[August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions ITExamShop.pdf

SY0-601 Free Questions Good Demo For CompTIA SY0-601 Exam [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 1.Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware? A. Install a definition-based antivirus. B. Implement an IDS/IPS C. Implement a heuristic behavior-detection solution. D. Implement CASB to protect the network shares. Answer: C 2.A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic? A. HIDS B. UEBA C. CASB D. VPC Answer: C 3.Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement? A. An SLA B. AnNDA C. ABPA D. AnMOU Answer: D 4.A security analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization's new API to bypass a driver to perform privilege escalation on the organization's web servers. Upon looking at the API, the security analyst realizes the particular API call was to a legacy system running an outdated OS. Which of the following is the MOST likely attack type? A. Request forgery B. Session replay C. DLL injection [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop D. Shimming Answer: A 5.A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Salting the magnetic strip information B. Encrypting the credit card information in transit. C. Hashing the credit card numbers upon entry. D. Tokenizing the credit cards in the database Answer: C 6.An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.) A. Voice B. Gait C. Vein D. Facial E. Retina F. Fingerprint Answer: B,D 7.An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? A. hping3 -S corsptia.org -p 80 B. nc ―1 ―v comptia.org -p 80 C. nmap comptia.org -p 80 ―sV D. nslookup -port=80 comptia.org Answer: C [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 8.A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The file- sharing service is the same one used by company staff as one of its approved third- party applications. After further investigation, the security team determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from reoccurring but does not want to impact existing business processes. Which of the following would BEST meet the CSO's objectives? A. DLP B. SWG C. CASB D. Virtual network segmentation E. Container security Answer: A 9.A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy? A. Mobile device management B. Full-device encryption C. Remote wipe D. Biometrics Answer: A 10.A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture? A. Configure the DLP policies to allow all PII B. Configure the firewall to allow all ports that are used by this application C. Configure the antivirus software to allow the application D. Configure the DLP policies to whitelist this application with the specific PII E. Configure the application to encrypt the PII Answer: D 11.A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA? [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop A. One-time passwords B. Email tokens C. Push notifications D. Hardware authentication Answer: C 12.A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online? A. Dual power supplies B. A UPS C. A generator D. APDU Answer: B 13.A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs. Which of the following should the university use to BEST protect these assets deployed in the facility? A. Visitor logs B. Cable locks C. Guards D. Disk encryption E. Motion detection Answer: B 14.Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security? A. WPA3 B. AES C. RADIUS D. WPS Answer: D [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 15.A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output: Which of the following steps would be best for the security engineer to take NEXT? A. Allow DNS access from the internet. B. Block SMTP access from the Internet C. Block HTTPS access from the Internet D. Block SSH access from the Internet. Answer: D 16.A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern? A. Create consultant accounts for each region, each configured with push MFA notifications. B. Create one global administrator account and enforce Kerberos authentication C. Create different accounts for each region. limit their logon times, and alert on risky logins D. Create a guest account for each region. remember the last ten passwords, and block password reuse Answer: C 17.A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective? [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop A. Security information and event management B. A web application firewall C. A vulnerability scanner D. A next-generation firewall Answer: A 18.A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used? A. The scan results show open ports, protocols, and services exposed on the target host B. The scan enumerated software versions of installed programs C. The scan produced a list of vulnerabilities on the target host D. The scan identified expired SSL certificates Answer: B 19.An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable? A. SED B. HSM C. DLP D. TPM Answer: A 20.An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications. Which of the following BEST represents the type of testing that will occur? A. Bug bounty B. Black-box C. Gray-box D. White-box Answer: A 21.An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following: [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop Which of the following is the MOST likely cause of the issue? A. The end user purchased and installed a PUP from a web browser B. A bot on the computer is brute forcing passwords against a website C. A hacker is attempting to exfiltrate sensitive data D. Ransomware is communicating with a command-and-control server. Answer: A 22.HOTSPOT Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation. INSTRUCTIONS Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop Answer: [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 23.A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all white boars are cleaned and all desks are cleared. The company is MOST likely trying to protect against. A. Loss of proprietary information B. Damage to the company’s reputation C. Social engineering D. Credential exposure Answer: C 24.A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred? A. Fileless malware B. A downgrade attack C. A supply-chain attack D. A logic bomb E. Misconfigured BIOS Answer: C 25.The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future? A. Install a NIDS device at the boundary. B. Segment the network with firewalls. C. Update all antivirus signatures daily. D. Implement application blacklisting. Answer: B 26.An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria? [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop A. TLS B. PFS C. ESP D. AH Answer: A 27.Which of the following describes the ability of code to target a hypervisor from inside A. Fog computing B. VM escape C. Software-defined networking D. Image forgery E. Container breakout Answer: B 28.A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting? A. Verification B. Validation C. Normalization D. Staging Answer: A 29.Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy? A. Risk matrix B. Risk tolerance C. Risk register D. Risk appetite Answer: B 30.Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers? A. Red team B. While team C. Blue team D. Purple team Answer: A [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 31.Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff. Which of the following would MOST likely help mitigate this issue? A. DNSSEC and DMARC B. DNS query logging C. Exact mail exchanger records in the DNS D. The addition of DNS conditional forwarders Answer: C 32.A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow? A. Payment Card Industry Data Security Standard B. Cloud Security Alliance Best Practices C. ISO/IEC 27032 Cybersecurity Guidelines D. General Data Protection Regulation Answer: A 33.Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To provide data to quantity risk based on the organization's systems. B. To keep all software and hardware fully patched for known vulnerabilities C. To only allow approved, organization-owned devices onto the business network D. To standardize by selecting one laptop model for all users in the organization Answer: A 34.A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data? A. Containerization B. Geofencing C. Full-disk encryption D. Remote wipe [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop Answer: C 35.A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario? A. Configuring signature-based antivirus io update every 30 minutes B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion. C. Implementing application execution in a sandbox for unknown software. D. Fuzzing new files for vulnerabilities if they are not digitally signed Answer: C 36.DRAG DROP A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop Answer: [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 37.A security operations analyst is using the company's SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of? A. Eradication B. Recovery C. Identification D. Preparation Answer: C 38.Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.) A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software Answer: A,D 39.A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk? A. Upgrade the bandwidth available into the datacenter B. Implement a hot-site failover location C. Switch to a complete SaaS offering to customers D. Implement a challenge response test on all end-user queries Answer: B 40.Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor? A. A right-to-audit clause allowing for annual security audits B. Requirements for event logs to be kept for a minimum of 30 days C. Integration of threat intelligence in the company's AV D. A data-breach clause requiring disclosure of significant data loss Answer: A [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 41.A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring? A. Create a new acceptable use policy. B. Segment the network into trusted and untrusted zones. C. Enforce application whitelisting. D. Implement DLP at the network boundary. Answer: C 42.After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred? A. Privilege escalation B. Session replay C. Application programming interface D. Directory traversal Answer: A 43.A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The Oss are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities? A. Redundancy B. RAID 1+5 C. Virtual machines D. Full backups Answer: D 44.A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform? [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop A. PCI DSS B. ISO 22301 C. ISO 27001 D. NIST CSF Answer: A 45.A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use? A. IDS solution B. EDR solution C. HIPS software solution D. Network DLP solution Answer: D 46.Which of the following BEST explains the difference between a data owner and a data custodian? A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data Answer: B 47.A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports. Which erf the following attacks in happening on the corporate network? A. Man in the middle B. Evil twin C. Jamming D. Rogue access point E. Disassociation Answer: B [August 20, 2021] Real CompTIA Security+ SY0-601 Exam Questions | ITExamShop 48.An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN? A. Using geographic diversity to have VPN terminators closer to end users B. Utilizing split tunneling so only traffic for corporate resources is encrypted C. Purchasing higher-bandwidth connections to meet the increased demand D. Configuring QoS properly on the VPN accelerators Answer: D 49.A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet? A. AH B. ESP C. SRTP D. LDAP Answer: B 50.An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing? A. Incident response B. Communications C. Disaster recovery D. Data retention Answer: C 51.A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output: