CompTIA Security+ SY0-601 (Practice Test)

The CompTIA Security+ certification exam will verify the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and IoT; operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance; identify, analyze, and respond to security events and incidents

  • Questions: 20
  • Time: 60 seconds per question (0 hours, 20 minutes, 0 seconds)
  • Included Objectives:
    • Governance, Risk, and Compliance
    • Architecture and Design
    • Implementation
    • Operations and Incident Response
    • Attacks, Threats, and Vulnerabilities

You are responsible for application security for a small startup. You are responsible for conducting regular penetration tests. Recently the startup has faced some budget issues and lacks the funds to create a stand alone system to be used for vulnerability scanning applications. Due to this constraint you must conduct vulnerability scans on the live system (the same one being used by customers). What type of scan should be used to ensure vulnerabilities are found but not executed?

  • non-credentialed
  • non-intrusive
  • intrusive
  • credentialed

You have purchased brand new Cisco network routers and switches from your companies infrastructure supplier, Expert Infra, Inc. While working with the networking team to unbox them and begin setting them up you notice several of them look slightly different despite being the same make and model. What step should you take next?

  • Install the networking equipment
  • Verify all the serial numbers with the manufacturer
  • Reject the different models and return them to Expert Infra, Inc.
  • Update the older looking models to the latest firmware from Cisco

You have ordered a penetration test on the companies website from a 3rd party IT Security consultant. Your web administration team has created a stand-alone test network to ensure the penetration tests do not cause issues on the live website. Other than the IP address of the web server you have not provided the penetration testers with any information. What type of test best describes this scenario?

  • Integration
  • White box
  • Black box
  • Stand alone

What option would create a new ACL entry that would deny any port 80 HTTP traffic?

  • allow all but tcp 443
  • allow tcp any server tcp 80
  • deny tcp any server tcp 80
  • deny all any server web

Your coworker identified a vulnerability for a 3rd party software solution hosted on premise. The coworker is out sick today and has asked you remediate this issue as quickly as possible. You have identified a patch to fix the security vulnerability from the vendor's official website. What step should you take NEXT?

  • Begin monitoring for related incidients
  • Submit a change request based on the companies change management processes
  • Install the patch immediately and inform affected users
  • Start the incident response process

You are a security analyst and have networking monitoring solutions in place to detect strange or potentially malicious traffic. One of these solutions has sent an alert saying it detected outgoing network traffic from the company's network that was routing to a well-known malicious endpoint. Of the following options which is the most likely to be the cause of this traffic?

  • A user has attached confidential materials to an outgoing email
  • A colleague on your team is conducting a pentest
  • A hacker is probing the company network from the outside
  • An infected server or user machine is attempting to contact a command-and-control server

Which containment technique would be the best response when a system is believed to be infected with malware?

  • Isolate the affected systems
  • Immediately segment the network into the smallest possible groups
  • Determine the attack vector and disable it
  • Propagation

Which of the following options is a vendor neutral standard for message logging?

  • Event manager
  • SNMP
  • SIEM
  • syslog

Which of the following options is a network device that can use VLANs to reduce collisions and the size of broadcast domains?

  • Router
  • Switch
  • Packet Tracer
  • Packet Switcher
  • Firewall
  • Hub

You are working as a security consultant for a small company. The owner of the company states they were recently targeted by hackers who gained access to their email account. Since then the attackers have taken control of the companies website and have stated they will only return control to the company after receiving a payment. The hosting provider has stated the web servers are not infected and no unusual logins have occurred. Despite this users are reporting they cannot access the companies website. Based on this information, what type of attack has occurred to the website?

  • DNS hijacking
  • Cross-site scripting
  • Session hijacking
  • MitM

You work for a large firm that uses a server to host a publicly facing webserver and SFTP server. This server runs Ubuntu Server 22.04.1 LTS. A system administrator who has access to this server was recently a victim of a phishing attack and it was found that the individual reuses the same password for all of the different authentication mechanisms and applications at work. You want to verify that their Ubuntu user with a UID of 1234 has not been used on any publicly facing servers such as the webserver and SFTP server. Which command would help achieve this?

  • journalctl _UID=1234
  • history | grep -e [Uu]id | grep 1234
  • net user 1234 | sort -i
  • net user 1234

You are a member of the security team in the IT Infrastructure department at a manufacturer. You have received a ticket from the network architecture team who have requested your approval of a proposed network change. The change is to replace a network device that allows internal servers to make requests to the internet without external systems being able to determine what internal server made the original request. What type of system is being changed?

  • Switch
  • Router
  • Firewall
  • Proxy

What term defines an operating system that has been verified as having a sufficient level of security based on the Common Criteria for Information Technology Security Evaluation?

  • Trusted Operating System (TOS)
  • Protection Profiled Operating System (PPOS)
  • SFRs
  • Certified Secure Operating System (CSOS)

Which of the following options is a functionality or tool that disallows access to a wireless network based on the layer 2 address of the client device?

  • Split tunnel VPN
  • MAC address filtering
  • WPA2
  • ACL

What role is responsible for ensuring that an organization's processes and systems protect any PII data about customers or staff as defined by data privacy regulations like GDPR?

  • Chief Data Officer (DTO)
  • Personnel Data Owner (PDO)
  • Data Administrator (DA)
  • Data Protection Officer (DPO)

A smaller online retailer is experiencing huge numbers of requests on their websites. They are not running any major marketing campaigns and while seeing a lot of traffic are not seeing a rise in sales or logins. Eventually their web servers become overloaded and users are unable to load pages on the website. What type of attack most likely occurred?

  • Jamming
  • Replay
  • DDOS
  • Overflood

What type of NIDS commonly uses artificial intelligence and data mining to identify malicious network traffic?

  • Filter-based NIDS
  • Signature-based NIDS
  • Anomaly-based NIDS
  • Rule-based NIDS

You are working as a cybersecurity analyst for a 3rd party contractor. You have been brought in by an organization who believes they were hacked by a malicious actor. Their internal security team has hired you to determine the impact of the unauthorized access. At the time of the intrusion there were 5 servers online: DEV_APP_001, PRD_APP_002, PRD_DB_008, STG_DB_004 and FINANCE_009. What step should you take to begin the analysis?

  • Begin analyzing each server after prioritizing them based on the data stored on each server
  • Create a new server running Kali Linux and make necessary firewall changes to allow it to access all the listed servers
  • Create a snapshot backup and then reformat each server
  • Begin hardening all servers immediately before the impact analysis starts

You have been called to the office of the CEO for a confidential meeting. In the meeting the CEO informs you he 'has a virus that won't let him login without paying a fee.' You begin to investigate the issue and find that the CEO downloaded a file from a website a friend shared on a social media site. After downloading the file his computer restarted and now will not allow anyone to login unless they enter credit card information. Which option best describes the attack used in this scenario based on the information available?

  • The CEO executed a Rootkit which gave backdoor access to a hacker
  • A botnet is attacking the CEO's computer and disabling login attempts
  • The CEO downloaded and executed Ransomware
  • The CEO was the target of a spear phishing social engineering attack

You are the resident IT within your family. While relaxing and enjoying a family Thanksgiving dinner your sweet old Grandmother mentions that Microsoft called her cell phone and helped her with a virus on her computer. You explain to her that Microsoft does not call people directly to help with computer issues and that she was likely targeted by a malicious attacker. You scan her computer for viruses and find several. Your poor sweet old Grandmother was a victim of what type of attack?

  • Tailgaiting
  • phonejacking
  • Spear phishing
  • Vishing