Free CompTIA Security+ SY0-601 Practice Test

Prepare for the CompTIA Security+ SY0-601 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 20
  • Time: 60 seconds per question (0 hours, 20 minutes, 0 seconds)
  • Included Objectives:
    • Attacks, Threats, and Vulnerabilities
    • Architecture and Design
    • Implementation
    • Operations and Incident Response
    • Governance, Risk, and Compliance

You are a super 1337 hacker who just discovered a vulnerability in an operating system. You do some research and find nothing online regarding this exploit and believe you are the first to find it. What option would be the correct classification of this vulnerability?

  • Zero day

  • Denial of Service

  • North/South

  • East/West

  • Spoof

  • Brute force

What type of backup is a copy of the entire state of a system and it can be used to restore that system and other similar systems to that exact state/configuration?

  • Image

  • Full

  • Differential

  • Incremental

Your employer has a large team of software developers with constantly changing codebases for dozens of internal applications. As a part of change control any code changes go through an automated vulnerability scanning process which checks for known vulnerabilities in frameworks, programming languages, dependencies and the code itself. Due to business pressure these scans have been largely ignored and there are currently over a thousand issues found by the automated scanning. You are tasked with working with the developers and remedying 100% of the issues. What should you do next?

  • Identify any false positives to reduce the number of items to remediate

  • Implement an approval step for all code changes that requires no security issues prior to updates

  • Stop all deployments, code changes and updates until the vulnerabilities are fixed

  • Organize the vulnerabilities by criticality and begin planning for solutions for the most critical vulnerabilities first

Data integrity is the concept that you can trust that a piece of data is complete and has not been altered or tampered with. Which of the following technologies can be used to ensure the integrity of data?

  • Authentication

  • Checksum

  • Confidentiality

  • Encryption

The software section of the security team has been asked to review the source code for a program being developed. They are being asked to look for any coding errors or possible security vulnerabilities. This is what type of application security review?

  • Fuzzing

  • Static code analysis

  • Secure coding

  • Dynamic code analysis

You want to limit the company losses/downtime in the event that there is data loss so you institute a data backup and recovery strategy. Which control type is being used?

  • Compensating

  • Corrective

  • Preventive

  • Detective

  • Deterrent

Your employer has decided to move part of their operations to the cloud. The goal of this move is to free the company from having to maintain onsite data centers to run their software on. Which cloud model would the company want to utilize?

  • PaaS

  • SaaS

  • XaaS

  • IaaS

You are the resident IT within your family. While relaxing and enjoying a family Thanksgiving dinner your sweet old Grandmother mentions that Microsoft called her cell phone and helped her with a virus on her computer. You explain to her that Microsoft does not call people directly to help with computer issues and that she was likely targeted by a malicious attacker. You scan her computer for viruses and find several. Your poor sweet old Grandmother was a victim of what type of attack?

  • phonejacking

  • Tailgaiting

  • Spear phishing

  • Vishing

This is the point when a piece of equipment or software is no longer supported by the manufacturer, no further maintenance is provided or updates.

  • EOL

  • BPA

  • EOSL

  • SLA

Crucial Technologies wants to make sure that they can get back up as fast as possible in the event that they need to relocate after a natural disaster. For the highest level of resiliency, which of the following sites should the company standup?

  • Warm site

  • Hot site

  • Cold site

  • Lukewarm site

You just got a new Microsoft Windows laptop. The laptop includes a biometric fingerprint scanner to log into the laptop in addition to your unique username. What type of multi-factor authentication is your fingerprint?

  • Something you have

  • Something you are

  • Something you can do

  • Something you know

You work for a startup as a founding member and run their newly formed IT department. You are setting up the first office which will be the primary location for all employees. You have been requested to setup an internet connection for the office as soon as possible, but feel that this is too risky without waiting until the firewall equipment you ordered has arrived. After the firewall is in place you feel the risks of an internet connection for the office are acceptable. What term describes the willingness to tolerate risk such as in this scenario?

  • Risk Deferral

  • Risk Appetite

  • Risk Analysis

  • Risk Mitigation

A new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. What is the easiest way to implement this new policy?

  • PKI


  • Trusted Platform Module

  • Hardware Security Module

Malicious activity has been affecting various systems on your network. You want to put a system in place that can monitor network traffic and attempt to take defensive action when network intrusions are detected. Which of the following should you use?

  • NIDS

  • NIPS

  • HIPS

  • HIDS

You are a security analyst and have networking monitoring solutions in place to detect strange or potentially malicious traffic. One of these solutions has sent an alert saying it detected outgoing network traffic from the company's network that was routing to a well-known malicious endpoint. Of the following options which is the most likely to be the cause of this traffic?

  • A colleague on your team is conducting a pentest

  • An infected server or user machine is attempting to contact a command-and-control server

  • A hacker is probing the company network from the outside

  • A user has attached confidential materials to an outgoing email

Your bank has contacted you and informed you they recognized an unusual login with your username and password on their website. As a precaution they have locked your account and stated the login came from a foreign country. You run a security scan on your PC which finds malware. The description of the malware states that it intercepts normal web traffic from your browser executable. What type of attack best describes this?

  • Consensus attack

  • Domain hijacking

  • Amplification

  • Man-in-the-browser

You have purchased brand new Cisco network routers and switches from your companies infrastructure supplier, Expert Infra, Inc. While working with the networking team to unbox them and begin setting them up you notice several of them look slightly different despite being the same make and model. What step should you take next?

  • Update the older looking models to the latest firmware from Cisco

  • Verify all the serial numbers with the manufacturer

  • Reject the different models and return them to Expert Infra, Inc.

  • Install the networking equipment

A shipping company wants to ensure that its organizational security policies prevent employees from approving a purchase and then being able to also make that purchase. What type of control should be within those policies to mitigate against that happening

  • Least Privilege

  • Background checks

  • Job rotation

  • Separation of duties

  • Mandatory vacation

To save money, Crucial Technologies has decided to set up MDM so employees can use personal devices for their work devices. What type of device deployment model is being used?

  • VDI

  • CYOD

  • BYOD

  • COPE

You receive a call and the caller ID indicates that it is from your bank. You answer and are told that your account has been compromised. The person on the phone says that before they can proceed you need to verify your account number and security pin. What term best describes this type of social engineering attack?

  • Vishing

  • Smishing

  • Whaling

  • Spear phishing

  • Phishing

Remaining Time: