• Home
  • Articles
  • CompTIA SY0-601 Daily Practice Exam New 2023 Updated 603 Questions [Q12-Q37]

CompTIA SY0-601 Daily Practice Exam New 2023 Updated 603 Questions [Q12-Q37]

Share

CompTIA SY0-601 Daily Practice Exam New 2023 Updated 603 Questions

Use Valid SY0-601 Exam - Actual Exam Question & Answer


CompTIA SY0-601 Exam is an updated version of the previous SY0-501 Exam, which reflects the latest trends and technologies in the cybersecurity industry. It includes new topics such as cloud security, IoT security, and mobile device security, and emphasizes the importance of risk management and incident response. CompTIA Security+ Exam certification is recognized by top organizations and government agencies worldwide, making it a valuable asset for IT professionals seeking to advance their careers in the cybersecurity field.

 

NEW QUESTION # 12
When planning to build a virtual environment, an administrator need to achieve the following,
* Establish polices in Limit who can create new VMs
* Allocate resources according to actual utilization'
* Require justifition for requests outside of the standard requirements.
* Create standardized categories based on size and resource requirements Which of the following is the administrator MOST likely trying to do?

  • A. Avoid VM sprawl
  • B. Implement IaaS replication
  • C. Product against VM escape
  • D. Deploy a PaaS

Answer: A


NEW QUESTION # 13
An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

  • A. CASB
  • B. EDR
  • C. SOAR
  • D. SIEM

Answer: C


NEW QUESTION # 14
A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first.
Which of the following would be the BEST method to increase the security on the Linux server?

  • A. Remove all user accounts.
  • B. Use only guest accounts to connect.
  • C. Randomize the shared credentials
  • D. Use SSH keys and remove generic passwords

Answer: D


NEW QUESTION # 15
An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited?

  • A. Default settings
  • B. Unsecure protocols
  • C. Open permissions
  • D. Weak encryption

Answer: A


NEW QUESTION # 16
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.
The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:
* Mobile device OSs must be patched up to the latest release
* A screen lock must be enabled (passcode or biometric)
* Corporate data must be removed if the device is reported lost or stolen
Which of the following controls should the security engineer configure? (Select TWO)

  • A. Geofencing
  • B. Remote wipe
  • C. Containerization
  • D. Full-device encryption
  • E. Storage segmentation
  • F. Posturing

Answer: B,D


NEW QUESTION # 17
Historically. a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would BEST help prevent the malware from being installed on the computers?

  • A. NGFW
  • B. EDR
  • C. DLP
  • D. AUP

Answer: A


NEW QUESTION # 18
The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

  • A. an influence campaign
  • B. a watering-hole attack
  • C. information elicitation
  • D. prepending.
  • E. intimidation

Answer: A


NEW QUESTION # 19
A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

  • A. Containment
  • B. Segmentation
  • C. Firewall whitelisting
  • D. Isolation

Answer: C


NEW QUESTION # 20
While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

  • A. A Telnet session
  • B. SFTP traffic
  • C. An SSH connection
  • D. SNMP traps

Answer: A

Explanation:
Explanation
The security analyst is likely observing a Telnet session, as Telnet transmits data in plain text format, including usernames and passwords. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 1.2 Given a scenario, analyze indicators of compromise and determine the type of malware.


NEW QUESTION # 21
A systems analyst is responsible for generating a new digital forensics chain-of-custody form.
Which of the following should the analyst include in this documentation? (Choose two.)

  • A. A warning banner
  • B. The provenance of the artifacts
  • C. The date and time
  • D. The vendor's name
  • E. The order of volatility
  • F. ACRC32 checksum

Answer: B,C


NEW QUESTION # 22
The chief information security officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data which of the following would be BEST for the third-party vendor to provide the CISO?

  • A. cloud security alliance materials
  • B. SOC 2 type 2 report
  • C. NIST RMP workbooks
  • D. GDPR compliance attestation

Answer: B


NEW QUESTION # 23
After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall policies would be MOST secure for a web server?
A)

B)

C)

D)

  • A. Option B
  • B. Option A
  • C. Option D
  • D. Option C

Answer: C


NEW QUESTION # 24
Which of the following measures the average time that equipment will operate before it breaks?

  • A. RTO
  • B. ARO
  • C. SLE
  • D. MTBF

Answer: A

Explanation:
the measure that calculates the average time that equipment will operate before it breaks is MTBF12. MTBF stands for Mean Time Between Failures and it is a metric that represents the average time between two failures occurring in a given period12. MTBF is used to measure the reliability and availability of a product or system12. The higher the MTBF, the more reliable and available the product or system is12.


NEW QUESTION # 25
A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

  • A. Increase password complexity requirements.
  • B. Implement salting and hashing.
  • C. Create DLP controls that prevent documents from leaving the network.
  • D. Configure the web content filter to block access to the forum.

Answer: B

Explanation:
Explanation
Salting and hashing are techniques that can improve the security of passwords stored in a database by making them harder to crack or reverse-engineer by hackers who might access the database12.
Salting is the process of adding a unique, random string of characters known only to the site to each password before it is hashed2. Hashing is the process of converting a password into a fixed-length string of characters, which cannot be reversed3. Salting and hashing ensure that the encryption process results in a different hash value, even when two passwords are the same1. This makes it more difficult for an attacker to use pre-computed tables or dictionaries to guess the passwords, or to exploit duplicate hashes in the database4.


NEW QUESTION # 26
A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal.
While Investigating the incident, the analyst identified the following Input in the username field:


Which of the following BEST explains this type of attack?

  • A. DLL injection to hijack administrator services
  • B. SQLi on the field to bypass authentication
  • C. Execution of a stored XSS on the website
  • D. Code to execute a race condition on the server

Answer: D


NEW QUESTION # 27
As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

  • A. STIX
  • B. TTP
  • C. TLP
  • D. TAXII

Answer: D

Explanation:
Explanation
Trusted Automated Exchange of Intelligence Information (TAXII) is a standard protocol that enables the sharing of cyber threat intelligence between organizations. It allows organizations to automate the exchange of information in a secure and timely manner. References: CompTIA Security+ Certification Exam Objectives -
3.6 Given a scenario, implement secure network architecture concepts. Study Guide: Chapter 4, page 167.


NEW QUESTION # 28
A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?

  • A. Containment
  • B. Preparation
  • C. Recovery
  • D. Identification

Answer: B


NEW QUESTION # 29
A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

  • A. DLL injection to hijack administrator services
  • B. Execution of a stored XSS on the website
  • C. SQLi on the field to bypass authentication
  • D. Code to execute a race condition on the server

Answer: C


NEW QUESTION # 30
During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

  • A. Create and apply micro segmentation rules.
  • B. Apply network blacklisting rules for the adversary domain
  • C. Physical move the PC to a separate internet pint of presence
  • D. Emulate the malware in a heavily monitored DM Z segment.

Answer: D

Explanation:
To observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC while reducing the risk of lateral spread and the risk that the adversary would notice any changes, the best technique to use is to emulate the malware in a heavily monitored DMZ segment. This is a secure environment that is isolated from the rest of the network and can be heavily monitored to detect any suspicious activity. By emulating the malware in this environment, the activity can be observed without the risk of lateral spread or detection by the adversary. Reference: https://www.sans.org/blog/incident-response-fundamentals-why-is-the-dmz-so-important/


NEW QUESTION # 31
An organization is repairing the damage after an incident. Which of the following controls is being implemented?

  • A. Compensating
  • B. Detective
  • C. Preventive
  • D. Corrective

Answer: D

Explanation:
Explanation
A corrective control is a type of security control that is designed to mitigate the damage caused by a security incident or to restore the normal operations after an incident. A corrective control can include actions such as restoring from backups, applying patches, isolating infected systems, or implementing new policies and procedures. A corrective control is different from a preventive control, which aims to stop an incident from happening, or a detective control, which aims to identify and record an incident. References:
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/security-controls-3/
https://www.oreilly.com/library/view/comptia-security-all-in-one/9781260464016/ch31.xhtml
https://www.professormesser.com/security-plus/sy0-501/security-controls-2/


NEW QUESTION # 32
An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

  • A. Perform a vulnerability scan to identity the weak spots.
  • B. Use a packet analyzer to Investigate the NetFlow traffic.
  • C. Check the SIEM to review the correlated logs.
  • D. Require access to the routers to view current sessions.

Answer: C


NEW QUESTION # 33
During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

  • A. Perform containment on the critical servers and resources
  • B. Review the firewall and identify the source of the active connection
  • C. Disconnect the entire infrastructure from the internet
  • D. Conduct a full vulnerability scan to identify possible vulnerabilities

Answer: C


NEW QUESTION # 34
Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

  • A. Staging
  • B. Test
  • C. Production
  • D. Development

Answer: D

Explanation:
The environment that utilizes dummy data and is most likely to be installed locally on a system that allows it to be assessed directly and modified easily with each build is the development environment. The development environment is used for developing and testing software and applications. It is typically installed on a local system, rather than on a remote server, to allow for easy access and modification. Dummy data can be used in the development environment to simulate real-world scenarios and test the software's functionality. Reference: https://www.techopedia.com/definition/27561/development-environment


NEW QUESTION # 35
Which of the following must be in place before implementing a BCP?

  • A. NDA
  • B. BIA
  • C. AUP
  • D. SLA

Answer: B

Explanation:
To create an effective business continuity plan, a firm should take these five steps:
Step 1: Risk Assessment
This phase includes:
Evaluation of the company's risks and exposures
Assessment of the potential impact of various business disruption scenarios Determination of the most likely threat scenarios Assessment of telecommunication recovery options and communication plans Prioritization of findings and development of a roadmap Step 2: Business Impact Analysis (BIA) During this phase we collect information on:
Recovery assumptions, including Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) Critical business processes and workflows as well as the supporting production applications Interdependencies, both internal and external Critical staff including backups, skill sets, primary and secondary contacts Future endeavors that may impact recovery Special circumstances Pro tip: Compiling your BIA into a master list can be helpful from a wholistic standpoint, as well as helpful in identifying pain points throughout the organization.
Step 3: Business Continuity Plan Development
This phase includes:
Obtaining executive sign-off of Business Impact Analysis
Synthesizing the Risk Assessment and BIA findings to create an actionable and thorough plan Developing department, division and site level plans Reviewing plan with key stakeholders to finalize and distribute Step 4: Strategy and Plan Development Validate that the recovery times that you have stated in your plan are obtainable and meet the objectives that are stated in the BIA. They should easily be available and readily accessible to staff, especially if and when a disaster were to happen. In the development phase, it's important to incorporate many perspectives from various staff and all departments to help map the overall company feel and organizational focus. Once the plan is developed, we recommend that you have an executive or management team review and sign off on the overall plan.
Step 5: Plan Testing & Maintenance
The final critical element of a business continuity plan is to ensure that it is tested and maintained on a regular basis. This includes:
Conducting periodic table top and simulation exercises to ensure key stakeholders are comfortable with the plan steps Executing bi-annual plan reviews Performing annual Business Impact Assessments


NEW QUESTION # 36
A security analyst is reviewing web-application logs and finds the following log:

Which of the following attacks is being observed?

  • A. CSRF
  • B. On-path attack
  • C. Directory traversal
  • D. XSS

Answer: C


NEW QUESTION # 37
......


CompTIA SY0-601, also known as the CompTIA Security+ Certification Exam, is a globally recognized certification that validates the skills and knowledge of IT professionals in the field of cybersecurity. CompTIA Security+ Exam certification offers a comprehensive understanding of security concepts, tools, and procedures to protect a company's information assets. The SY0-601 exam measures the candidate's ability to identify and mitigate security risks, implement secure network architectures, and implement and manage security policies and procedures.

 

Test Engine to Practice SY0-601 Test Questions: https://ensurepass.testkingfree.com/CompTIA/SY0-601-practice-exam-dumps.html

Related Articles

more
CompTIA SY0-601 Certification Practice Exam