Practice Free SY0-601 Exam Online Questions
A company’s Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks.
Which of the following would be best for the security manager to use in a threat model?
- A . Hacktivists
- B . White-hat hackers
- C . Script kiddies
- D . Insider threats
A
Explanation:
Hacktivists are hackers who use their skills to promote a political or social cause, such as human rights, environmentalism, anti-censorship, etc. Hacktivists may target organizations or individuals who oppose their views or agendas, and launch cyberattacks such as defacement, denial-of-service, data theft, or sabotage. In this case, the security manager should consider hacktivists as a potential threat actor who may launch cyberattacks in response to the CEO’s controversial opinion article.
Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations.
Which of the following documents did Ann receive?
- A . An annual privacy notice
- B . A non-disclosure agreement
- C . A privileged-user agreement
- D . A memorandum of understanding
A
Explanation:
Ann received an annual privacy notice from her mortgage company. An annual privacy notice is a statement from a financial institution or creditor that outlines the institution’s privacy policy and explains how the institution collects, uses, and shares customers’ personal information. It informs the customer about their rights under the Gramm-Leach-Bliley Act (GLBA) and the institution’s practices for protecting their personal information.
Reference: CompTIA Security+ Certification Exam Objectives – Exam SY0-601
Which of the following incident response steps occurs before containment?
- A . Eradication
- B . Recovery
- C . Lessons learned
- D . Identification
D
Explanation:
Identification is the first step in the incident response process, which involves recognizing that an incident has occurred. Containment is the second step, followed by eradication, recovery, and lessons learned.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 10: Incident Response and Recovery, pp. 437-441.
Which of the following is the BEST action to foster a consistent and auditable incident response process?
- A . Incent new hires to constantly update the document with external knowledge.
- B . Publish the document in a central repository that is easily accessible to the organization.
- C . Restrict eligibility to comment on the process to subject matter experts of each IT silo.
- D . Rotate CIRT members to foster a shared responsibility model in the organization
168.1.255 ff-ff-ff-ff-ff-ff static
Which of the following is the analyst observing?
- A . ICMP spoofing
- B . URL redirection
- C . MAC address cloning
- D . DNS poisoning
An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims.
Which of the following is the attacker most likely attempting?
- A . A spear-phishing attach
- B . A watering-hole attack
- C . Typo squatting
- D . A phishing attack
B
Explanation:
The attacker is most likely attempting a watering-hole attack. A watering-hole attack is a type of attack that targets a specific group of users by compromising a website that they frequently visit. The attacker then installs malware on the website that infects the visitors’ devices or redirects them to malicious sites. The attacker hopes to gain access to the users’ credentials, data, or networks by exploiting their trust in the legitimate website2.
A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking.
Which of the following cloud service provider types should business engage?
- A . A laaS
- B . PaaS
- C . XaaS
- D . SaaS
A
Explanation:
Infrastructure as a Service (IaaS) providers offer a la carte services, including cloud backups, VM elasticity, and secure networking. With IaaS, businesses can rent infrastructure components such as virtual machines, storage, and networking from a cloud service provider.
Reference: CompTIA Security+ Study Guide, pages 233-234
An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread.
Which of the following is the best course of action for the analyst to take?
- A . Apply a DLP solution.
- B . Implement network segmentation.
- C . Utilize email content filtering.
- D . Isolate the infected attachment.
D
Explanation:
Isolating the infected attachment is the best course of action for the analyst to take to prevent further spread of the worm. A worm is a type of malware that can self-replicate and infect other devices without human interaction. By isolating the infected attachment, the analyst can prevent the worm from spreading to other devices or networks via email, file-sharing, or other means. Isolating the infected attachment can also help the analyst to analyze the worm and determine its source, behavior, and impact.
Reference:
https://www.security.org/antivirus/computer-worm/
https://sec.cloudapps.cisco.com/security/center/resources/worm_mitigation_whitepaper.html
An organization is building backup server rooms in geographically diverse locations. The Chief Information Secure implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulned existing server room.
Which of the following should the systems engineer consider?
- A . Purchasing hardware from different vendors
- B . Migrating workloads to public cloud infrastructure
- C . Implementing a robust patch management solution
- D . Designing new detective security controls
A network administrator added a new router to the network.
Which of the following should the administrator do first when configuring the router?
- A . Isolate the router.
- B . Apply patches.
- C . Remove unnecessary software.
- D . Change the default passwords.