Practice Free SY0-601 Exam Online Questions
The cybersecurity investigation team is requesting a budget increase m order to purchase and implement a commercial tool for collecting information. The information might include disk images and volatile memory from computers used by remote employees.
Which of the following digital forensic categories does the company want to implement?
- A . Integrity
- B . E-discovery
- C . Acquisition
- D . Non-repudiation
A help desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks.
Which of the following should the technician do to validate the authenticity of the email?
- A . Check the metadata in the email header of the received path in reverse order to follow the email’s path.
- B . Hover the mouse over the CIO’s email address to verify the email address.
- C . Look at the metadata in the email header and verify the "From." line matches the CIO’s email address.
- D . Forward the email to the CIO and ask if the CIO sent the email requesting the documents.
B
Explanation:
The “From” line in the email header can be easily spoofed or manipulated by an attacker to make it look like the email is coming from the CIO’s email address. However, this does not mean that the email address is actually valid or that the email is actually sent by the CIO. A better way to check the email address is to hover over it and see if it matches the CIO’s email address exactly. This can help to spot any discrepancies or typos that might indicate a phishing attempt. For example, if the CIO’s email address is [email protected], but when you hover over it, it shows [email protected], then you know that the email is not authentic and likely a phishing attempt.
A bank was recently provided a new version of an executable that was used to launch its core banking platform. During the upgrade process, a remote code execution exploit was publicly released that targeted the old version.
Which of the following would best prevent a security incident?
- A . Blocking the vulnerable file’s hash from execution
- B . Completing the upgrade process immediately on all devices
- C . Disabling all inbound access from untrusted networks
- D . Adding an IDS signature to detect bad traffic on the firewall
A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data.
Which of the following would provide the best proof that the hosting provider has met the requirements?
- A . NIST CSF
- B . SOC 2 Type 2 report
- C . CIS Top 20 compliance reports
- D . Vulnerability report
A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.
The task list shows the following results
Which of the following is MOST likely the issue?
- A . RAT
- B . PUP
- C . Spyware
- D . Keylogger
C
Explanation:
Spyware is malicious software that can cause a computer to slow down or freeze. It can also cause the mouse pointer to disappear. The task list shows an application named "spyware.exe" running, indicating that spyware is likely the issue.
Reference: CompTIA Security+ Certification Exam Objectives 6.0: Given a scenario, analyze indicators of compromise and determine the type of malware.
CompTIA Security+ Study Guide, Sixth Edition, pages 125-126
A security administrator is setting up a SIEM to help monitor for notable events across the enterprise.
Which of the following control types does this BEST represent?
- A . Preventive
- B . Compensating
- C . Corrective
- D . Detective
D
Explanation:
A SIEM is a security solution that helps detect security incidents by monitoring for notable events across the enterprise. A detective control is a control that is designed to detect security incidents and respond to them. Therefore, a SIEM represents a detective control.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design
After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time.
Which of the following BEST explains what happened?
- A . The unexpected traffic correlated against multiple rules, generating multiple alerts.
- B . Multiple alerts were generated due to an attack occurring at the same time.
- C . An error in the correlation rules triggered multiple alerts.
- D . The SIEM was unable to correlate the rules, triggering the alerts.
A
Explanation:
Multiple alerts were generated on the SIEM during the emergency maintenance activity due to unexpected traffic correlated against multiple rules. The SIEM generates alerts when it detects an
event that matches a rule in its rulebase. If the event matches multiple rules, the SIEM will generate multiple alerts.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design
As part of a company’s ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners.
Which of the following will the company MOST likely implement?
- A . TAXII
- B . TLP
- C . TTP
- D . STIX
A
Explanation:
Trusted Automated Exchange of Intelligence Information (TAXII) is a standard protocol that enables the sharing of cyber threat intelligence between organizations. It allows organizations to automate the exchange of information in a secure and timely manner.
Reference: CompTIA Security+ Certification Exam Objectives – 3.6 Given a scenario, implement secure network architecture concepts. Study Guide: Chapter 4, page 167.
After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device’s firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:
- A . privilege escalation
- B . footprinting
- C . persistence
- D . pivoting.
D
Explanation:
The technique of gaining access to a dual-homed multifunction device and then gaining shell access on another networked asset is an example of pivoting.
Reference: CompTIA Security+ Study Guide by Emmett Dulaney, Chapter 8: Application, Data, and Host Security, Enumeration and Penetration Testing
A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond.
Which of the following is MOST likely the cause?
- A . A new firewall rule is needed to access the application.
- B . The system was quarantined for missing software updates.
- C . The software was not added to the application whitelist.
- D . The system was isolated from the network due to infected software
C
Explanation:
The most likely cause of the document-scanning software program not responding when launched by the end user is that the software was not added to the application whitelist. An application whitelist is a list of approved software applications that are allowed to run on a system. If the software is not on the whitelist, it may be blocked from running by the system’s security policies. Adding the software to the whitelist should resolve the issue and allow the program to run.
Reference: https://www.techopedia.com/definition/31541/application-whitelisting