Month End Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

SY0-601 CompTIA Security+ Exam 2021 Questions and Answers

Questions 4

A user recently attended an exposition and received some digital promotional materials The user later noticed

blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which

the user did not open Which of the following is MOST likely the cause of the reported issue?

Options:

A.

There was a drive-by download of malware

B.

The user installed a cryptominer

C.

The OS was corrupted

D.

There was malicious code on the USB drive

Buy Now
Questions 5

Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware?

Options:

A.

Install a definition-based antivirus.

B.

Implement an IDS/IPS

C.

Implement a heuristic behavior-detection solution.

D.

Implement CASB to protect the network shares.

Buy Now
Questions 6

Which of the following control types would be BEST to use to identify violations and incidents?

Options:

A.

Detective

B.

Compensating

C.

Deterrent

D.

Corrective

E.

Recovery

F.

Preventive

Buy Now
Questions 7

Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

Options:

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Buy Now
Questions 8

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better.

Options:

A.

validate the vulnerability exists in the organization's network through penetration testing

B.

research the appropriate mitigation techniques in a vulnerability database

C.

find the software patches that are required to mitigate a vulnerability

D.

prioritize remediation of vulnerabilities based on the possible impact.

Buy Now
Questions 9

A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely the cause of the cause of the access issues?

Options:

A.

False rejection

B.

Cross-over error rate

C.

Efficacy rale

D.

Attestation

Buy Now
Questions 10

Which of the following relets to applications and systems that are used within an organization without consent or approval?

Options:

A.

Shadow IT

B.

OSINT

C.

Dark web

D.

Insider threats

Buy Now
Questions 11

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.

Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely

obligated by contracts to:

Options:

A.

perform attribution to specific APTs and nation-state actors.

B.

anonymize any PII that is observed within the IoC data.

C.

add metadata to track the utilization of threat intelligence reports.

D.

assist companies with impact assessments based on the observed data

Buy Now
Questions 12

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Options:

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Buy Now
Questions 13

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine the next course of action?

Options:

A.

An incident response plan

B.

A communications plan

C.

A disaster recovery plan

D.

A business continuity plan

Buy Now
Questions 14

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).

Options:

A.

VPN

B.

Drive encryption

C.

Network firewall

D.

File level encryption

E.

USB blocker

F.

MFA

Buy Now
Questions 15

A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GPS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Buy Now
Questions 16

A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Options:

A.

Loss of proprietary information

B.

Damage to the company’s reputation

C.

Social engineering

D.

Credential exposure

Buy Now
Questions 17

A financial analyst is expecting an email containing sensitive information from a client. When the email

arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is

the MOST likely cause of the issue?

Options:

A.

The S/MME plug-in is not enabled.

B.

The SLL certificate has expired.

C.

Secure IMAP was not implemented

D.

POP3S is not supported

Buy Now
Questions 18

An engineer is configuring AAA authentication on a Cisco MDS 9000 Series Switch. The LDAP server is located under the IP 10.10.2.2. The data

sent to the LDAP server should be encrypted. Which command should be used to meet these requirements?

Options:

A.

Idap-server 10.10.2.2 key SSL_KEY

B.

Idap-server host 10.10.2.2 key SSL_KEY

C.

Idap-server 10.10.2.2 port 443

D.

Idap-server host 10.10.2.2 enable-ssl

Buy Now
Questions 19

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Buy Now
Questions 20

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Buy Now
Questions 21

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

C.

HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

D.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00

Buy Now
Questions 22

Which of the following would satisfy three-factor authentication requirements?

Options:

A.

Password, PIN, and physical token

B.

PIN, fingerprint scan, and ins scan

C.

Password, fingerprint scan, and physical token

D.

PIN, physical token, and ID card

Buy Now
Questions 23

A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Options:

A.

Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B.

Change the password for the guest wireless network every month.

C.

Decrease the power levels of the access points for the guest wireless network.

D.

Enable WPA2 using 802.1X for logging on to the guest wireless network.

Buy Now
Questions 24

Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

Options:

A.

TOTP

B.

Biometrics

C.

Kerberos

D.

LDAP

Buy Now
Questions 25

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.

SaaS

B.

VDI

C.

Containers

D.

Microservices

Buy Now
Questions 26

A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

Options:

A.

Identify rogue access points.

B.

Check for channel overlaps.

C.

Create heat maps.

D.

Implement domain hijacking.

Buy Now
Questions 27

The IT department at a university is concerned about professors placing servers on the university network in

an attempt to bypass security controls. Which of the following BEST represents this type of threat?

Options:

A.

A script kiddie

B.

Shadow IT

C.

Hacktivism

D.

White-hat

Buy Now
Questions 28

A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to implement a high availability pair to:

Options:

A.

ned that business may be negatecrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair,

D.

reduce the recovery time objective.

Buy Now
Questions 29

An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

Options:

A.

Geographic dispersal

B.

Password complexity

C.

Password history

D.

Geotagging

E.

Password lockout

F.

Geofencing

Buy Now
Questions 30

Which of the following is a physical security control that ensures onty the authorized user is present when gaining access to a secured area?

Options:

A.

A biometric scanner

B.

A smart card reader

C.

APKItoken

D.

A PIN pad

Buy Now
Questions 31

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.

Security patches were uninstalled due to user impact.

B.

An adversary altered the vulnerability scan reports

C.

A zero-day vulnerability was used to exploit the web server

D.

The scan reported a false negative for the vulnerability

Buy Now
Questions 32

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 33

A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

Options:

A.

Dual supply

B.

Generator

C.

PDU

D.

Dally backups

Buy Now
Questions 34

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Buy Now
Questions 35

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Options:

A.

Disable unneeded services.

B.

Install the latest security patches.

C.

Run a vulnerability scan.

D.

Encrypt all disks.

Buy Now
Questions 36

A security administrator Is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Select TWO).

Options:

A.

IPSec

B.

SFTP

C.

SRTP

D.

LDAPS

E.

S/MIME

F.

SSL VPN

Buy Now
Questions 37

Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

Options:

A.

To provide data to quantify risk based on the organization's systems

B.

To keep all software and hardware fully patched for known vulnerabilities

C.

To only allow approved, organization-owned devices onto the business network

D.

To standardize by selecting one laptop model for all users in the organization

Buy Now
Questions 38

Adynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the BEST remediation to prevent this vulnerability?

Options:

A.

Implement input validations.

B.

Deploy MFA.

C.

Utilize a WAF.

D.

Configure HIPS.

Buy Now
Questions 39

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.

Non-credentialed

B.

Web application

C.

Privileged

D.

Internal

Buy Now
Questions 40

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available?

Options:

A.

Adding a new UPS dedicated to the rack

B.

Installing a managed PDU

C.

Using only a dual power supplies unit

D.

Increasing power generator capacity

Buy Now
Questions 41

Several attempts have been made lo pick the door lock of a secure facility As a result the security engineer has been assigned to implement a stronger preventative access control Which of the following would BEST complete the engineer's assignment?

Options:

A.

Replacing the traditional key with an RFID key

B.

Installing and monitoring a camera facing the door

C.

Setting motion-sensing lights to illuminate the door on activity

D.

Surrounding the property with fencing and gates

Buy Now
Questions 42

A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Select TWO).

Options:

A.

Password and security question

B.

Password and CAPTCHA

C.

Password and smart card

D.

Password and fingerprint

E.

Password and one-time token

F.

Password and voice

Buy Now
Questions 43

Which of the following describes where an attacker can purchase DDoS or ransomware services?

Options:

A.

Threat intelligence

B.

Open-source intelligence

C.

Vulnerability database

D.

Dark web

Buy Now
Questions 44

An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider IS

used and the selected option is highly scalable?

Options:

A.

Self-signed certificate

B.

Certificate attributes

C.

Public key Infrastructure

D.

Domain validation

Buy Now
Questions 45

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on other company servers without issue. Which of the following is the MOST likely reason for this finding?

Options:

A.

The required intermediate certificate is not loaded as part of the certificate chain.

B.

The certificate is on the CRL and is no longer valid.

C.

The corporate CA has expired on every server, causing the certificate to fail verification.

D.

The scanner is incorrectly configured to not trust this certificate when detected on the server.

Buy Now
Questions 46

During a security incident investigation, an analyst consults the company’s SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide the information?

Options:

A.

WAF logs

B.

DNS logs

C.

System logs

D.

Application logs

Buy Now
Questions 47

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Options:

A.

Unsecured root accounts

B.

Zero—day

C.

Shared tenancy

D.

Insider threat

Buy Now
Questions 48

Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

Options:

A.

Cloud control matrix

B.

Reference architecture

C.

NIST RMF

D.

CIS Top 20

Buy Now
Questions 49

A cyber-security administrator is using an enterprise firewall. The administrator created some rules, but now Seems to be unresponsive. All connections being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

Options:

A.

# iptables -t mangle -x

B.

# iptables -f

C.

# iptables -z

D.

# iptables -p input -j drop

Buy Now
Questions 50

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Options:

A.

Chain of custody

B.

Legal hold

C.

Event log

D.

Artifacts

Buy Now
Questions 51

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the Most likely reason for this issue?

Options:

A.

Outdated software

B.

Weak credentials

C.

Lack of encryption

D.

Backdoors

Buy Now
Questions 52

A security analyst is tasked with defining the “something you are“ factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?

Options:

A.

Gait analysis

B.

Vein

C.

Soft token

D.

HMAC-based, one-time password

Buy Now
Questions 53

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

Options:

A.

CYOD

B.

MDM

C.

COPE

D.

VDI

Buy Now
Questions 54

The Chief information Securtty Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside cornpany. Additionally, the CISO would Ske this solution to provide the same protections even when a company laptop or mobile device ts away from # home office. Which of the following should the CISO choose?

Options:

A.

CASB

B.

Next-generation SWG

C.

NGFW

D.

Web-application firewall

Buy Now
Questions 55

A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

https://www.company.com/payto.do?routi ng=00001111&accc=22223334&amount-250">Click here to unsubscribe

Which of the following will the forensics investigator MOST likely determine has occurred?

Options:

A.

SQL injection

B.

CSRF

C.

XSS

D.

XSRF

Buy Now
Questions 56

The Chief information Security Officer wants to prevent exfilitration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the Best solution to implement?

Options:

A.

DLP

B.

USB data blocker

C.

USB OTG

D.

Disabling USB ports

Buy Now
Questions 57

A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

Options:

A.

Reverse proxy

B.

NIC teaming

C.

Load balancer

D.

Forward proxy

Buy Now
Questions 58

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 59

An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

Options:

A.

Social media

B.

Cloud

C.

Supply chain

D.

Social engineering

Buy Now
Questions 60

A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?

Options:

A.

Use fuzzing testing

B.

Use a web vulnerability scanner

C.

Use static code analysis

D.

Use a penetration-testing OS

Buy Now
Questions 61

The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour?

Options:

A.

Password complexity

B.

Acceptable use

C.

Access control

D.

Clean desk

Buy Now
Questions 62

A security analyst has identified malware spreading through the corporate network and has activated the CSIRT Which of the following should the analyst do NEXT?

Options:

A.

Review how the malware was introduced to the network.

B.

Attempt to quarantine all infected hosts to limit further spread.

C.

Create help desk tickets to get infected systems reimaged.

D.

Update all endpoint antivirus solutions with the latest updates.

Buy Now
Questions 63

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

Options:

A.

Rainbow table attack

B.

Password spraying

C.

Logic bomb

D.

Malware bot

Buy Now
Questions 64

A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

Options:

A.

MAC cloning

B.

Evil twin

C.

Man-in-the-middle

D.

ARP poisoning

Buy Now
Questions 65

A network engineer created two subnets that will be used for production and development servers. Per security policy, production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

Options:

A.

VLANS

B.

Internet proxy servers

C.

NIDS

D.

Jump servers

Buy Now
Questions 66

To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request?

Options:

A.

laas

B.

Paas

C.

Daas

D.

SaaS

Buy Now
Questions 67

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

Options:

A.

Obfuscation

B.

Normalization

C.

Execution

D.

Reuse

Buy Now
Questions 68

A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

Options:

A.

Logs from each device type and security layer to provide correlation of events

B.

Only firewall logs since that is where attackers will most likely try to breach the network

C.

Email and web-browsing logs because user behavior is often the cause of security breaches

D.

NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device

Buy Now
Questions 69

Which of the following control types fixes a previously identified issue and mitigates a risk?

Options:

A.

Detective

B.

Corrective

C.

Preventative

D.

Finalized

Buy Now
Questions 70

Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

Options:

A.

Set up hashing on the source log file servers that complies with local regulatory requirements,

B.

Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.

C.

Write protect the aggregated log files and move them to an isolated server with limited access.

D.

Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.

Buy Now
Questions 71

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

S/MIME

B.

LDAPS

C.

SSH

D.

SRTP

Buy Now
Questions 72

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Options:

A.

The key length of the encryption algorithm

B.

The encryption algorithm's longevity

C.

A method of introducing entropy into key calculations

D.

The computational overhead of calculating the encryption key

Buy Now
Questions 73

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

Options:

A.

loT sensor

B.

Evil twin

C.

Rogue access point

D.

On-path attack

Buy Now
Questions 74

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.

Shadow IT

B.

Credential stuffing

C.

SQL injection

D.

Man in the browser

E.

Bluejacking

Buy Now
Questions 75

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Buy Now
Questions 76

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

Options:

A.

Establish chain of custody.

B.

Inspect the file metadata.

C.

Reference the data retention policy.

D.

Review the email event logs

Buy Now
Questions 77

fier segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Buy Now
Questions 78

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Buy Now
Questions 79

A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?

Options:

A.

inability to authenticate

B.

Implied trust

C.

Lack of computing power

D.

Unavailable patch

Buy Now
Questions 80

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Options:

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Buy Now
Questions 81

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

Options:

A.

DLL injection to hijack administrator services

B.

SQLi on the field to bypass authentication

C.

Execution of a stored XSS on the website

D.

Code to execute a race condition on the server

Buy Now
Questions 82

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physical move the PC to a separate internet pint of presence

B.

Create and apply microsegmantion rules.

C.

Emulate the malware in a heavily monitored DM Z segment.

D.

Apply network blacklisting rules for the adversary domain

Buy Now
Questions 83

Ahelp desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

Options:

A.

Check the metadata in the email header of the received path in reverse order to follaw the email’s path.

B.

Hover the mouse over the CIO's email address to verify the email address.

C.

Look at the metadata in the email header and verify the "From." line matches the CIO's email address.

D.

Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Buy Now
Questions 84

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Buy Now
Questions 85

Whiich of the following Gieuster recovery tests ie the LEAST time coneuntng for tie easier recovery tearm?

Options:

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Buy Now
Questions 86

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Options:

A.

Block cipher

B.

Hashing

C.

Private key

D.

Perfect forward secrecy

E.

Salting

F.

Symmetric keys

Buy Now
Questions 87

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.

Mantraps

B.

Security guards

C.

Video surveillance

D.

Fences

E.

Bollards

F.

Antivirus

Buy Now
Questions 88

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 89

A security engineer is installing a WéAF io protect the company's website from malicious wed requests over SSL, Which of the following is needed io meet the objective?

A, A ere proxy

B.A Geeryption certificate

C. A gpill-tunnel VPN

D. Load-balanced servere

Options:

Buy Now
Questions 90

A major Clotting company recently lost 4 aege amount of propeetary wvformaton The security olficer must fied a solution t ensure frs never happens agan tht 8 the BEST tachrycal implementation tp prevent thes fom happening agai?

Options:

A.

Configure OLP soktons

B.

Disable peer-to-peer sharing

C.

Enable role-based access controls.

D.

Mandate job rotabon

E.

Implement content ters

Buy Now
Questions 91

A scurity analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Buy Now
Questions 92

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Buy Now
Questions 93

A company has decovered unauthorized devices are using its WiFi network, and it wants to harden the access point to imporve security. Which f the following configuration shoujld an analysis enable

To improve security? (Select TWO.)

Options:

A.

RADIUS

B.

PEAP

C.

WPS

D.

WEP-EKIP

E.

SSL

F.

WPA2-PSK

Buy Now
Questions 94

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

Options:

A.

Denial of service

B.

ARP poisoning

C.

Command injection

D.

MAC flooding

Buy Now
Questions 95

A security analyst has identified malv/are spreading through the corporate network and has activated the CSIRT Which of the following should the analyst do NEXT? A A. Review how the malware was introduced to the network

B. Attempt to quarantine all infected hosts to limit further spread

C. Create help desk tickets to get infected systems reimaged

D. Update all endpomt antivirus solutions with the latest updates

Options:

Buy Now
Questions 96

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Options:

A.

privilege escalation

B.

footprinting

C.

persistence

D.

pivoting.

Buy Now
Questions 97

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous integration

Buy Now
Questions 98

Which of the following components can be used to consolidate and forward inbound Internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Buy Now
Questions 99

A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials Which of the following controls was being violated?

Options:

A.

Password complexity

B.

Password history

C.

Password reuse

D.

Password length

Buy Now
Questions 100

A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the BEST way for the company to mitigate this attack?

Options:

A.

Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.

B.

Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.

C.

Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.

D.

Use an automated tool to flood the phishing websites with fake usernames and passwords.

Buy Now
Questions 101

The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed Which of the following solutions should the SOC consider to BEST improve its response time?

Options:

A.

Configure a NIDS appliance using a Switched Port Analyzer

B.

Collect OSINT and catalog the artifacts in a central repository

C.

Implement a SOAR with customizable playbooks

D.

Install a SIEM with community-driven threat intelligence

Buy Now
Questions 102

During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

Options:

A.

Check for any recent SMB CVEs

B.

Install AV on the affected server

C.

Block unneeded TCP 445 connections

D.

Deploy a NIDS in the affected subnet

Buy Now
Questions 103

During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?

Options:

A.

The forensic investigator forgot to run a checksum on the disk image after creation

B.

The chain of custody form did not note time zone offsets between transportation regions

C.

The computer was turned off. and a RAM image could not be taken at the same time

D.

The hard drive was not properly kept in an antistatic bag when rt was moved

Buy Now
Questions 104

A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution In order to reslnct PHI documents which of the following should be performed FIRST?

Options:

A.

Retention

B.

Governance

C.

Classification

D.

Change management

Buy Now
Questions 105

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

Options:

A.

Application allow list

B.

SWG

C.

Host-based firewall

D.

VPN

Buy Now
Questions 106

An IT manager is estimating the mobile device budget for the upcoming year Over the last five years, the number of devices that were replaced due to loss damage or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

Options:

A.

ALE

B.

ARO

C.

RPO

D.

SLE

Buy Now
Questions 107

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

Options:

A.

SSO

B.

IDS

C.

MFA

D.

TPM

Buy Now
Questions 108

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

Options:

A.

Conduct a full vulnerability scan to identify possible vulnerabilities

B.

Perform containment on the critical servers and resources

C.

Review the firewall and identify the source of the active connection

D.

Disconnect the entire infrastructure from the internet

Buy Now
Questions 109

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Options:

A.

Utilizing SIEM correlation engines

B.

Deploying Netflow at the network border

C.

Disabling session tokens for all sites

D.

Deploying a WAF for the web server

Buy Now
Questions 110

An organization has hired a ted team to simulate attacks on its security posture Which of the following will the blue team do after detecting an loC?

Options:

A.

Reimage the impacted workstations

B.

Activate runbooks for incident response

C.

Conduct forensics on the compromised system

D.

Conduct passive reconnaissance to gather information

Buy Now
Questions 111

Field workers in an organization are issued mobile phones on a daily basis All the work is performed within one city and the mobile phones are not used for any purpose other than work The organization does not want these pnones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the pnones do not need to be reissued every day Qven the conditions described, which of the following technologies would BEST meet these requirements'

Options:

A.

Geofencing

B.

Mobile device management

C.

Containenzation

D.

Remote wiping

Buy Now
Questions 112

Several universities are participating m a collaborative research project and need to share compute and storage resources Which of the following cloud deployment strategies would BEST meet this need?

Options:

A.

Community

B.

Private

C.

Public

D.

Hybrid

Buy Now
Questions 113

A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?

Options:

A.

Public

B.

Community

C.

Hybrid

D.

Private

Buy Now
Questions 114

A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation which improves conditions, but performance degrades again after a few days. The administrator runs an anarysis tool and sees the following output:

The administrator terminates the timeAttend.exe observes system performance over the next few days, and notices that the system performance does not degrade Which of the following issues is MOST likely occurring?

Options:

A.

DLL injection

B.

API attack

C.

Buffer oveiflow

D.

Memory leak

Buy Now
Questions 115

A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?

Options:

A.

DNS poisoning

B.

MAC flooding

C.

DDoS attack

D.

ARP poisoning

Buy Now
Questions 116

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 117

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

  • Deny cleartext web traffic.
  • Ensure secure management protocols are used. Please Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 118

A SOC operator is analyzing a log file that contains the following entries:

Options:

A.

SQL injection and improper input-handling attempts

B.

Cross-site scripting and resource exhaustion attempts

C.

Command injection and directory traversal attempts

D.

Error handling and privilege escalation attempts

Buy Now
Questions 119

A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

Options:

A.

Autopsy

B.

Memdump

C.

FTK imager

D.

Wireshark

Buy Now
Questions 120

Which of the following refers to applications and systems that are used within an organization without consent or approval?

Options:

A.

Shadow IT

B.

OSINT

C.

Dark web

D.

Insider threats

Buy Now
Questions 121

Interiprsing a secure area requires passing though two doors, both of which require someone who is already inside to initiate access. Which of the following types

of physical security controls does this describe?

Options:

A.

Cameras

B.

Faraday cage

C.

Access control vestibule

D.

Sensors

E.

Guards

Buy Now
Questions 122

Which of the following utilize a subset of real data and are MOST likely to be used to assess the features and functions of a system and how it interacts or performs from an end user's perspective against defined test cases? (Select TWO).

Options:

A.

A Production

B.

Test

C.

Research and development

D.

PoC

E.

UAT

F.

SDLC

Buy Now
Questions 123

A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual

traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?

Options:

A.

HIDS

B.

UEBA

C.

CASB

D.

VPC

Buy Now
Questions 124

Whichppf the following will MOST likely cause machine-learning and Al-enabled systems to operate with unintended consequences?

Options:

A.

Stored procedures

B.

Buffer overflows

C.

Data bias

D.

Code reuse

Buy Now
Questions 125

A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporateowned devices to have access to the intranet but limit others to internet access only, Which of the following should the administrator recommend?

Options:

A.

802.1X utilizing the current PKI infrastructure

B.

SSO to authenticate corporate users

C.

MAC address filtering with ACLS on the router

D.

PAM for user account management

Buy Now
Questions 126

A financial nstitution wauid like to stare its customer data in a coud but still allaw the data ta he accessed and manipulated while encrypted. Doing so would prevent the claud servine provider from heing adle ta decipher the cata

due ta its sensitivity. The financial institutan is not concernec about computational averheads and slow speeds, Which of the follawing cryotographic techniques would BEST meet the requirement?

Options:

A.

Asymmatric

B.

Symmetric

C.

Homeomorph

D.

Ephemeral

Buy Now
Questions 127

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

Options:

A.

RA

B.

OcsP

C.

CRL

D.

CSR

Buy Now
Questions 128

A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Buy Now
Questions 129

Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is

configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?

Options:

A.

WPA3

B.

AES

C.

RADIUS

D.

WPS

Buy Now
Questions 130

To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the

following solutions would BEST accomplish this objective?

Options:

A.

Install a hypervisor firewall to filter east-west traffic.

B.

Add more VLANs to the hypervisor network switches.

C.

Move exposed or vulnerable VMs to the DMZ.

D.

Implement a zero-trust policy and physically segregate the hypervisor servers.

Buy Now
Questions 131

A security analyst Is reviewing the following output from a system:

Which of the following is MOST likely being observed?

Options:

A.

ARP polsoning

B.

Man in the middie

C.

Denial of service

D.

DNS poisoning

Buy Now
Questions 132

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to be kept for a minimum of 30 days

C.

Integration of threat intelligence in the company's AV

D.

A data-breach clause requiring disclosure of significant data loss

Buy Now
Questions 133

An organization regularly scans its infrastructure for missing security patches but is concerned about hackers gaining access to the scanner's account. Which of

the following would be BEST to minimize this risk?

Options:

A.

Require a complex, eight-character password that is updated every 90 days.

B.

Perform only non-intrusive scans of workstations.

C.

Use non-credentialed scans against high-risk servers.

D.

Log and alert on unusual scanner account logon times.

Buy Now
Questions 134

Which of the following often operates in a client-server architecture to act as a service repository. provicing enterprise consumers access to structured threat intelligence data?

Options:

A.

STIX

B.

CIRT

C.

OSINT

D.

TAXII

Buy Now
Questions 135

An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following

solutions should the organization implement to reduce the likelihood of future data breaches?

Options:

A.

MDM

B.

MAM

C.

VDI

D.

DLP

Buy Now
Questions 136

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

Options:

A.

Perform e@ vulnerability scan to identify the weak spots.

B.

Use a packet analyzer to investigate the NetFlow traffic

C.

Check the SIEM to review the correlated logs.

D.

Require access to the routers to view current sessions,

Buy Now
Questions 137

An n that has a large number of mobile devices is explonng enhanced secunty controls to manage unauthonzed access if a device is lost or stolen. Specifically, ¢ mobile devices are mor than dmi (4 8km) from the busding, the management team would like to have the secunty team alerted and server resources restricted on those devices. Which of the following controls should the organization implement?

A Geofencing

B Lockout

C. Near-field communication

D GPS tagging

Options:

Buy Now
Questions 138

A smail business office is setting up a wireless infrastructure with primary requirements centered around protecting customer information and preventing unauthorized access to the

business network. Which of the following would BEST support the office's business needs? (Select TWO)

Options:

A.

Installing WAPs with strategic placement

B.

Configuring access using WPA3

C.

Installing a WIDS

D.

Enabling MAC filtering

E.

Changing the WiFi password every 30 days

F.

Reducing WiFi transmit power throughout the office

Buy Now
Questions 139

An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization

need to determine for this to be successful?

Options:

A.

The baseline

B.

The endpoint configurations

C.

The adversary behavior profiles

D.

The IPS signatures

Buy Now
Questions 140

An engineer is setting up a VDI environment for a factory tocation, and the business wants to deploy a low-cost solution to enadle users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

Options:

A.

Laptops

B.

Containers

C.

Thin clients

D.

Workstations

Buy Now
Questions 141

An organization is having difficulty correlating events from its individual AV, EDR. DLP. SWG, WAF, MDM. HIPS. and CASB systems. Which of the following Is the BEST way to improve the situation?

A Remove expensive systems that generate few alerts,

B. Modify the systems to alert only on critical issues.

C. Utilize a SIEM to centralize logs and dashboards.

D. implement a new syslog/NetFlow appliance.

Options:

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2021
Last Update: Mar 19, 2023
Questions: 943
SY0-601 pdf

SY0-601 PDF

$28  $80
SY0-601 Engine

SY0-601 Testing Engine

$33.25  $95
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$45.5  $130