Practice Free SY0-601 Exam Online Questions
A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment.
Which of the following would BEST assist the company with this objective?
- A . Use fuzzing testing
- B . Use a web vulnerability scanner
- C . Use static code analysis
- D . Use a penetration-testing OS
C
Explanation:
Using static code analysis would be the best approach to scan the source code looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. This method involves analyzing the source code without actually running the software, which can identify security vulnerabilities that may not be detected by other testing methods.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6: Risk Management, pp. 292-295
A security administrator analyzes server logs and sees multiple lines of the following format:
The administrator is concerned about whether the request is valid.
Which of the following attacks should the administrator evaluate?
- A . DLL injection
- B . XML injection
- C . SQL injection
- D . LDAP injection
A security administrator analyzes server logs and sees multiple lines of the following format:
The administrator is concerned about whether the request is valid.
Which of the following attacks should the administrator evaluate?
- A . DLL injection
- B . XML injection
- C . SQL injection
- D . LDAP injection
Which of the following best describes the action captured in this log file?
- A . Brute-force attack
- B . Privilege escalation
- C . Failed password audit
- D . Forgotten password by the user
A client demands at least 99.99% uptime from a service provider’s hosted security services.
Which of the following documents includes the information the service provider should return to the client?
- A . MOA
- B . SOW
- C . MOU
- D . SLA
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message.
Which of the following types of social engineering attacks occurred?
- A . Brand impersonation
- B . Pretexting
- C . Typosquatting
- D . Phishing
A security administrator wants to implement a program that tests a user’s ability to recognize attacks over the organization’s email system.
Which of the following would be BEST suited for this task?
- A . Social media analysis
- B . Annual information security training
- C . Gamification
- D . Phishing campaign
D
Explanation:
A phishing campaign is a simulated attack that tests a user’s ability to recognize attacks over the organization’s email system. Phishing campaigns can be used to train users on how to identify and report suspicious emails.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 2: Technologies and Tools, pp. 85-86.
An incident response technician collected a mobile device during an investigation.
Which of the following should the technician do to maintain chain of custody?
- A . Document the collection and require a sign-off when possession changes.
- B . Lock the device in a safe or other secure location to prevent theft or alteration.
- C . Place the device in a Faraday cage to prevent corruption of the data.
- D . Record the collection in a block chain-protected public ledger.
A
Explanation:
Documenting the collection and requiring a sign-off when possession changes are essential steps for maintaining chain of custody during an investigation. Chain of custody is the process of documenting and preserving the integrity and authenticity of evidence from the time it is collected until it is presented in court. Documenting the collection involves recording information such as date, time, location, description, serial number, etc., of the evidence. Requiring a sign-off when possession changes involves obtaining signatures from every person who handles or transfers the evidence.
A security administrator is managing administrative access to sensitive systems with the following
requirements:
• Common login accounts must not be used for administrative duties.
• Administrative accounts must be temporal in nature.
• Each administrative account must be assigned to one specific user.
• Accounts must have complex passwords.
" Audit trails and logging must be enabled on all systems.
Which of the following solutions should the administrator deploy to meet these requirements? (Give Explanation and Reference from CompTIA Security+ SY0-601 Official Text Book and Resources)
- A . ABAC
- B . SAML
- C . PAM
- D . CASB
C
Explanation:
PAM is a solution that enables organizations to securely manage users’ accounts and access to sensitive systems. It allows administrators to create unique and complex passwords for each user, as well as assign each account to a single user for administrative duties. PAM also provides audit trails and logging capabilities, allowing administrators to monitor user activity and ensure that all systems are secure. According to the CompTIA Security+ SY0-601 Course Book, “PAM is the most comprehensive way to control and monitor privileged accounts”.
An analyst examines the web server logs after a compromise and finds the following:
Which of the following most likely indicates a successful attack on server credentials?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D