CompTIA Security+ Exam SY0-601 ( 2 ) -

Welcome to your CompTIA Security+ Exam SY0-601 ( 2 )

1-) Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

A. An SLA

B. AnNDA

C. ABPA

D. AnMOU

2-) Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A. DLP

B. HIDS

C. EDR

D. NIPS

3-) A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A. perform attribution to specific APTs and nation-state actors.

B. anonymize any PII that is observed within the IoC data.

C. add metadata to track the utilization of threat intelligence reports.

D. assist companies with impact assessments based on the observed data.

4-) A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1, Which of the following BEST explains the findings?

A. Default settings on the servers

B. Unsecured administrator accounts

C. Open ports and services

D. Weak Data encryption

5-) An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

A. The theft of portable electronic devices

B. Geotagging in the metadata of images

C. Bluesnarfing of mobile devices

D. Data exfiltration over a mobile hotspot

6-) A user recently attended an exposition and received some digital promotional materials The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open Which of the following is MOST likely the cause of the reported issue?

A. There was a drive-by download of malware

B. The user installed a cryptominer

C. The OS was corrupted

D. There was malicious code on the USB drive

7-) Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

A. Unsecure protocols

B. Use of penetration-testing utilities

C. Weak passwords

D. Included third-party libraries

E. Vendors/supply chain

F. Outdated anti-malware software

😎 A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

A. 135

B. 139

C. 143

D. 161

E. 443

F. 445

9-) Which of the following types of attacks is specific to the individual it targets?

A. Whaling

B. Pharming

C. Smishing

D. Credential harvesting

10-) A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

A. logger

B. Metasploit

C. tcpdump

D. netstat

11-) A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

A. PCI DSS

B. GDPR

C. NIST

D. ISO 31000

12-) A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

A. FDE

B. NIDS

C. EDR

D. DLP

13-) A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: Which of the following can the security analyst conclude?

A. A replay attack is being conducted against the application.

B. An injection attack is being conducted against a user authentication system.

C. A service account password may have been changed, resulting in continuous failed logins within the application.

D. A credentialed vulnerability scanner attack is testing several CVEs against the application.

14-) A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue?

A. An external access point is engaging in an evil-twin attack.

B. The signal on the WAP needs to be increased in that section of the building.

C. The certificates have expired on the devices and need to be reinstalled.

D. The users in that section of the building are on a VLAN that is being blocked by the firewall.

15-) Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B. The document is a backup file if the system needs to be recovered.

C. The document is a standard file that the OS needs to verify the login credentials.

D. The document is a keylogger that stores all keystrokes should the account be compromised.

16-) A small business office is setting up a wireless infrastructure with primary requirements centered around protecting customer information and preventing unauthorized access to the business network. Which of the following would BEST support the office's business needs? (Select TWO)

A. Installing WAPs with strategic placement

B. Configuring access using WPA3

C. Installing a WIDS

D. Enabling MAC filtering

E. Changing the WiFi password every 30 days

F. Reducing WiFi transmit power throughout the office

17-) Which of the following is a reason why an organization would define an AUP?

A. To define the lowest level of privileges needed for access and use of the organization's resources

B. To define the set of rules and behaviors for users of the organization's IT systems

C. To define the intended partnership between two organizations

D. To define the availability and reliability characteristics between an IT provider and consumer

18-) Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?

A. WPA3

B. AES

C. RADIUS

D. WPS

19-) Which of the following would be the BEST resource lor a software developer who is looking to improve secure coding practices for web applications?

A. OWASP

B. Vulnerability scan results

C. NIST CSF

D. Third-party libraries

20-) A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?

A. Discretionary

B. Rule-based

C. Role-based

D. Mandatory

Please fill in the comment box below.

CompTIA Security+ Exam SY0-601 ( 2 )

Leave a Reply Cancel reply