Cool October Special Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

SY0-601 CompTIA Security+ Exam 2021 Questions and Answers

Questions 4

An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?

Options:

A.

NGFW

B.

Pagefile

C.

NetFlow

D.

RAM

Buy Now
Questions 5

An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

Options:

A.

The end user purchased and installed a PUP from a web browser

B.

A bot on the computer is brute forcing passwords against a website

C.

A hacker is attempting to exfiltrate sensitive data

D.

Ransomware is communicating with a command-and-control server.

Buy Now
Questions 6

Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?

Options:

A.

MOU

B.

MTTR

C.

SLA

D.

NDA

Buy Now
Questions 7

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

Options:

A.

SSAE SOC 2

B.

PCI DSS

C.

GDPR

D.

ISO 31000

Buy Now
Questions 8

A security analyst needs to perform periodic vulnerably scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report?

Options:

A.

Port

B.

Intrusive

C.

Host discovery

D.

Credentialed

Buy Now
Questions 9

A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

Options:

A.

Man-in- the middle

B.

Spear-phishing

C.

Evil twin

D.

DNS poising

Buy Now
Questions 10

A large enterprise has moved all Hs data to the cloud behind strong authentication and encryption A sales director recently had a laptop stolen and later, enterprise data was round to have been compromised database. Which of the following was the MOST likely cause?

Options:

A.

Shadow IT

B.

Credential stuffing

C.

SQL injection

D.

Man-in-the-browser

E.

Bluejacking

Buy Now
Questions 11

A security administrator checks the table of a network switch, which shows the following output:

Which of the following is happening to this switch?

Options:

A.

MAC Flooding

B.

DNS poisoning

C.

MAC cloning

D.

ARP poisoning

Buy Now
Questions 12

A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

Options:

A.

IP conflict

B.

Pass-the-hash

C.

MAC flooding

D.

Directory traversal

E.

ARP poisoning

Buy Now
Questions 13

A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner. Which of the following access control schemes BEST fits the requirements?

Options:

A.

Role-based access control

B.

Discretionary access control

C.

Mandatory access control

D.

Attribute-based access control

Buy Now
Questions 14

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?

Options:

A.

The DNS logs

B.

The web server logs

C.

The SIP traffic logs

D.

The SNMP logs

Buy Now
Questions 15

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?

Options:

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Buy Now
Questions 16

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

Options:

A.

Dual power supply

B.

Off-site backups

C.

Automatic OS upgrades

D.

NIC teaming

E.

Scheduled penetration testing

F.

Network-attached storage

Buy Now
Questions 17

In which of the following risk management strategies would cybersecurity insurance be used?

Options:

A.

Transference

B.

Avoidance

C.

Acceptance

D.

Mitigation

Buy Now
Questions 18

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

Options:

A.

The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B.

The document is a backup file if the system needs to be recovered.

C.

The document is a standard file that the OS needs to verify the login credentials.

D.

The document is a keylogger that stores all keystrokes should the account be compromised.

Buy Now
Questions 19

A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

Options:

A.

RA1D 0

B.

RAID1

C.

RAID 5

D.

RAID 10

Buy Now
Questions 20

While checking logs, a security engineer notices a number of end users suddenly downloading files with the

.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

Options:

A.

A RAT was installed and is transferring additional exploit tools.

B.

The workstations are beaconing to a command-and-control server.

C.

A logic bomb was executed and is responsible for the data transfers.

D.

A fireless virus is spreading in the local network environment.

Buy Now
Questions 21

A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

Options:

A.

Pass-the-hash

B.

Buffer overflow

C.

Cross-site scripting

D.

Session replay

Buy Now
Questions 22

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

Options:

A.

Mobile device management

B.

Full-device encryption

C.

Remote wipe

D.

Biometrics

Buy Now
Questions 23

Which of the following types of controls is a CCTV camera that is not being monitored?

Options:

A.

Detective

B.

Deterrent

C.

Physical

D.

Preventive

Buy Now
Questions 24

Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware?

Options:

A.

Install a definition-based antivirus.

B.

Implement an IDS/IPS

C.

Implement a heuristic behavior-detection solution.

D.

Implement CASB to protect the network shares.

Buy Now
Questions 25

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO)

Options:

A.

VPN

B.

Drive encryption

C.

Network firewall

D.

File-level encryption

E.

USB blocker

F.

MFA

Buy Now
Questions 26

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.

Nmap

B.

cURL

C.

Netcat

D.

Wireshark

Buy Now
Questions 27

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

Options:

A.

Corrective

B.

Physical

C.

Detective

D.

Administrative

Buy Now
Questions 28

A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO).

Options:

A.

The order of volatility

B.

A checksum

C.

The location of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Buy Now
Questions 29

A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Which of the following will the forensics investigator MOST likely determine has occurred?

Options:

A.

SQL injection

B.

CSRF

C.

XSS

D.

XSRF

Buy Now
Questions 30

Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

Options:

A.

SOAR playbook

B.

Security control matrix

C.

Risk management framework

D.

Benchmarks

Buy Now
Questions 31

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

Options:

A.

Segmentation

B.

Containment

C.

Geofencing

D.

Isolation

Buy Now
Questions 32

Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?

Options:

A.

Application code signing

B.

Application whitellsting

C.

Data loss prevention

D.

Web application firewalls

Buy Now
Questions 33

An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:

Which of the following BEST describes the type of password attack the attacker is performing?

Options:

A.

Dictionary

B.

Pass-the-hash

C.

Brute-force

D.

Password spraying

Buy Now
Questions 34

A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

Options:

A.

A malicious USB was introduced by an unsuspecting employee.

B.

The ICS firmware was outdated

C.

A local machine has a RAT installed.

D.

The HVAC was connected to the maintenance vendor.

Buy Now
Questions 35

An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?

Options:

A.

TLS

B.

PFS

C.

ESP

D.

AH

Buy Now
Questions 36

Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

Options:

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Buy Now
Questions 37

Which of the following describes the ability of code to target a hypervisor from inside

Options:

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Buy Now
Questions 38

An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting?

Options:

A.

Zero-day

B.

Default permissions

C.

Weak encryption

D.

Unsecure root accounts

Buy Now
Questions 39

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

Options:

A.

Check the SIEM for failed logins to the LDAP directory.

B.

Enable MAC filtering on the switches that support the wireless network.

C.

Run a vulnerability scan on all the devices in the wireless network

D.

Deploy multifactor authentication for access to the wireless network

E.

Scan the wireless network for rogue access points.

F.

Deploy a honeypot on the network

Buy Now
Questions 40

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

Options:

A.

Predictability

B.

Key stretching

C.

Salting

D.

Hashing

Buy Now
Questions 41

Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.

OWASP

B.

Vulnerability scan results

C.

NIST CSF

D.

Third-party libraries

Buy Now
Questions 42

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string Which of the following would be BEST to use to accomplish the task? (Select TWO).

Options:

A.

head

B.

Tcpdump

C.

grep

D.

rail

E.

curl

F.

openssi

G.

dd

Buy Now
Questions 43

An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

Options:

A.

Antivirus

B.

IPS

C.

FTP

D.

FIM

Buy Now
Questions 44

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?

Options:

A.

The S/MME plug-in is not enabled.

B.

The SLL certificate has expired.

C.

Secure IMAP was not implemented

D.

POP3S is not supported.

Buy Now
Questions 45

A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

Options:

A.

Create a new acceptable use policy.

B.

Segment the network into trusted and untrusted zones.

C.

Enforce application whitelisting.

D.

Implement DLP at the network boundary.

Buy Now
Questions 46

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 47

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization MOST likely consult?

Options:

A.

The business continuity plan

B.

The disaster recovery plan

C.

The communications plan

D.

The incident response plan

Buy Now
Questions 48

A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the

CSO's concerns?

Options:

A.

SPF

B.

DMARC

C.

SSL

D.

DKIM

E.

TLS

Buy Now
Questions 49

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

Options:

A.

Data encryption

B.

Data masking

C.

Anonymization

D.

Tokenization

Buy Now
Questions 50

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following slops:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an incoming guest. The guest AD credentials are:

User: guest01

Password: guestpass

Options:

Buy Now
Questions 51

The security team received a report of copyright infringement from the IP space of lire corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted file. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Options:

A.

HIDS

B.

Allow list

C.

TPM

D.

NGFW

Buy Now
Questions 52

A SECURITY ANALYST NEEDS TO FIND REAL-TIME DATA ON THE LATEST MALWARE AND loCs WHICH OF THE FOLLOWING BEST DESCRIBE THE SOLUTION THE ANALYST SHOULD PERSUE?

Options:

A.

ADVISORIES AND BULLETINS

B.

THREAT FEEDS

C.

SECURITY NEWS ARTICLES

D.

PEER-REVIEWED CONTENT

Buy Now
Questions 53

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

A The unexpected traffic correlated against multiple rules, generating multiple alerts.

B. Multiple alerts were generated due to an attack occurring at the same time.

C. An error in the correlation rules triggered multiple alerts.

D. The SIEM was unable to correlate the rules, triggering the alerts.

Options:

Buy Now
Questions 54

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Buy Now
Questions 55

Security analyst must enforce policies to harden an MOM infrastructure. The requirements are as follows

•Ensure mobile devices can be traded and wiped.

•Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Buy Now
Questions 56

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN

C.

A VLAN

D.

An ACL

Buy Now
Questions 57

Which of the following is a difference between a DRP and a BCP?

Options:

A.

A BCP keeps operations running during a disaster while a DRP does not.

B.

A BCP prepares for any operational interruption while a DRP prepares for natural disasters

C.

A BCP is a technical response to disasters while a DRP is operational.

D.

A BCP Is formally written and approved while a DRP is not.

Buy Now
Questions 58

An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following

solutions should the organization implement to reduce the likelihood of future data breaches?

Options:

A.

MDM

B.

MAM

C.

VDI

D.

DLP

Buy Now
Questions 59

A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.

Asymmatric

B.

Symmetric

C.

Homeomorphic

D.

Ephemeral

Buy Now
Questions 60

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Options:

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Buy Now
Questions 61

During an investigation, a security manager receives notification from local authorities mat company proprietary data was found on a former employees home computer, The former employee’s corporate workstation has since been repurposed, and the data on the hard drive has been overwritten Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

Options:

A.

Properly configured hosts with security logging

B.

Properly configured endpoint security tool with darting

C.

Properly configured SIEM with retention policies

D.

Properly configured USB blocker with encryption

Buy Now
Questions 62

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

Buy Now
Questions 63

A security analyst b concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should he analyst monitor?

Options:

A.

SFTP

B.

AS

C.

Tor

D.

IoC

Buy Now
Questions 64

The cost of '©movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer

Options:

A.

VLAN zoning with a file-transfer server in an external-facing zone

B.

DLP running on hosts to prevent file transfers between networks

C.

NAC that permits only data-transfer agents to move data between networks

D.

VPN with full tunneling and NAS authenticating through the Active Directory

Buy Now
Questions 65

A desktop support technician recently installed a new document-scanning software program on a computer However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.

A new firewall rule is needed to access the application.

B.

The system was quarantined for missing software updates

C.

The software was not added to the application whitelist.

D.

The system was isolated from the network due to infected software.

Buy Now
Questions 66

A large financial services firm recently released information regarding a security bfeach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gam access?

Options:

A.

A bot

B.

A fileless virus

C.

A logic bomb

D.

A RAT

Buy Now
Questions 67

Joe, an employee, is transferring departments and is providing copies of his files to a network share folder for his previous team to access. Joe is granting read-write-execute permissions to his manager but giving read-only access to the rest of the team. Which of the following access controls is Joe using?

Options:

A.

FACL

B.

DAC

C.

ABAC

D.

MAC

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2021
Last Update: Oct 22, 2021
Questions: 453

PDF + Testing Engine

$76.5  $169.99

Testing Engine

$56.25  $124.99
buy now SY0-601 testing engine

PDF (Q&A)

$49.5  $109.99
buy now SY0-601 pdf