CompTIA Security+ SY0-601 FAQs
Question #1
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL,
https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin
Correct Answer: C
Question #2
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock
Correct Answer: A
Question #3
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be
updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server
resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the
following would BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming
Correct Answer: A
Question #4
Which of the following describes a social engineering technique that seeks to exploit a person’s sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime
Correct Answer: A
Question #5
A security analyst is reviewing application logs to determine the source of a breach and locates the following log:
https://www.comptia.com/login.php?id=’%20or%20’1’1=’1
Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS
Correct Answer: C
Question #6
An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO’s and the development team’s requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization
Correct Answer: A
Question #7
A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it.
Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.
Correct Answer: A
Question #8
A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
<a href=”https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250″>Click here to unsubscribe</a>
Which of the following will the forensics investigator MOST likely determine has occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF
Correct Answer: D
Question #9
A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfiltrated credentials?
A. MFA
B. Lockout
C. Time-based logins
D. Password history
Correct Answer: A
Question #10
A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation
Correct Answer: B
Question #11
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A. DLP
B. NIDS
C. TPM
D. FDE
Correct Answer: A
Question #12
Several attempts have been made to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would BEST complete the engineer’s assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates
Correct Answer: A
Question #13
Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?
A. Hashing
B. Tokenization
C. Masking
D. Encryption
Correct Answer: A
Question #14
A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific
directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be
secure. Which of the following can be used?
A. S/MIME
B. LDAPS
C. SSH
D. SRTP
Correct Answer: C
Question #15
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?
A. Perform a mathematical operation on the passwords that will convert them into unique strings.
B. Add extra data to the passwords so their length is increased, making them harder to brute force.
C. Store all passwords in the system in a rainbow table that has a centralized location.
D. Enforce the use of one-time passwords that are changed for every login session.
Correct Answer: A
Question #16
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?
A. Steganography
B. Homomorphic encryption
C. Cipher suite
D. Blockchain
Correct Answer: A
Question #17
A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen:
Please use a combination of numbers, special characters, and letters in the password field.
Which of the following concepts does this message describe?
A. Password complexity
B. Password reuse
C. Password history
D. Password age
Correct Answer: A
Question #18
A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?
A. HIPS
B. FIM
C. TPM
D. DLP
Correct Answer: C
Question #19
Which of the following is a reason to publish files’ hashes?
A. To validate the integrity of the files
B. To verify if the software was digitally signed
C. To use the hash as a software activation key
D. To use the hash as a decryption passphrase
Correct Answer: A
Question #20
A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find the requested servers?
A. nslookup 10.10.10.0
B. nmap -p 80 10.10.10.0/24
C. pathping 10.10.10.0 -p 80
D. ne -l -p 80
Correct Answer: B