CompTIA Security+ Exam SY0-601 ( 3 ) -

Welcome to your CompTIA Security+ Exam SY0-601 ( 3 )

1-) A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the following should the administrator use?

A. dd

B. chmod

C. dnsenum

D. logger

2-) A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

A. Dual power supplies

B. A UPS

C. A generator

D. APDU

3-) A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis

B. Restrict administrative privileges and patch ail systems and applications.

C. Rebuild all workstations and install new antivirus software

D. Implement application whitelisting and perform user application hardening

4-) A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)

A. Perform a site survey

B. Deploy an FTK Imager

C. Create a heat map

D. Scan for rogue access points

E. Upgrade the security protocols

F. Install a captive portal

5-) A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

A. A malicious USB was introduced by an unsuspecting employee

B. The ICS firmware was outdated

C. A local machine has a RAT installed.

D. The HVAC was connected to the maintenance vendor.

6-) A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

A. Preventive

B. Compensating

C. Corrective

D. Detective

7-) A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement?

A. Asymmatric

B. Symmetric

C. Homeomorphic

D. Ephemeral

😎 Which of the following describes the BEST approach for deploying application patches?

A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems

C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment

D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment

9-) A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-thanaverage rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?

A. Deploy an MDM solution.

B. Implement managed FDE.

C. Replace all hard drives with SEDs.

D. Install DLP agents on each laptop.

10-)Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.

B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.

C. Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox

D. Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

11-) An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com. The attacker's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe?

A. Information elicitation

B. Typo squatting

C. Impersonation

D. Watering-hole attack

12-) A network administrator at a large organization Is reviewing methods to improve the security of the wired LAN Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend?

A. 802.1X utilizing the current PKI infrastructure

B. SSO to authenticate corporate users

C. MAC address filtering with ACLs on the router

D. PAM for user account management

13-) A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Select TWO)

A. DNSSEC

B. Reverse proxy

C. VPN concentrator

D. PKI

E. Active Directory

F. RADIUS

14-) A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

A. Corrective

B. Physical

C. Detective

D. Administrative

15-) In which of the following common use cases would steganography be employed?

A. Obfuscation

B. Integrity

C. Non-repudiation

D. Blockchain

16-) A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money: Which of the following types of attack is MOST likely being conducted?

A. SQLi

B. CSRF

C. Session replay

D. API

17-) Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

A. Data encryption

B. Data masking

C. Data deduplication

D. Data minimization

18-) An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A. SLA

B. BPA

C. NDA

D. MOU

19-) A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: Which of the following is the router experiencing?

A. DDoS attack

B. Memory leak

C. Buffer overflow

D. Resource exhaustion

20-) An attacker is attempting, to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password. the logon screen displays the following message: Which of the following should the analyst recommend be enabled?

A. Input validation

B. Obfuscation

C. Error handling

D. Username lockout

Please fill in the comment box below.

CompTIA Security+ Exam SY0-601 ( 3 )

Leave a Reply Cancel reply