CompTIA Security+ SY0-601 Dumps Questions

dumps2021-11-03T03:49:00+08:00

CompTIA Security+ SY0-501 exam English language has been retired on July 31, 2021. SY0-601 exam is the new code for CompTIA Security+ certification. In real SY0-601 exam, there are maximum of 90 questions, and you have 90 minutes to complete all the questions. The required passing score of CompTIA Security+ SY0-601 exam is 750 (on a scale of 100-900).

To take CompTIA Security+ SY0-601 exam, you also need to have CompTIA Network+ and two years of experience in IT administration with a security focus. We provide the latest CompTIA Security+ SY0-601 dumps questions for you to test all the related skill. Free CompTIA SY0-601 exam dumps questions are available below.

Page 1 of 14

1. A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory.

Which of the following is the analyst doing?

A packet capture

A user behavior analysis

Threat hunting

Credentialed vulnerability scanning

2. Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

Data encryption

Data masking

Data deduplication

Data minimization

3. Which of the following would satisfy three-factor authentication?

Password, retina scanner, and NFC card

Password, fingerprint scanner, and retina scanner

Password, hard token, and NFC card

Fingerprint scanner, hard token, and retina scanner

4. A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models.

When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

The most common set of MDM configurations will become the effective set of enterprise mobile security controls.

All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.

5. A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall.

Which of the following would be the BEST option to remove the rules?

# iptables -t mangle -X

# iptables -F

# iptables -Z

# iptables -P INPUT -j DROP

6. To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic.

Which of the following solutions would BEST accomplish this objective?

Install a hypervisor firewall to filter east-west traffic.

Add more VLANs to the hypervisor network switches.

Move exposed or vulnerable VMs to the DM

Implement a zero-trust policy and physically segregate the hypervisor servers.

7. An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system.

Which of the following does the organization need to determine for this to be successful?

The baseline

The endpoint configurations

The adversary behavior profiles

The IPS signatures

8. A desktop support technician recently installed a new document-scanning software program on a computer However, when the end user tried to launch the program, it did not respond.

Which of the following is MOST likely the cause?

A new firewall rule is needed to access the application.

The system was quarantined for missing software updates

The software was not added to the application whitelist.

The system was isolated from the network due to infected software.

9. An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise.

Which of the following will accomplish this goal?

Antivirus

IPS

FTP

FIM

10. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing.

Which of the following should the CISO read and understand before writing the policies?

PCI DSS

GDPR

NIST

ISO 31000

Page 2 of 14

11. A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed on the recent so the customer can log in.

Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

WPA-EAP

WEP-TKIP

WPA-PSK

WPS-PIN

12. Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.

An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.

Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox

Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

13. A network administrator has been alerted that web pages are experiencing long load times.

After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

Which of the following is the router experiencing?

DDoS attack

Memory leak

Buffer overflow

Resource exhaustion

14. After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company.

Which of the following risk management strategies is the manager adopting?

Risk acceptance

Risk avoidance

Risk transference

Risk mitigation

15. An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information.

One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

SOU attack

DLL attack

XSS attack

API attack

16. In which of the following situations would it be BEST to use a detective control type for mitigation?

A company implemented a network load balancer to ensure 99.999% availability of its web application.

A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.

A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.

A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.

A company purchased liability insurance for flood protection on all capital assets.

17. An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete.

Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.

incremental backups Monday through Friday at 6:00 p.m and full backups hourly.

Full backups Monday through Friday at 6:00 p.m and differential backups hourly.

18. The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached.

Which of the blowing would BEST address this security concern?

install a smart meter on the staff WiFi.

Place the environmental systems in the same DHCP scope as the staff WiFi.

Implement Zigbee on the staff WiFi access points.

Segment the staff WiFi network from the environmental systems network.

19. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Loss of proprietary information

Damage to the company’s reputation

Social engineering

Credential exposure

20. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

Instructions: The firewall will process the rules in a top-down manner in order as a first match. The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

Page 3 of 14

21. Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically.

Which of the following concepts does this BEST represent?

Functional testing

Stored procedures

Elasticity

Continuous integration

22. A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage.

Which of the following is MOST likely the cause?

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

23. A user downloaded an extension for a browser, and the uses device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data.

The following was observed running:

Which of the following is the malware using to execute the attack?

PowerShell

Python

Bash

Macros

24. The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

federation.

a remote access policy.

multifactor authentication.

single sign-on.

25. A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release.

Which of the following BEST describes the tasks the developer is conducting?

Verification

Validation

Normalization

Staging

26. A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first.

Which of the following would be the BEST method to increase the security on the Linux server?

Randomize the shared credentials

Use only guest accounts to connect.

Use SSH keys and remove generic passwords

Remove all user accounts.

27. A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The Oss are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery.

Which of the following resiliency techniques will provide these capabilities?

Redundancy

RAID 1+5

Virtual machines

Full backups

28. Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?

Staging

Test

Production

Development

29. A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels.

Which of the following access control schemes would be BEST for the company to implement?

Discretionary

Rule-based

Role-based

Mandatory

30. A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet.

Which of the following would MOST likely allow the company to find the cause?

Checksums

Watermarks

Oder of volatility

A log analysis

A right-to-audit clause

Page 4 of 14

31. The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained.

Which of the following would be BEST to improve the incident response process?

Updating the playbooks with better decision points

Dividing the network into trusted and untrusted zones

Providing additional end-user training on acceptable use

Implementing manual quarantining of infected hosts

32. A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN.

Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

135

139

143

161

443

445

33. A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic.

Which of the following log sources would be BEST to show the source of the unusual traffic?

HIDS

UEBA

CASB

VPC

34. A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks.

Which of the following would be BEST for the security manager to use in a threat mode?

Hacktivists

White-hat hackers

Script kiddies

Insider threats

35. Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection.

Which of the following should administrator implement to protect the environment from this malware?

Install a definition-based antivirus.

Implement an IDS/IPS

Implement a heuristic behavior-detection solution.

Implement CASB to protect the network shares.

36. A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day.

Which of the following would MOST likely show where the malware originated?

The DNS logs

The web server logs

The SIP traffic logs

The SNMP logs

37. Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

The data protection officer

The data processor

The data owner

The data controller

38. When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider.

Which of the following risk management strategies is this an example of?

Acceptance

Mitigation

Avoidance

Transference

39. An organization needs to implement more stringent controls over administrator/root credentials and service accounts.

Requirements for the project include:

✑ Check-in/checkout of credentials

✑ The ability to use but not know the password

✑ Automated password changes

✑ Logging of access to credentials

Which of the following solutions would meet the requirements?

OAuth 2.0

Secure Enclave

A privileged access management system

An OpenID Connect authentication system

40. Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations.

Which of the following documents did Ann receive?

An annual privacy notice

A non-disclosure agreement

A privileged-user agreement

A memorandum of understanding

Page 5 of 14

41. A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.

Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).

VPN

Drive encryption

Network firewall

File level encryption

USB blocker

MFA

42. A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing.

The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment.

Which of the following would BEST fulfill the owner's second need?

Lease a point-to-point circuit to provide dedicated access.

Connect the business router to its own dedicated UP

Purchase services from a cloud provider for high availability D Replace the business's wired network with a wireless network.

43. A global pandemic is forcing a private organization to close some business units and reduce staffing at others.

Which of the following would be BEST to help the organization’s executives determine the next course of action?

An incident response plan

A communications plan

A disaster recovery plan

A business continuity plan

44. A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted.

Which of the following resiliency techniques was applied to the network to prevent this attack?

NIC Teaming

Port mirroring

Defense in depth

High availability

Geographic dispersal

45. The website http://companywebsite.com requires users to provide personal information including security responses, for registration.

Which of the following would MOST likely cause a date breach?

LACK OF INPUT VALIDATION

OPEN PERMISSIONS

UNSCECURE PROTOCOL

MISSING PATCHES

46. Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?

Least privilege

Awareness training

Separation of duties

Mandatory vacation

47. A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees.

Which of the following controls. should the company consider using as part of its IAM strategy? (Select TWO).

A complex password policy

Geolocation

An impossible travel policy

Self-service password reset

Geofencing

Time-based logins

48. During a security assessment, a security finds a file with overly permissive permissions.

Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

chflags

chmod

leof

setuid

49. An attacker is attempting to exploit users by creating a fake website with the URL users.

Which of the following social-engineering attacks does this describe?

Information elicitation

Typo squatting

Impersonation

Watering-hole attack

50. During an incident response, a security analyst observes the following log entry on the web server.

Which of the following BEST describes the type of attack the analyst is experience?

SQL injection

Cross-site scripting

Pass-the-hash

Directory traversal

Page 6 of 14

51. A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures.

Which of the following RAID levels meets this requirements?

RAID 0+1

RAID 2

RAID 5

RAID 6

52. A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline.

The manager would like to Implement a high availability pair to:

decrease the mean ne between failures

remove the single point of failure

cut down the mean tine to repair

reduce the recovery time objective

53. An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

Quarantining the compromised accounts and computers, only providing them with network access

Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.

Isolating the compromised accounts and computers, cutting off all network and internet access.

Logging off and deleting the compromised accounts and computers to eliminate attacker access.

54. A security analyst is hardening a network infrastructure.

The analyst is given the following requirements:

• Preserve the use of public IP addresses assigned to equipment on the core router.

• Enable "in transport ‘encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select TWO).

Configure VLANs on the core router

Configure NAT on the core router

Configure BGP on the core router

Configure AES encryption on the web server

Enable 3DES encryption on the web server

Enable TLSv2 encryption on the web server

55. An attacker is exploiting a vulnerability that does not have a patch available.

Which of the following is the attacker exploiting?

Zero-day

Default permissions

Weak encryption

Unsecure root accounts

56. A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company.

Which of the following solutions will BEST meet these requirements?

An NGFW

A CASB

Application whitelisting

An NG-SWG

57. An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe.

To which of the following frameworks should the security officer map the existing controls? (Select TWO).

ISO

PCI DSS

SOC

GDPR

CSA

NIST

58. A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Which of the following BEST describes this kind of attack?

Directory traversal

SQL injection

API

Request forgery

59. A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security.

Which of the following controls will the analyst MOST likely recommend?

MAC

ACL

BPDU

ARP

60. A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots.

Which of the following is the BEST defense against this scenario?

Configuring signature-based antivirus io update every 30 minutes

Enforcing S/MIME for email and automatically encrypting USB drives upon insertion.

Implementing application execution in a sandbox for unknown software.

Fuzzing new files for vulnerabilities if they are not digitally signed

Page 7 of 14

61. A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email.

This BEST describes a scenario related to:

whaling.

smishing.

spear phishing

vishing

62. A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard.

Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

PCI DSS

ISO 22301

ISO 27001

NIST CSF

63. A security analyst needs to find real-time data on the latest malware and locs.

Which of the following best describe the solution the analyst should persue?

advisories and bulletins

threat feeds

security news articles

peer-reviewed content

64. Which of the following relets to applications and systems that are used within an organization without consent or approval?

Shadow IT

OSINT

Dark web

Insider threats

65. A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text.

Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Create DLP controls that prevent documents from leaving the network

Implement salting and hashing

Configure the web content filter to block access to the forum.

Increase password complexity requirements

66. A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned.

Which of the following attacks is MOST likely being detected?

Pass-the-hash

Buffer overflow

Cross-site scripting

Session replay

67. Which of the following holds staff accountable while escorting unauthorized personnel?

Locks

Badges

Cameras

Visitor logs

68. Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

The document is a honey file and is meant to attract the attention of a cyberintruder.

The document is a backup file if the system needs to be recovered.

The document is a standard file that the OS needs to verify the login credentials.

The document is a keylogger that stores all keystrokes should the account be compromised.

69. CORRECT TEXT

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time.

Which of the following BEST explains what happened?

The unexpected traffic correlated against multiple rules, generating multiple alerts.

Multiple alerts were generated due to an attack occurring at the same time.

An error in the correlation rules triggered multiple alerts.

The SIEM was unable to correlate the rules, triggering the alerts.

70. A security analyst needs to perform periodic vulnerability scans on production systems.

Which of the following scan Types would produce the BEST vulnerability scan report?

Port

Intrusive

Host discovery

Credentialed

Page 8 of 14

71. A security administrator checks the table of a network switch, which shows the following output:

Which of the following is happening to this switch?

MAC Flooding

DNS poisoning

MAC cloning

ARP poisoning

72. A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.

The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:

• Mobile device OSs must be patched up to the latest release

• A screen lock must be enabled (passcode or biometric)

• Corporate data must be removed if the device is reported lost or stolen

Which of the following controls should the security engineer configure? (Select TWO)

Containerization

Storage segmentation

Posturing

Remote wipe

Full-device encryption

Geofencing

73. A symmetric encryption algorithm Is BEST suited for:

key-exchange scalability.

protecting large amounts of data.

providing hashing capabilities,

implementing non-repudiation.

74. Which of the following is the correct order of volatility from MOST to LEAST volatile?

Memory, temporary filesystems, routing tables, disk, network storage

Cache, memory, temporary filesystems, disk, archival media

Memory, disk, temporary filesystems, cache, archival media

Cache, disk, temporary filesystems, network storage, archival media

75. An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day.

The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

The end user purchased and installed a PUP from a web browser

A bot on the computer is brute forcing passwords against a website

A hacker is attempting to exfiltrate sensitive data

Ransomware is communicating with a command-and-control server.

76. An attacker has successfully exfiltrated several non-salted password hashes from an online system.

Given the logs below:

Which of the following BEST describes the type of password attack the attacker is performing?

Dictionary

Pass-the-hash

Brute-force

Password spraying

77. Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

Data encryption

Data masking

Anonymization

Tokenization

78. Which of the following would be the BEST resource lor a software developer who is looking to improve secure coding practices for web applications?

OWASP

Vulnerability scan results

NIST CSF

Third-party libraries

79. An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost.

Which of the following solutions should the organization implement to reduce the likelihood of future data breaches?

MDM

MAM

VDI

DLP

80. A security administrator is trying to determine whether a server is vulnerable to a range of attacks.

After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

Memory leak

Race conditions

SQL injection

Directory traversal

Page 9 of 14

81. A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter.

Which of the following should the security manager implement to achieve the objective?

Segmentation

Containment

Geofencing

Isolation

82. The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed.

Which of the following is the MOST likely cause of the CRO’s concerns?

SSO would simplify username and password management, making it easier for hackers to pass guess accounts.

SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

SSO would reduce the password complexity for frontline staff.

SSO would reduce the resilience and availability of system if the provider goes offline.

83. Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.)

Alarms

Signage

Lighting

Mantraps

Fencing

Sensors

84. A network administrator would like to configure a site-to-site VPN utilizing IPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions.

Which of the following should the administrator use when configuring the VPN?

EDR

ESP

DNSSEC

85. A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1,.

Which of the following BEST explains the findings?

Default settings on the servers

Unsecured administrator accounts

Open ports and services

Weak Data encryption

86. A security an alyst needs to implement security features across smartphones. laptops, and tablets.

Which of the following would be the MOST effective across heterogeneous platforms?

Enforcing encryption

Deploying GPOs

Removing administrative permissions

Applying MDM software

87. A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop.

The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook

An attacker was able to phish user credentials successfully from an Outlook user profile

88. Which of the following utilize a subset of real data and are MOST likely to be used to assess the features and functions of a system and how it interacts or performs from an end user's perspective against defined test cases? (Select TWO).

Production

Test

Research and development

PoC

UAT

SDLC

89. An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139.

Which of the following sources should the analyst review to BEST ascertain how the Incident could have been prevented?

The vulnerability scan output

The security logs

The baseline report

The correlation of events

90. A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location.

Which of the following would BEST meet the architect's objectives?

Trusted Platform Module

laaS

HSMaaS

PaaS

Key Management Service

Page 10 of 14

91. The lessons-learned analysis from a recent incident reveals that an administrative office worker received a call from someone claiming to be from technical support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program was actually a backdoor that an attacker could later use to remote control the worker's PC.

Which of the following would be BEST to help prevent this type of attack in the future?

Data loss prevention

Segmentation

Application whitelisting

Quarantine

92. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Unsecure protocols

Use of penetration-testing utilities

Weak passwords

Included third-party libraries

Vendors/supply chain

Outdated anti-malware software

93. A company needs to centralize its logs to create a baseline and have visibility on its security events.

Which of the following technologies will accomplish this objective?

Security information and event management

A web application firewall

A vulnerability scanner

A next-generation firewall

94. A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue.

Which of the following BEST explains what happened?

A malicious USB was introduced by an unsuspecting employee.

The ICS firmware was outdated

A local machine has a RAT installed.

The HVAC was connected to the maintenance vendor.

95. A small company that does not have security staff wants to improve its security posture.

Which of the following would BEST assist the company?

MSSP

SOAR

IaaS

PaaS

96. A Chief Executive Officer (CEO) is dissatisfied with the level of service from the company's new service provider. The service provider is preventing the CEO from sending email from a work account to a personal account.

Which of the following types of service providers is being used?

Telecommunications service provider

Cloud service provider

Master managed service provider

Managed security service provider

97. Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity before sending him the prize.

Which of the following BEST describes this type of email?

Spear phishing

Whaling

Phishing

Vishing

98. Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Whaling

Spam

Invoice scam

Pharming

99. Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public.

Which of the following security solutions would mitigate the risk of future data disclosures?

FDE

TPM

HIDS

VPN

100. During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode.

Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

Check the SIEM for failed logins to the LDAP directory.

Enable MAC filtering on the switches that support the wireless network.

Run a vulnerability scan on all the devices in the wireless network

Deploy multifactor authentication for access to the wireless network

Scan the wireless network for rogue access points.

Deploy a honeypot on the network

Page 11 of 14

101. While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches.

Which of the following is the security analyst MOST likely observing?

SNMP traps

A Telnet session

An SSH connection

SFTP traffic

102. A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use.

Which of the following would add another factor of authentication?

Hard token

Retina scan

SMS text

Keypad PIN

103. CORRECT TEXT

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

✑ Deny cleartext web traffic.

✑ Ensure secure management protocols are used.

✑ Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

104. A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message.

Which of the following actions MOST likely supports an investigation for fraudulent submission?

Establish chain of custody

Inspect the file metadata

Reference the data retention policy

Review the email event logs

105. An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools.

Which of the following should the security team do to prevent this from Happening in the future?

Implement HIPS to block Inbound and outbound SMB ports 139 and 445.

Trigger a SIEM alert whenever the native OS tools are executed by the user

Disable the built-in OS utilities as long as they are not needed for functionality.

Configure the AV to quarantine the native OS tools whenever they are executed

106. An organization has various applications that contain sensitive data hosted in the cloud. The company’s leaders are concerned about lateral movement across applications of different trust levels.

Which of the following solutions should the organization implement to address the concern?

ISFW

UTM

SWG

CASB

107. Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern regarding newly installed Internet-accessible 4K surveillance cameras?

An inability to monitor 100%, of every facility could expose the company to unnecessary risk.

The cameras could be compromised if not patched in a timely manner.

Physical security at the facility may not protect the cameras from theft.

Exported videos may take up excessive space on the file servers.

108. Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime?

MSSP

Public cloud

Hybrid cloud

Fog computing

109. Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

The data owner

The data processor

The data steward

The data privacy officer.

110. A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague.

Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

Create an OCSP

Generate a CSR

Create a CRL

Generate a .pfx file

Page 12 of 14

111. When planning to build a virtual environment, an administrator need to achieve the following,

• Establish polices in Limit who can create new VMs

• Allocate resources according to actual utilization‘

• Require justication for requests outside of the standard requirements.

• Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Implement IaaS replication

Product against VM escape

Deploy a PaaS

Avoid VM sprawl

112. Security analyst must enforce policies to harden an MOM infrastructure.

The requirements are as follows

• Ensure mobile devices can be traded and wiped.

• Conrm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Geofencing

Biometric authentication

Geolocation

Geotagging

113. A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques.

Which of the following should the analyst use?

Internal log files

Government press releases

Confidential reports

Proprietary databases

114. A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts.

Which of the following security practices would have addressed the issue?

A non-disclosure agreement

Least privilege

An acceptable use policy

Ofboarding

115. A user recently attended an exposition and received some digital promotional materials. The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open.

Which of the following is MOST likely the cause of the reported issue?

There was a drive-by download of malware

The user installed a cryptominer

The OS was corrupted

There was malicious code on the USB drive

116. A company is designing the layout of a new datacenter so it will have an optimal environmental temperature.

Which of the following must be included? (Select TWO)

An air gap

A cold aisle

Removable doors

A hot aisle

An loT thermostat

A humidity monitor

117. An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:

business continuity plan

communications plan.

disaster recovery plan.

continuity of operations plan

118. A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

Secure cookies

Input validation

Code signing

Stored procedures

119. An employee has been charged with fraud and is suspected of using corporate assets.

As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

Order of volatility

Data recovery

Chain of custody

Non-repudiation

120. After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical.

Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

The IDS logs

The full packet capture data

The SIEM alerts

Page 13 of 14

121. An organization has decided to host its web application and database in the cloud.

Which of the following BEST describes the security concerns for this decision?

Access to the organization's servers could be exposed to other cloud-provider clients

The cloud vendor is a new attack vector within the supply chain

Outsourcing the code development adds risk to the cloud provider

Vendor support will cease when the hosting platforms reach EO

122. An incident response technician collected a mobile device during an investigation.

Which of the following should the technician do to maintain chain of custody?

Document the collection and require a sign-off when possession changes.

Lock the device in a safe or other secure location to prevent theft or alteration.

Place the device in a Faraday cage to prevent corruption of the data.

Record the collection in a blockchain-protected public ledger.

123. In which of the following risk management strategies would cybersecurity insurance be used?

Transference

Avoidance

Acceptance

Mitigation

124. A large financial services firm recently released information regarding a security bfeach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information.

Which of the following methods did the attacker MOST likely use to gam access?

A bot

A fileless virus

A logic bomb

A RAT

125. A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts.

While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?

Dictionary

Credential-stuffing

Password-spraying

Brute-force

126. A security administrator suspects there may be unnecessary services running on a server.

Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Nmap

Wireshark

Autopsy

DNSEnum

127. A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization’s network.

Which of the following will the analyst MOST likely use to accomplish the objective?

A table exercise

NST CSF

MTRE ATT$CK

OWASP

128. Joe, an employee, is transferring departments and is providing copies of his files to a network share folder for his previous team to access. Joe is granting read-write-execute permissions to his manager but giving read-only access to the rest of the team.

Which of the following access controls is Joe using?

FACL

DAC

ABAC

MAC

129. An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.

Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

Using geographic diversity to have VPN terminators closer to end users

Utilizing split tunneling so only traffic for corporate resources is encrypted

Purchasing higher-bandwidth connections to meet the increased demand

Configuring QoS properly on the VPN accelerators

130. A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN.

Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?

Due to foreign travel, the user’s laptop was isolated from the network.

The user’s laptop was quarantined because it missed the latest path update.

The VPN client was blacklisted.

The user’s account was put on a legal hold.

Page 14 of 14

131. Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

Footprinting

White-box testing

A drone/UAV

Pivoting

132. A500 is implementing an insider threat detection program,. The primary concern is that users may be accessing confidential data without authorization.

Which of the fallowing should be deployed to detect a potential insider threat?

A honeyfile

A DMZ

ULF

File integrity monitoring

133. Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Red team

While team

Blue team

Purple team

134. A network engineer needs to build a solution that will allow guests at the company’s headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet.

Which of the following should the engineer employ to meet these requirements?

Implement open PSK on the APs

Deploy a WAF

Configure WIPS on the APs

Install a captive portal

135. Which of the following is a difference between a DRP and a BCP?

A BCP keeps operations running during a disaster while a DRP does not.

A BCP prepares for any operational interruption while a DRP prepares for natural disasters

A BCP is a technical response to disasters while a DRP is operational.

A BCP Is formally written and approved while a DRP is not.

136. A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.

Which of the following BEST describe this type of attack? (Choose two.)

DoS

SSL stripping

Memory leak

Race condition

Shimming

Refactoring

Comments (8)

Penne Mcp April 5, 2023 Reply

23. A user downloaded an extension for a browser, and the uses device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data.

That wrong correct answer is powershell
- dumps April 5, 2023 Reply
  
  Thanks for your feedback.
Silas January 4, 2022 Reply

An attacker is attempting to exploit users by creating a fake website with the URL users.

Which of the following social-engineering attacks does this describe?
Information elicitation
Typo squatting
Impersonation
Watering-hole attack

The Answer here is TypoSquatting not Watering Hole Attack.
- dumps January 4, 2022 Reply
  
  Thanks for correction.
John J Brown November 18, 2021 Reply

25. A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release.

Which of the following BEST describes the tasks the developer is conducting?
Verification
Validation
Normalization
Staging

It seems the answer should be Validation. Validation uses code execution. Verification uses little or no code. Can you check this answer please. Thank you.
- dumps November 19, 2021 Reply
  
  Hi, our experts just checked it, the correct answer is B. Thanks for your feedback.
John November 18, 2021 Reply

3. Which of the following would satisfy three-factor authentication?
Password, retina scanner, and NFC card wrong
Password, fingerprint scanner, and retina scanner correct
Password, hard token, and NFC card
Fingerprint scanner, hard token, and retina scanner

The answer seems to be wrong. The answer has Passwords, fingerprint scanner, and retina scanner. This would be something you know, something you are, and something you are.

It should be something you know (Password), something you are (Retina scanner) and something you have (NFC Card.)
- dumps November 18, 2021 Reply
  
  Thanks for your correction. I have sent it to our experts for checking.

CompTIA Security+ SY0-601 Dumps Questions

CompTIA Security+ SY0-601 Dumps Questions

Share this post

Comments (8)

Leave a Reply Cancel reply

Related Posts