CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA Security+ SY0-601 Practice Test

Prepare for the CompTIA Security+ SY0-601 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 60 seconds per question (0 hours, 15 minutes, 0 seconds)
  • Included Objectives:
    • Governance, Risk, and Compliance
    • Attacks, Threats, and Vulnerabilities
    • Architecture and Design
    • Implementation
    • Operations and Incident Response

During the implementation of a new internal web application, a security consultant recommends using an authentication protocol that enables users to authenticate with an external identity provider and delegates user authentication to this provider. This protocol should also allow the application to receive a token that includes information about the user, such as their email address and username, following a successful authentication. Which protocol should the consultant recommend?

  • OpenID Connect

  • OAuth 2.0

  • LDAP

  • Kerberos

In digital forensics, which term below is like the concept of chain of custody from a legal perspective?

  • Provenance

  • Checksums

  • Preservation

  • Hashing

A company stores sensitive information about its customers' purchasing habits. Which of the following is the BEST approach to ensure the confidentiality and integrity of this information during transit over the public internet?

  • Implement encryption protocols to secure the data during transmission.

  • Employ secure disposal methods for customer data at its end of life.

  • Establish physical security controls at the data's origin and destination points.

  • Utilize a Virtual Private Network (VPN) to connect to the internet.

Which of the following options is a network device that can use VLANs to reduce collisions and the size of broadcast domains?

  • Packet Switcher

  • Packet Tracer

  • Hub

  • Router

  • Switch

  • Firewall

HTML5 based VPN solutions enable remote users to access network resources without requiring the installation of dedicated VPN client software on their devices.

  • True

  • False

When an employee leaves the organization, the employee’s data is required to be maintained for a specific period of time. In what document within the company would this requirement be specified?

  • BCP

  • DRP

  • Retention policy

  • COOP

During an investigation what needs to be created and submitted in order for evidence to be admissible in court?

  • Digital Forensics

  • Inculpatory Log

  • Custodial Testimony

  • Chain of custody

You just recently purchased a new home. One of the first things you do once you take ownership is install a home security system that sounds an alarm and alerts a security service in the event of a home invasion. This is an example of what kind of security control?

  • Corrective

  • Deterrent

  • Preventive

  • Detective

You receive a text message that looks like its from your bank. It states that there are fraudulent charges on your account and for you to contact the bank. You call the number included in the text and speak to someone that says they are in the fraud department and you need to provide sensitive, private information that you know your bank would not ask for per the bank’s website. What term best describes this type of social engineering attack?

  • Spear phishing

  • Phishing

  • Vishing

  • Whaling

  • Smishing

What device deployment model involves a company giving their employees the ability to choose the device they would like to use from a list of devices predetermined by the company?

  • CYOD

  • BYOD

  • COPE

  • POCE

You are working as a cybersecurity analyst for a 3rd party contractor. You have been brought in by an organization who believes they were hacked by a malicious actor. Their internal security team has hired you to determine the impact of the unauthorized access. At the time of the intrusion there were 5 servers online: DEV_APP_001, PRD_APP_002, PRD_DB_008, STG_DB_004 and FINANCE_009. What step should you take to begin the analysis?

  • Begin hardening all servers immediately before the impact analysis starts

  • Create a snapshot backup and then reformat each server

  • Create a new server running Kali Linux and make necessary firewall changes to allow it to access all the listed servers

  • Begin analyzing each server after prioritizing them based on the data stored on each server

Which feature of MDM allows for the logical separation of work and personal tasks/storage on an employee's personal device?

  • Storage segmentation

  • Containerization

  • Content management

  • Application management

Which option best describes the following situation: An attacker has intercepted network packets between a browser and web server. The attack then re-transmits the intercepted data to the web server hoping the server will respond with useful information (e.g. a session id, credit card information, etc.).

  • Cross-site scripting

  • Replay

  • Bluejacking

  • Injection

Which of the following terms refers to databases and feeds that provide information about vulnerabilities, attacks, and threats to information security professionals?

  • Vulnerability databases

  • Threat actors

  • Network protocols

  • Penetration testing tools

What command line tool would you use to query Domain Name System (DNS) servers to find the IP address associated with a specific domain name?

  • nslookup

  • traceroute

  • netstat

  • ping

Remaining Time 00:15:00