Practice Free SY0-601 Exam Online Questions
A security analyst is concerned about traffic initiated to the dark web from the corporate LAN.
Which of the following networks should the analyst monitor?
- A . SFTP
- B . AIS
- C . Tor
- D . loC
C
Explanation:
Tor (The Onion Router) is a network and a software that enables anonymous communication over the internet. It routes the traffic through multiple relays and encrypts it at each layer, making it difficult to trace or monitor. It can access the dark web, which is a part of the internet that is hidden from conventional search engines and requires special software or configurations to access
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?
- A . Integrity
- B . Availability
- C . Confidentiality
- D . Non-repudiation
The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy.
The CISO is concerned that members of the incident response team do not understand their roles.
The bank wants to test the policy but with the least amount of resources or impact.
Which of the following BEST meets the requirements?
- A . Warm-site failover
- B . Tabletop walk-through
- C . Parallel path testing
- D . Full outage simulation
Which of the following should a security operations center use to improve its incident response procedure?
- A . Playbooks
- B . Frameworks
- C . Baselines
- D . Benchmarks
In a tabletop exercise a simulated group of disgruntled employees deleted all of their work from the file server on their last day at the company.
Which of the following actions would a security engineer take to mitigate this risk?
- A . Perform nightly snapshots.
- B . Deploy RAID 10 on the file server.
- C . Maintain the last known-good configurations.
- D . Replicate the data to a hot site.
An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed.
Which of the following is the MOST likely cause for the high number of findings?
- A . The vulnerability scanner was not properly configured and generated a high number of false positives
- B . Third-party libraries have been loaded into the repository and should be removed from the codebase.
- C . The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.
- D . The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.
A
Explanation:
The most likely cause for the high number of findings is that the vulnerability scanner was not properly configured and generated a high number of false positives. False positive results occur when a vulnerability scanner incorrectly identifies a non-vulnerable system or application as being vulnerable. This can happen due to incorrect configuration, over-sensitive rule sets, or outdated scan databases.
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/
A company is required to continue using legacy software to support a critical service.
Which of the following BEST explains a risk of this practice?
- A . Default system configuration
- B . Unsecure protocols
- C . Lack of vendor support
- D . Weak encryption
C
Explanation:
Using legacy software to support a critical service poses a risk due to lack of vendor support. Legacy software is often outdated and unsupported, which means that security patches and upgrades are no longer available. This can leave the system vulnerable to exploitation by attackers who may exploit known vulnerabilities in the software to gain unauthorized access to the system.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 1: Attacks, Threats, and Vulnerabilities
A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry.
Which of the following is the BEST solution to prevent this type of incident from occurring again?
- A . Enforce the use of a controlled trusted source of container images
- B . Deploy an IPS solution capable of detecting signatures of attacks targeting containers
- C . Define a vulnerability scan to assess container images before being introduced on the environment
- D . Create a dedicated VPC for the containerized environment
A
Explanation:
Enforcing the use of a controlled trusted source of container images is the best solution to prevent incidents like the introduction of a zero-day vulnerability through container images from occurring again.
Reference: CompTIA Security+ Study Guide by Emmett Dulaney, Chapter 11: Cloud Security, Container Security
A network administrator needs to determine Ihe sequence of a server farm’s logs.
Which of the following should the administrator consider? (Select TWO).
- A . Chain of custody
- B . Tags
- C . Reports
- D . Time stamps
- E . Hash values
- F . Time offset
DF
Explanation:
A server farm’s logs are records of events that occur on a group of servers that provide the same service or function. Logs can contain information such as date, time, source, destination, message, error code, and severity level. Logs can help administrators monitor the performance, security, and availability of the servers and troubleshoot any issues.
To determine the sequence of a server farm’s logs, the administrator should consider the following factors:
Time stamps: Time stamps are indicators of when an event occurred on a server. Time stamps can help administrators sort and correlate events across different servers based on chronological order. However, time stamps alone may not be sufficient to determine the sequence of events if the servers have different time zones or clock settings.
Time offset: Time offset is the difference between the local time of a server and a reference time, such as Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). Time offset can help administrators adjust and synchronize the time stamps of different servers to a common reference time and eliminate any discrepancies caused by time zones or clock settings.
Reference:
https://www.comptia.org/certifications/security#examdetails
https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives
https://docs.microsoft.com/en-us/windows-server/administration/server-manager/view-event-logs
An organization is concerned about intellectual property theft by employees who leave the organization.
Which of the following should the organization most likely implement?
- A . CBT
- B . NDA
- C . MOU
- D . AUP
B
Explanation:
NDA stands for non-disclosure agreement, which is a legally binding contract that establishes a confidential relationship between two or more parties. An NDA can be used to prevent intellectual property theft by employees who leave the organization by prohibiting them from disclosing or using any sensitive information they may have obtained during their employment. An NDA can protect trade secrets, business plans, customer data, and other proprietary information from being leaked or exploited by competitors or other parties789
Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 10: Summarizing Risk Management Concepts, page 452; Non-Disclosure Agreement (NDA) Explained, With Pros and Cons – Investopedia; Free Non-Disclosure Agreement (NDA) Template | PDF & Word; Non-disclosure agreement – Wikipedia