Practice Free SY0-601 Exam Online Questions
A security manager needs to assess the security posture of one of the organization’s vendors. The contract with the vendor does not allow for auditing of the vendor’s security controls.
Which of (he following should the manager request to complete the assessment?
- A . A service-level agreement
- B . A business partnership agreement
- C . A SOC 2 Type 2 report
- D . A memorandum of understanding
C
Explanation:
SOC 2 (Service Organization Control 2) is a type of audit report that evaluates the controls of service providers to verify their compliance with industry standards for security, availability, processing integrity, confidentiality, and privacy. A Type 2 report is based on an audit that tests the effectiveness of the controls over a period of time, unlike a Type 1 report which only evaluates the design of the controls at a specific point in time.
A SOC 2 Type 2 report would provide evidence of the vendor’s security controls and how effective they are over time, which can help the security manager assess the vendor’s security posture despite the vendor not allowing for a direct audit.
The security manager should request a SOC 2 Type 2 report to assess the security posture of the vendor.
Reference: CompTIA Security+ Study Guide: Exam SY0-601, Chapter 5
If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?
- A . Perfect forward secrecy
- B . Elliptic-curve cryptography
- C . Key stretching
- D . Homomorphic encryption
B
Explanation:
Perfect forward secrecy would ensure that it cannot be used to decrypt all historical data. Perfect forward secrecy (PFS) is a security protocol that generates a unique session key for each session between two parties. This ensures that even if one session key is compromised, it cannot be used to decrypt other sessions.
A systems integrator is installing a new access control system for a building. The new system will need to connect to the Company’s AD server. In order to validate current employees.
Which of the following should the systems integrator configure to be the most secure?
- A . HTTPS
- B . SSH
- C . SFTP
- D . LDAPS
D
Explanation:
LDAPS (Lightweight Directory Access Protocol Secure) is the most secure protocol to use for connecting to an Active Directory server, as it encrypts the communication between the client and the server using SSL/TLS. This prevents eavesdropping, tampering, or spoofing of the authentication and authorization data. References: 1 CompTIA Security+ Certification Exam Objectives, page 13, Domain 3.0: Implementation, Objective 3.2: Implement secure protocols 2 CompTIA Security+ Certification Exam Objectives, page 15, Domain 3.0: Implementation, Objective 3.5: Implement secure authentication mechanisms 3 https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731033(v=ws.10)
A systems integrator is installing a new access control system for a building. The new system will need to connect to the Company’s AD server. In order to validate current employees.
Which of the following should the systems integrator configure to be the most secure?
- A . HTTPS
- B . SSH
- C . SFTP
- D . LDAPS
D
Explanation:
LDAPS (Lightweight Directory Access Protocol Secure) is the most secure protocol to use for connecting to an Active Directory server, as it encrypts the communication between the client and the server using SSL/TLS. This prevents eavesdropping, tampering, or spoofing of the authentication and authorization data. References: 1 CompTIA Security+ Certification Exam Objectives, page 13, Domain 3.0: Implementation, Objective 3.2: Implement secure protocols 2 CompTIA Security+ Certification Exam Objectives, page 15, Domain 3.0: Implementation, Objective 3.5: Implement secure authentication mechanisms 3 https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731033(v=ws.10)
A company’s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server.
Which of the following best describes what the security analyst is seeing?
- A . Concurrent session usage
- B . Secure DNS cryptographic downgrade
- C . On-path resource consumption
- D . Reflected denial of service
Local guidelines require that all information systems meet a minimum security baseline to be compliant.
Which of the following can security administrators use to assess their system configurations against the baseline?
- A . SOAR playbook
- B . Security control matrix
- C . Risk management framework
- D . Benchmarks
D
Explanation:
Benchmarks are predefined sets of configuration standards or best practices for securing information systems and networks. Benchmarks can be used to assess system configurations against the minimum security baseline required by local guidelines or industry regulations. Benchmarks can also provide guidance on how to remediate any deviations or vulnerabilities found during the assessment123
Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 10: Summarizing Risk Management Concepts, page 454;.
What is a Security Benchmark? – Definition from Techopedia; Security Baselines and Benchmarks – SANS Institute; Security Configuration Benchmarks – CIS
A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation.
Which of the following commands should the systems administrator use to resolve this issue?
- A . chmod
- B . grep
- C . dd
- D . passwd
A
Explanation:
chmod is a Linux command that can be used to change or modify the permissions of files and directories. The /etc/shadow file is a system file that stores the encrypted passwords of user accounts in Linux. The /etc/shadow file should have restricted permissions to prevent unauthorized access or modification of the passwords. The recommended permissions for the /etc/shadow file are read/write for root user only (600). If the systems administrator observes that the /etc/shadow file has permissions beyond the baseline recommendation, they can use the chmod command to resolve this issue by setting the appropriate permissions for the file. For example, chmod 600 /etc/shadow would set the permissions of the /etc/shadow file to read/write for root user only. 181920
Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 9: Implementing Identity and Access Management Controls, page 404; chmod – Wikipedia; Linux /etc/shadow file – nixCraft; How to Change File Permissions in Linux – Linuxize
A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database.
Which of the following was the MOST likely cause?
- A . Shadow IT
- B . Credential stuffing
- C . SQL injection
- D . Man in the browser
- E . Bluejacking
A
Explanation:
The most likely cause of the enterprise data being compromised from a local database is Shadow IT. Shadow IT is the use of unauthorized applications or devices by employees to access company resources. In this case, the sales director’s laptop was stolen, and the attacker was able to use it to access the local database, which was not secured properly, allowing unauthorized access to sensitive data.
Reference: CompTIA Security+ Certification Exam Objectives – Exam SY0-601
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
- A . Software as a service
- B . Infrastructure as code
- C . Internet of Things
- D . Software-defined networking
An organization wants to enable built-in FDE on all laptops.
Which of the following should the organization ensure is Installed on all laptops?
- A . TPM
- B . CA
- C . SAML
- D . CRL
A
Explanation:
The organization should ensure that a Trusted Platform Module (TPM) is installed on all laptops in order to enable built-in Full Disk Encryption (FDE). TPM is a hardware-based security chip that stores encryption keys and helps to protect data from malicious attacks. It is important to ensure that the TPM is properly configured and enabled in order to get the most out of FDE.