Practice Free SY0-601 Exam Online Questions
A company policy requires third-party suppliers to self-report data breaches within a specific time frame.
Which of the following third-party risk management policies is the company complying with?
- A . MOU
- B . SLA
- C . EOL
- D . NDA
B
Explanation:
An SLA or service level agreement is a type of third-party risk management policy that defines the expectations and obligations between a service provider and a customer. An SLA typically includes metrics and standards for measuring the quality and performance of the service, as well as penalties or remedies for non-compliance. An SLA can also specify the reporting requirements for data breaches or other incidents that may affect the customer’s security or privacy.
A company’s help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot.
Which Of the following IS the most likely reason for the outage?
- A . Someone near the is jamming the signal.
- B . A user has set up a rogue access point near building.
- C . Someone set up an evil twin access Print in the affected area.
- D . The APS in the affected area have been from the network
A
Explanation:
Wireless jamming is a way for an attacker to disrupt a wireless network and create a denial of ser-vice situation by decreasing the signal-to-noise ratio at the receiving device. The attacker would need to be relatively close to the wireless network to overwhelm the good signal. The other options are not likely to cause a wireless network outage for users near the parking lot.
A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country.
Which of the following techniques will the systems analyst MOST likely implement to address this issue?
- A . Content filter
- B . SIEM
- C . Firewall rules
- D . DLP
C
Explanation:
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. The systems analyst can use firewall rules to block connections from the ten IP addresses in question, or from the entire network block in the specific country. This would be a quick and effective way to address the issue of high connections to the web server initiated by these IP addresses.
Reference: CompTIA Security+ SY0-601 Official Text Book, Chapter 5: "Network Security".
An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service.
Which of the following would be the best technology for the analyst to consider implementing?
- A . DLP
- B . VPC
- C . CASB
- D . Content filtering
C
Explanation:
A cloud access security broker (CASB) is a technology that can restrict access to internet services to
authorized users only and control the actions each user can perform on each service. A CASB is a type of software or service that acts as an intermediary between users and cloud service providers. A CASB can enforce security policies, monitor user activity, detect and prevent data leaks, encrypt data, and provide visibility and auditability of cloud usage.
Reference:
https://www.comptia.org/blog/what-is-a-cloud-access-security-broker
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf
A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual.
Which of the following should the analyst implement?
- A . Non-repudiation
- B . Baseline configurations
- C . MFA
- D . DLP
A
Explanation:
Non-repudiation is the process of ensuring that a party involved in a transaction or communication cannot deny their involvement. By implementing non-repudiation controls, a cybersecurity analyst can properly track and log user actions, attributing them to a specific individual. This can be achieved through methods such as digital signatures, timestamps, and secure logging mechanisms.
Reference: 1. CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/CompTIA%20Security%2B%20SY0-601%20Exam%20Objectives.pdf
Employees at a company are receiving unsolicited text messages on their corporate cell phones. The
unsolicited text messages contain a password reset Link.
Which of the attacks is being used to target the company?
- A . Phishing
- B . Vishing
- C . Smishing
- D . Spam
C
Explanation:
Smishing is a type of phishing attack which begins with an attacker sending a text message to an individual. The message contains social engineering tactics to convince the person to click on a malicious link or send sensitive information to the attacker.
Criminals use smishing attacks for purposes like:
Learn login credentials to accounts via credential phishing
Discover private data like social security numbers
Send money to the attacker
Install malware on a phone
Establish trust before using other forms of contact like phone calls or emails
Attackers may pose as trusted sources like a government organization, a person you know, or your bank. And messages often come with manufactured urgency and time-sensitive threats. This can make it more difficult for a victim to notice a scam.
Phone numbers are easy to spoof with VoIP texting, where users can create a virtual number to send and receive texts. If a certain phone number is flagged for spam, criminals can simply recycle it and use a new one.
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
- A . Prepara
- B . Recovery
- C . Lessons learned
- D . Analysis
A security analyst finds that a user’s name appears in a database entry at a time when the user was on vacation.
The security analyst reviews the following logs from the authentication server that is being used by the database:
Which of the following can the security analyst conclude based on the review?
- A . A brute-force attack occurred.
- B . A rainbow table uncovered the password.
- C . Technical controls did not block the reuse of a password.
- D . An attacker used password spraying.
A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.
Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?
- A . NIDS
- B . MAC filtering
- C . Jump server
- D . IPSec
- E . NAT gateway
C
Explanation:
A jump server is a device that acts as an intermediary between users and other devices on a network. A jump server can provide a secure and controlled access point to the legacy devices without exposing them directly to the network. A jump server can also enforce authentication, authorization, logging, and auditing policies.
A third party asked a user to share a public key for secure communication.
Which of the following file formats should the user choose to share the key?
- A . .pfx
- B . .csr
- C . .pvk
- D . .cer
D
Explanation:
A user should choose the .cer file format to share a public key for secure communication. A .cer file is a public key certificate that can be shared with third parties to enable secure communication.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6: Cryptography, pp. 301-302.
A public key is a cryptographic key that can be used to encrypt or verify data. A public key file is a file that contains one or more public keys in a specific format.
There are different formats for public key files, depending on the application and the algorithm used.
Some of the common formats are:
.pfx: This is a file format that stores a certificate and its private and public keys. It is also known as PKCS#12 or Personal Information Exchange. It is used by some applications such as Microsoft Internet Explorer and Outlook to import and export certificates and keys.1
.csr: This is a file format that stores a Certificate Signing Request, which is a message sent to a Certificate Authority (CA) to request a digital certificate. It contains the public key and some information about the identity of the requester. It is also known as PKCS#10 or Certification Request Syntax.2
.pvk: This is a file format that stores a private key for Microsoft Authenticode code signing. It is used with a .spc file that contains the certificate and public key.3
.cer: This is a file format that stores a certificate, which is a document that binds a public key to an identity. It is also known as DER or Distinguished Encoding Rules. It is used by some applications such as OpenSSL and Java to read and write certificates.4