[Updated In June OF 2022] Valid SY0-601 Practice Test For CompTIA Security+ SY0-601 Exam Preparation

Regina2022-06-11T01:16:00+00:00

The SY0-601 exam is available for CompTIA Security+ certification to help candidates open the door to their cybersecurity careers. Valid SY0-601 practice test of ITExamShop has been updated with 617 practice questions and answers in June of 2022, which could be your best exam preparation for the CompTIA Security+ SY0-601 exam. No need to waste your valuable time and money, just choose the most valid SY0-601 practice test as your preparation materials. We promise that if practicing SY0-601 questions and answers with ITExamShop PDF and software, you can pass the CompTIA Security+ SY0-601 exam on the first attempt.

Read The Most Updated SY0-601 Free Exam Questions Below First

Page 1 of 4

1. A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set.

Which of the following recommendations would BEST prevent this from reoccurring?

Create a new acceptable use policy.

Segment the network into trusted and untrusted zones.

Enforce application whitelisting.

Implement DLP at the network boundary.

2. To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials.

Which of the following will BEST ensure the site’s users are not compromised after the reset?

A password reuse policy

Account lockout after three failed attempts

Encrypted credentials in transit

A geofencing policy based on login history

3. A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area.

Which of the following would MOST likely have prevented this breach?

A firewall

A device pin

A USB data blocker

Biometrics

4. A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process.

Which of the following methods would BEST accomplish this goal?

Salting the magnetic strip information

Encrypting the credit card information in transit.

Hashing the credit card numbers upon entry.

Tokenizing the credit cards in the database

5. A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner.

Which of the following access control schemes BEST fits the requirements?

Role-based access control

Discretionary access control

Mandatory access control

Attribute-based access control

6. An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information.

One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

SOU attack

DLL attack

XSS attack

API attack

7. A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site

Upon investigation, a security analyst the identifies the following:

• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP

• The forged website's IP address appears to be 10.2.12.99. based on NetFtow records

• AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP

• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

A reverse proxy was used to redirect network traffic

An SSL strip MITM attack was performed

An attacker temporarily pawned a name server

An ARP poisoning attack was successfully executed

8. In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

Identification

Preparation

Eradiction

Recovery

Containment

9. A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance.

Which of the following RAID levels should the administrator select?

10. A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string.

Which of the following techniques BEST explains this action?

Predictability

Key stretching

Salting

Hashing

Page 2 of 4

11. Which of the following ISO standards is certified for privacy?

ISO 9001

ISO 27002

ISO 27701

ISO 31000

12. An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled.

Which of the following targeted the organization?

Shadow IT

An insider threat

A hacktivist

An advanced persistent threat

13. A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours.

Which of the following attacks was MOST likely used?

Man-in- the middle

Spear-phishing

Evil twin

DNS poising

14. A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom.

Which of the following would BEST prevent this attack from reoccurring?

Configure the perimeter firewall to deny inbound external connections to SMB ports.

Ensure endpoint detection and response systems are alerting on suspicious SMB connections.

Deny unauthenticated users access to shared network folders.

Verify computers are set to install monthly operating system, updates automatically.

15. A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data.

Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

MAC cloning

Evil twin

Man-in-the-middle

ARP poisoning

16. After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical.

Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

The IDS logs

The full packet capture data

The SIEM alerts

17. A company wants to deploy PKI on its Internet-facing website.

The applications that are currently deployed are:

✑ www.company.com (main website)

✑ contactus.company.com (for locating a nearby location)

✑ quotes.company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com.

Which of the following certificate types would BEST meet the requirements?

SAN

Wildcard

Extended validation

Self-signed

18. An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them.

Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

Voice

Gait

Vein

Facial

Retina

Fingerprint

19. After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker.

Which of the following will the company MOST likely review to trace this transaction?

The public ledger

The NetFlow data

A checksum

The event log

20. Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems

Test the patches m a test environment apply them to the production systems and then apply them to a staging environment

Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment

Page 3 of 4

21. A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

The most common set of MDM configurations will become the effective set of enterprise mobile security controls.

All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.

22. Which of the following is the purpose of a risk register?

To define the level or risk using probability and likelihood

To register the risk with the required regulatory agencies

To identify the risk, the risk owner, and the risk measures

To formally log the type of risk mitigation strategy the organization is using

23. Which of the following describes the ability of code to target a hypervisor from inside

Fog computing

VM escape

Software-defined networking

Image forgery

Container breakout

24. A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use.

Which of the following should the engineer do to determine the issue? (Choose two.)

Perform a site survey

Deploy an FTK Imager

Create a heat map

Scan for rogue access points

Upgrade the security protocols

Install a captive portal

25. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing.

Which of the following should the CISO read and understand before writing the policies?

PCI DSS

GDPR

NIST

ISO 31000

26. A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet.

Which of the following would MOST likely allow the company to find the cause?

Checksums

Watermarks

Oder of volatility

A log analysis

A right-to-audit clause

27. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly.

Which of the following technologies should the IT manager use when implementing MFA?

One-time passwords

Email tokens

Push notifications

Hardware authentication

28. A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP.

Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Segmentation

Firewall whitelisting

Containment

isolation

29. A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute.

Which of the following intelligence sources should to security analyst review?

Vulnerability feeds

Trusted automated exchange of indicator information

Structured threat information expression

Industry information-sharing and collaboration groups

30. Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

SSAE SOC 2

PCI DSS

GDPR

ISO 31000

Page 4 of 4

31. The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk.

Which of the following would be BEST to mitigate CEO’s concern? (Select TWO).

Geolocation

Time-of-day restrictions

Certificates

Tokens

Geotagging

Role-based access controls

32. A network engineer needs to build a solution that will allow guests at the company’s headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet.

Which of the following should the engineer employ to meet these requirements?

Implement open PSK on the APs

Deploy a WAF

Configure WIPS on the APs

Install a captive portal

33. An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments.

Which of the following BEST explains the appliance’s vulnerable state?

The system was configured with weak default security settings.

The device uses weak encryption ciphers.

The vendor has not supplied a patch for the appliance.

The appliance requires administrative credentials for the assessment.

34. A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime.

Which of the following would BEST meet this objective? (Choose two.)

Dual power supply

Off-site backups

Automatic OS upgrades

NIC teaming

Scheduled penetration testing

Network-attached storage

35. A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN.

Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?

Due to foreign travel, the user’s laptop was isolated from the network.

The user’s laptop was quarantined because it missed the latest path update.

The VPN client was blacklisted.

The user’s account was put on a legal hold.

Welcome To Choose Required IT Certification Exams Online

[Updated In June OF 2022] Valid SY0-601 Practice Test For CompTIA Security+ SY0-601 Exam Preparation

Read The Most Updated SY0-601 Free Exam Questions Below First

Author