Happy Halloween Limited Time 50% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 5550b640

SY0-601 Exam Dumps - CompTIA Security+ Exam 2021

Question # 4

A university is opening a facility in a location where there is an elevated risk of theft The university wants to protect the desktops in its classrooms and labs Which of the following should the university use to BEST protect these assets deployed in the facility?

A.

Visitor logs

B.

Cable locks

C.

Guards

D.

Disk encryption

E.

Motion detection

Full Access
Question # 5

Which of the following types of controls is a CCTV camera that is not being monitored?

A.

Detective

B.

Deterrent

C.

Physical

D.

Preventive

Full Access
Question # 6

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A.

Recovery

B.

Identification

C.

Lessons learned

D.

Preparation

Full Access
Question # 7

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

A.

FDE

B.

NIDS

C.

EDR

D.

DLP

Full Access
Question # 8

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

A.

The data protection officer

B.

The data processor

C.

The data owner

D.

The data controller

Full Access
Question # 9

A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

A.

IP conflict

B.

Pass-the-hash

C.

MAC flooding

D.

Directory traversal

E.

ARP poisoning

Full Access
Question # 10

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

A.

Segmentation

B.

Containment

C.

Geofencing

D.

Isolation

Full Access
Question # 11

A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO).

A.

The order of volatility

B.

A checksum

C.

The location of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Full Access
Question # 12

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

A.

Nmap

B.

cURL

C.

Netcat

D.

Wireshark

Full Access
Question # 13

Which of the following algorithms has the SMALLEST key size?

A.

DES

B.

Twofish

C.

RSA

D.

AES

Full Access
Question # 14

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?

A.

MaaS

B.

laaS

C.

SaaS

D.

PaaS

Full Access
Question # 15

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

A.

An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.

B.

An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.

C.

Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox

D.

Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

Full Access
Question # 16

Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?

A.

Application code signing

B.

Application whitellsting

C.

Data loss prevention

D.

Web application firewalls

Full Access
Question # 17

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Select TWO).

A.

Offboarding

B.

Mandatory vacation

C.

Job rotation

D.

Background checks

E.

Separation of duties

F.

Acceptable use

Full Access
Question # 18

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

A.

DAC

B.

ABAC

C.

SCAP

D.

SOAR

Full Access
Question # 19

A symmetric encryption algorithm Is BEST suited for:

A.

key-exchange scalability.

B.

protecting large amounts of data.

C.

providing hashing capabilities,

D.

implementing non-repudiation.

Full Access
Question # 20

Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:

• There must be visibility into how teams are using cloud-based services.

• The company must be able to identify when data related to payment cards is being sent to the cloud.

• Data must be available regardless of the end user's geographic location

• Administrators need a single pane-of-glass view into traffic and trends.

Which of the following should the security analyst recommend?

A.

Create firewall rules to restrict traffic to other cloud service providers.

B.

Install a DLP solution to monitor data in transit.

C.

Implement a CASB solution.

D.

Configure a web-based content filter.

Full Access
Question # 21

Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern regarding newly installed Internet-accessible 4K surveillance cameras?

A.

An inability to monitor 100%, of every facility could expose the company to unnecessary risk.

B.

The cameras could be compromised if not patched in a timely manner.

C.

Physical security at the facility may not protect the cameras from theft.

D.

Exported videos may take up excessive space on the file servers.

Full Access
Question # 22

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Full Access
Question # 23

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Full Access
Question # 24

An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited?

A.

Weak encryption

B.

Unsecure protocols

C.

Default settings

D.

Open permissions

Full Access
Question # 25

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

A.

Preventive

B.

Compensating

C.

Corrective

D.

Detective

Full Access
Question # 26

Which of the following is the correct order of volatility from MOST to LEAST volatile?

A.

Memory, temporary filesystems, routing tables, disk, network storage

B.

Cache, memory, temporary filesystems, disk, archival media

C.

Memory, disk, temporary filesystems, cache, archival media

D.

Cache, disk, temporary filesystems, network storage, archival media

Full Access
Question # 27

A security researching is tracking an adversary by noting its attack and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

A.

The Diamond Model of intrusion Analysis

B.

The Cyber Kill Chain\

C.

The MITRE CVE database

D.

The incident response process

Full Access
Question # 28

A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?

A.

Fileless malware

B.

A downgrade attack

C.

A supply-chain attack

D.

A logic bomb

E.

Misconfigured BIOS

Full Access
Question # 29

A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backups followed by differential backups

Full Access
Question # 30

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

Full Access
Question # 31

A security engineer is installing a WAF to protect the company’s website from malicious web requests over SSL. Which of the following is needed to meet the objective?

A.

A reverse proxy

B.

A decryption certificate

C.

A split-tunnel VPN

D.

Load-balanced servers

Full Access
Question # 32

A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

A.

logger

B.

Metasploit

C.

tcpdump

D.

netstat

Full Access
Question # 33

A company recently experienced an attack during which its main website was directed to the attacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack occurring in the future?

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Full Access
Question # 34

A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess Its security.

Strategy for mitigating risks within the perimeter Which of the following solutions would BEST support the organization's strategy?

A.

FIM

B.

DLP

C.

EDR

D.

UTM

Full Access
Question # 35

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

A.

DLL injection to hijack administrator services

B.

SQLi on the field to bypass authentication

C.

Execution of a stored XSS on the website

D.

Code to execute a race condition on the server

Full Access
Question # 36

Which of the following is a difference between a DRP and a BCP?

A.

A BCP keeps operations running during a disaster while a DRP does not.

B.

A BCP prepares for any operational interruption while a DRP prepares for natural disasters

C.

A BCP is a technical response to disasters while a DRP is operational.

D.

A BCP Is formally written and approved while a DRP is not.

Full Access
Question # 37

A security researcher is attempting to gather data on the widespread use of a Zero-day exploit. Which of the following will the researcher MOST likely use to capture this data?

A.

A DNS sinkhole

B.

A honeypot

C.

A vulnerability scan

D.

cvss

Full Access
Question # 38

An organization's finance department is implementing a policy to protect against collusion. Which of the following control types and corresponding procedures should the

organization implement to fulfill this policy's requirement? (Select TWO).

A.

Corrective

B.

Deterrent

C.

Preventive

D.

Mandatory vacations

E.

Job rotation

F.

Separation of duties

Full Access
Question # 39

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Full Access
Question # 40

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Full Access
Question # 41

An organization is building backup sever moms in geographically diverse locations. The Chief information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing sewer room, Which of the following should the systems engineer consider’?

A.

Purchasing hardware from different vendors

B.

Migrating workloads to public cloud infrastructure

C.

Implementing a robust patch management solution

D.

Designing new detective security controls

Full Access
Question # 42

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).

A.

MAC filtering

B.

Zero Trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards

Full Access
Question # 43

An organization suffered an outage and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes Which of the following is the 60-minute expectation an example of:

A.

MTBF

B.

RPO

C.

MTTR

D.

RTO

Full Access
Question # 44

The cost of '©movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer

A.

VLAN zoning with a file-transfer server in an external-facing zone

B.

DLP running on hosts to prevent file transfers between networks

C.

NAC that permits only data-transfer agents to move data between networks

D.

VPN with full tunneling and NAS authenticating through the Active Directory

Full Access
Question # 45

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

A.

Trusted Platform Module

B.

A host-based firewall

C.

A DLP solution

D.

Full disk encryption

E.

A VPN

F.

Antivirus software

Full Access
Question # 46

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

A.

Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

B.

Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

C.

Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.

D.

Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

Full Access
Question # 47

Which of the following would MOST likely support the integrity of a voting machine?

A.

Asymmetric encryption

B.

Blockchain

C.

Transport Layer Security

D.

Perfect forward secrecy

Full Access
Question # 48

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A.

Data encryption

B.

Data masking

C.

Anonymization

D.

Tokenization

Full Access
Question # 49

Which of the following describes the ability of code to target a hypervisor from inside

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Full Access
Question # 50

A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

A.

Loss of proprietary information

B.

Damage to the company’s reputation

C.

Social engineering

D.

Credential exposure

Full Access
Question # 51

A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?

A.

Configure the DLP policies to allow all PII

B.

Configure the firewall to allow all ports that are used by this application

C.

Configure the antivirus software to allow the application

D.

Configure the DLP policies to whitelist this application with the specific PII

E.

Configure the application to encrypt the PII

Full Access
Question # 52

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?

A.

Session replay

B.

Evil twin

C.

Bluejacking

D.

ARP poisoning

Full Access
Question # 53

A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions Which of the following should the administrator use when configuring the VPN?

A.

AH

B.

EDR

C.

ESP

D.

DNSSEC

Full Access
Question # 54

A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?

A.

iPSec

B.

Always On

C.

Split tunneling

D.

L2TP

Full Access
Question # 55

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log m to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Select TWO)

A.

COPE

B.

VDI

C.

GPS

D.

TOTP

E.

RFID

F.

BYOD

Full Access
Question # 56

A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause?

A.

Checksums

B.

Watermarks

C.

Oder of volatility

D.

A log analysis

E.

A right-to-audit clause

Full Access
Question # 57

A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Full Access
Question # 58

A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

A.

Configure the perimeter firewall to deny inbound external connections to SMB ports.

B.

Ensure endpoint detection and response systems are alerting on suspicious SMB connections.

C.

Deny unauthenticated users access to shared network folders.

D.

Verify computers are set to install monthly operating system, updates automatically.

Full Access
Question # 59

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

A.

Salting the magnetic strip information

B.

Encrypting the credit card information in transit.

C.

Hashing the credit card numbers upon entry.

D.

Tokenizing the credit cards in the database

Full Access
Question # 60

A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should the administrator configure?

A.

A captive portal

B.

PSK

C.

802.1X

D.

WPS

Full Access
Question # 61

A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?

A.

Due to foreign travel, the user’s laptop was isolated from the network.

B.

The user’s laptop was quarantined because it missed the latest path update.

C.

The VPN client was blacklisted.

D.

The user’s account was put on a legal hold.

Full Access
Question # 62

A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst’s findings, which of the following attacks is being executed?

A.

Credential harvesting

B.

Keylogger

C.

Brute-force

D.

Spraying

Full Access
Question # 63

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

A.

Containerization

B.

Geofencing

C.

Full-disk encryption

D.

Remote wipe

Full Access
Question # 64

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patch routine. Which of the following steps should also be taken to harden the smart switch?

A.

Set up an air gap for the switch.

B.

Change the default password for the switch.

C.

Place the switch In a Faraday cage.

D.

Install a cable lock on the switch

Full Access
Question # 65

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A.

DLP

B.

HIDS

C.

EDR

D.

NIPS

Full Access
Question # 66

A company uses wireless tor all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?

A.

A BPDU guard

B.

WPA-EAP

C.

IP filtering

D.

A WIDS

Full Access
Question # 67

A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

A.

Network location

B.

Impossible travel time

C.

Geolocation

D.

Geofencing

Full Access