ExamGecko
Home / CompTIA / SY0-601 / List of questions
Ask Question

CompTIA SY0-601 Practice Test - Questions Answers, Page 5

Add to Whishlist

List of questions

Question 41

Report Export Collapse

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Production
Production
Test
Test
Staging
Staging
Development
Development
Suggested answer: D
Explanation:

A development environment is the environment that is used to develop and test software. It is typically installed locally on a system that allows code to be assessed directly and modified easily with each build. In this environment, dummy data is often utilized to test the software's functionality.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design

asked 02/10/2024
Robeena Meer
43 questions

Question 42

Report Export Collapse

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

SNMP traps
SNMP traps
A Telnet session
A Telnet session
An SSH connection
An SSH connection
SFTP traffic
SFTP traffic
Suggested answer: B
Explanation:

The security analyst is likely observing a Telnet session, as Telnet transmits data in plain text format, including usernames and passwords. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 1.2 Given a scenario, analyze indicators of compromise and determine the type of malware.

asked 02/10/2024
TREVOR COLLEDGE
48 questions

Question 43

Report Export Collapse

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

Establish chain of custody.
Establish chain of custody.
Inspect the file metadata.
Inspect the file metadata.
Reference the data retention policy.
Reference the data retention policy.
Review the email event logs
Review the email event logs
Suggested answer: D
Explanation:

Reviewing the email event logs can support an investigation for fraudulent submission, as these logs can provide details about the history of emails, including the message content, timestamps, and sender/receiver information. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 3.2 Given a scenario, implement appropriate data security and privacy controls.

asked 02/10/2024
Salvatore Andrisani
48 questions

Question 44

Report Export Collapse

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

135
135
139
139
143
143
161
161
443
443
445
445
Suggested answer: B, F
Explanation:

To protect the servers in the company’s DMZ from external attack due to the new vulnerability in the SMB protocol on the Windows systems, the security administrator should block TCP ports 139 and 445 for all external inbound connections to the DMZ.

SMB uses TCP port 139 and 445. Blocking these ports will prevent external attackers from exploiting the vulnerability in SMB protocol on Windows systems.

Blocking TCP ports 139 and 445 for all external inbound connections to the DMZ can help protect the servers, as these ports are used by SMB protocol. Port 135 is also associated with SMB, but it is not commonly used. Ports 143 and 161 are associated with other protocols and services. Reference:

CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 1.4 Compare and contrast network architecture and technologies.

asked 02/10/2024
Amir Arefi
37 questions

Question 45

Report Export Collapse

When planning to build a virtual environment, an administrator need to achieve the following,

β€’ Establish polices in Limit who can create new VMs

β€’ Allocate resources according to actual utilizationβ€˜

β€’ Require justification for requests outside of the standard requirements.

β€’ Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Implement IaaS replication
Implement IaaS replication
Product against VM escape
Product against VM escape
Deploy a PaaS
Deploy a PaaS
Avoid VM sprawl
Avoid VM sprawl
Suggested answer: D
Explanation:

The administrator is most likely trying to avoid VM sprawl, which occurs when too many VMs are created and managed poorly, leading to resource waste and increased security risks. The listed actions can help establish policies, resource allocation, and categorization to prevent unnecessary VM creation and ensure proper management. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 3.6 Given a scenario, implement the appropriate virtualization components.

asked 02/10/2024
Prabith Balagopalan
44 questions

Question 46

Report Export Collapse

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

openssl
openssl
hping
hping
netcat
netcat
tcpdump
tcpdump
Suggested answer: A
Explanation:

To verify that a client-server (non-web) application is sending encrypted traffic, a security analyst can use OpenSSL. OpenSSL is a software library that provides cryptographic functions, including encryption and decryption, in support of various security protocols, including SSL/TLS. It can be used to check whether a client-server application is using encryption to protect traffic. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

asked 02/10/2024
ANIKET PATEL
50 questions

Question 47

Report Export Collapse

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?

An annual privacy notice
An annual privacy notice
A non-disclosure agreement
A non-disclosure agreement
A privileged-user agreement
A privileged-user agreement
A memorandum of understanding
A memorandum of understanding
Suggested answer: A
Explanation:

Ann received an annual privacy notice from her mortgage company. An annual privacy notice is a statement from a financial institution or creditor that outlines the institution's privacy policy and explains how the institution collects, uses, and shares customers' personal information. It informs the customer about their rights under the Gramm-Leach-Bliley Act (GLBA) and the institution's practices for protecting their personal information. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

asked 02/10/2024
Franco Santos
46 questions

Question 48

Report Export Collapse

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Shadow IT
Shadow IT
Credential stuffing
Credential stuffing
SQL injection
SQL injection
Man in the browser
Man in the browser
Bluejacking
Bluejacking
Suggested answer: A
Explanation:

The most likely cause of the enterprise data being compromised from a local database is Shadow IT. Shadow IT is the use of unauthorized applications or devices by employees to access company resources. In this case, the sales director's laptop was stolen, and the attacker was able to use it to access the local database, which was not secured properly, allowing unauthorized access to sensitive data. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

asked 02/10/2024
Zahidul Haque
50 questions

Question 49

Report Export Collapse

The following are the logs of a successful attack.

CompTIA SY0-601 image Question 40 98130 10022024175358000000

Which of the following controls would be BEST to use to prevent such a breach in the future?

Password history
Password history
Account expiration
Account expiration
Password complexity
Password complexity
Account lockout
Account lockout
Suggested answer: C
Explanation:

To prevent such a breach in the future, the BEST control to use would be Password complexity. Password complexity is a security measure that requires users to create strong passwords that are difficult to guess or crack. It can help prevent unauthorized access to systems and data by making it more difficult for attackers to guess or crack passwords.

The best control to use to prevent a breach like the one shown in the logs is password complexity. Password complexity requires users to create passwords that are harder to guess, by including a mix of upper and lowercase letters, numbers, and special characters. In the logs, the attacker was able to guess the user's password using a dictionary attack, which means that the password was not complex enough. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

asked 02/10/2024
Nicholas Johnson
45 questions

Question 50

Report Export Collapse

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?

Birthday collision on the certificate key
Birthday collision on the certificate key
DNS hijacking to reroute traffic
DNS hijacking to reroute traffic
Brute force to the access point
Brute force to the access point
A SSL/TLS downgrade
A SSL/TLS downgrade
Suggested answer: D
Explanation:

The scenario describes a Man-in-the-Middle (MitM) attack where the attacker intercepts traffic and downgrades the secure SSL/TLS connection to an insecure HTTP connection. This type of attack is commonly known as SSL/TLS downgrade attack or a stripping attack. The attacker is able to see and modify the communication between the client and server.


asked 02/10/2024
Loyston Mathias
44 questions
Total 603 questions
Go to page: of 61
Search

Related questions