay

Application programming interface

Directory traversal

43. A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The Oss are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery.

Which of the following resiliency techniques will provide these capabilities?

Redundancy

RAID 1+5

Virtual machines

Full backups

44. A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard.

Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

PCI DSS

ISO 22301

ISO 27001

NIST CSF

45. A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words.

Which of the following would be the BEST to use?

IDS solution

EDR solution

HIPS software solution

Network DLP solution

46. Which of the following BEST explains the difference between a data owner and a data custodian?

The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data

The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data

47. A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports.

Which erf the following attacks in happening on the corporate network?

Man in the middle

Evil twin

Jamming

Rogue access point

Disassociation

48. An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.

Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

Using geographic diversity to have VPN terminators closer to end users

Utilizing split tunneling so only traffic for corporate resources is encrypted

Purchasing higher-bandwidth connections to meet the increased demand

Configuring QoS properly on the VPN accelerators

49. A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet.

Which of the following should the analyst implement to authenticate the entire packet?

ESP

SRTP

LDAP

50. An organization is developing a plan in the event of a complete loss of critical systems and data.

Which of the following plans is the organization MOST likely developing?

Incident response

Communications

Disaster recovery

Data retention

Page 6 of 6

51. A security administrator is trying to determine whether a server is vulnerable to a range of attacks.

After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

Memory leak

Race conditions

SQL injection

Directory traversal

52. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing.

Which of the following should the CISO read and understand before writing the policies?

PCI DSS

GDPR

NIST

ISO 31000

53. A user is concerned that a web application will not be able to handle unexpected or random input without crashing.

Which of the following BEST describes the type of testing the user should perform?

Code signing

Fuzzing

Manual code review

Dynamic code analysis

54. Given the following logs:

Which of the following BEST describes the type of attack that is occurring?

Rainbow table

Dictionary

Password spraying

Pass-the-hash

55. A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day.

Which of the following would MOST likely show where the malware originated?

The DNS logs

The web server logs

The SIP traffic logs

The SNMP logs

56. Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

Tabletop

Parallel

Full interruption

Simulation

57. An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions.

Which of the following sources of information would BEST support this solution?

Web log files

Browser cache

DNS query logs

Antivirus

58. A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted.

Which of the following resiliency techniques was applied to the network to prevent this attack?

NIC Teaming

Port mirroring

Defense in depth

High availability

Geographic dispersal

59. An attacker is exploiting a vulnerability that does not have a patch available.

Which of the following is the attacker exploiting?

Zero-day

Default permissions

Weak encryption

Unsecure root accounts

60. A security analyst needs to perform periodic vulnerably scans on production systems.

Which of the following scan types would produce the BEST vulnerability scan report?

Port

Intrusive

Host discovery

Credentialed

Welcome To Choose Required IT Certification Exams Online

CompTIA Security+ Exam 2021 SY0-601 Practice Test Online

Read CompTIA Security Plus SY0-601 Free Questions To Check The Online Practice Test

Author