CompTIA Security+ SY0-601 [2022] Exam Questions - Pass SY0-601 Exam & Be A Certified

CompTIA Security+ SY0-601 [2022] Exam Questions – Pass SY0-601 Exam & Be A Certified

Regina2022-03-09T08:07:36+00:00

Passing SY0-601 exam and being a CompTIA Security+ certified can be guaranteed by reading CompTIA Security+ SY0-601 exam questions of ITExamShop. CompTIA SY0-601 exam questions updated by the experienced team, containing 481 practice exam questions in the pdf file and testing engine. Also, all the CompTIA Security+ SY0-601 exam answers have been verified by the team, who have full confidence to ensure you be success in actual exam.

Before downloading, read SY0-601 free questions to check the demo first:

Page 1 of 4

1. A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic .

Which of the following would be BEST to solve this issue?

iPSec

Always On

Split tunneling

L2TP

2. A small company that does not have security staff wants to improve its security posture .

Which of the following would BEST assist the company?

MSSP

SOAR

IaaS

PaaS

3. Which of the following BEST explains the difference between a data owner and a data custodian?

The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data

The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data

4. A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom .

Which of the following would BEST prevent this attack from reoccurring?

Configure the perimeter firewall to deny inbound external connections to SMB ports.

Ensure endpoint detection and response systems are alerting on suspicious SMB connections.

Deny unauthenticated users access to shared network folders.

Verify computers are set to install monthly operating system, updates automatically.

5. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly .

Which of the following technologies should the IT manager use when implementing MFA?

One-time passwords

Email tokens

Push notifications

Hardware authentication

6. An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business.

The Chief Information Officer (CIO) is wondering it the organization may need to scale down just as quickly as it scaled up. The ClO is also concerned about the organization's security and customer privacy .

Which of the following would be BEST to address the ClO’s concerns?

Disallow new hires from using mobile devices for six months

Select four devices for the sales department to use in a CYOD model

Implement BYOD for the sates department while leveraging the MDM

Deploy mobile devices using the COPE methodology

7. An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button .

Which of the following would MOST likely contain that information?

NGFW

Pagefile

NetFlow

RAM

8. A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet .

Which of the following is the BEST solution to protect these designs?

An air gap

A Faraday cage

A shielded cable

A demilitarized zone

9. Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

Cross-site scripting

Data exfiltration

Poor system logging

Weak encryption

SQL injection

Server-side request forgery

10. A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data.

Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

MAC cloning

Evil twin

Man-in-the-middle

ARP poisoning

Page 2 of 4

11. A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP .

Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Segmentation

Firewall whitelisting

Containment

isolation

12. Company engineers regularly participate in a public Internet forum with other engineers throughout the industry .

Which of the following tactics would an attacker MOST likely use in this scenario?

Watering-hole attack

Credential harvesting

Hybrid warfare

Pharming

13. Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?

Least privilege

Awareness training

Separation of duties

Mandatory vacation

14. In which of the following common use cases would steganography be employed?

Obfuscation

Integrity

Non-repudiation

Blockchain

15. A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels .

Which of the following access control schemes would be BEST for the company to implement?

Discretionary

Rule-based

Role-based

Mandatory

16. A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set .

Which of the following recommendations would BEST prevent this from reoccurring?

Create a new acceptable use policy.

Segment the network into trusted and untrusted zones.

Enforce application whitelisting.

Implement DLP at the network boundary.

17. A security analyst is reviewing the following attack log output:

Which of the following types of attacks does this MOST likely represent?

Rainbow table

Brute-force

Password-spraying

Dictionary

18. A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner .

Which of the following access control schemes BEST fits the requirements?

Role-based access control

Discretionary access control

Mandatory access control

Attribute-based access control

19. Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee’s workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS .

Which of the following is MOST likely causing the malware alerts?

A worm that has propagated itself across the intranet, which was initiated by presentation media

A fileless virus that is contained on a vCard that is attempting to execute an attack

A Trojan that has passed through and executed malicious code on the hosts

A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

20. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all white boars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Loss of proprietary information

Damage to the company’s reputation

Social engineering

Credential exposure

Page 3 of 4

21. A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred .

Which of the following is the analyst MOST likely seeing?

A)

Option A

Option B

Option C

Option D

22. After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical .

Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

The IDS logs

The full packet capture data

The SIEM alerts

23. A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours .

Which of the following attacks was MOST likely used?

Man-in- the middle

Spear-phishing

Evil twin

DNS poising

24. An employee has been charged with fraud and is suspected of using corporate assets.

As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

Order of volatility

Data recovery

Chain of custody

Non-repudiation

25. Which of the following types of controls is a turnstile?

Physical

Detective

Corrective

Technical

26. In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts.

In which of the following incident response phases is the security engineer currently operating?

Identification

Preparation

Eradiction

Recovery

Containment

27. Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection .

Which of the following should administrator implement to protect the environment from this malware?

Install a definition-based antivirus.

Implement an IDS/IPS

Implement a heuristic behavior-detection solution.

Implement CASB to protect the network shares.

28. A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications .

Which of the following implementations would be BEST to prevent the issue from reoccurring?

CASB

SWG

Containerization

Automated failover

29. A network administrator has been asked to install an IDS to improve the security posture of an organization .

Which of the following control types is an IDS?

Corrective

Physical

Detective

Administrative

30. An organization needs to implement more stringent controls over administrator/root credentials and service accounts.

Requirements for the project include:

✑ Check-in/checkout of credentials

✑ . The ability to use but not know the password

✑ Automated password changes

✑ Logging of access to credentials

Which of the following solutions would meet the requirements?

OAuth 2.0

Secure Enclave

A privileged access management system

An OpenID Connect authentication system

Page 4 of 4

31. A user enters a password to log in to a workstation and is then prompted to enter an authentication code .

Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

Something you know

Something you have

Somewhere you are

Someone you are

Something you are

Something you can do

32. Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

SSAE SOC 2

PCI DSS

GDPR

ISO 31000

33. A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks .

Which of the following would BEST meet the CSO's objectives?

Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.

Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

34. A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network .

Which of the following would be BEST to help mitigate this concern?

Create consultant accounts for each region, each configured with push MFA notifications.

Create one global administrator account and enforce Kerberos authentication

Create different accounts for each region. limit their logon times, and alert on risky logins

Create a guest account for each region. remember the last ten passwords, and block password reuse

35. A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk .

Which of the following should the administrator use?

chmod

dnsenum

logger

Welcome To Choose Required IT Certification Exams Online

CompTIA Security+ SY0-601 [2022] Exam Questions – Pass SY0-601 Exam & Be A Certified

Before downloading, read SY0-601 free questions to check the demo first:

Author