Practice Free SY0-601 Exam Online Questions
Which of the following security controls s sed to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?
- A . Faraday cages
- B . Air gap
- C . Vaulting
- D . Proximity readers
B
Explanation:
An air gap is a security measure that physically isolates a section of the network from any other network or device that could compromise its security. An air gap prevents any unauthorized access, data leakage, or malware infection through network connections, such as Ethernet cables, wireless signals, or Bluetooth devices. An air gap can be used to protect sensitive or critical systems and data from external threats, such as hackers, spies, or cyberattacks.
A security analyst reviews web server logs and finds the following string gallerys?file―. ./../../../../. . / . ./etc/passwd
Which of the following attacks was performed against the web server?
- A . Directory traversal
- B . CSRF
- C . Pass the hash
- D . SQL injection
A
Explanation:
Directory traversal is an attack that exploits a vulnerability in a web application or a file system to access files or directories that are outside the intended scope. The attacker can use special characters, such as …/ or … , to navigate through the directory structure and access restricted files or directories.
A user’s login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials.
Which of the following attacks occurred?
- A . Cross-site scripting
- B . SOL injection
- C . DNS poisoning
- D . Certificate forgery
D
Explanation:
The user input credentials into a pop-up window that was not part of the trusted website. This suggests that the attacker was able to forge a certificate and present a fake website that looked like the legitimate one. This is a type of attack known as certificate forgery, which exploits the trust relationship between users and websites that use SSL/TLS encryption2.
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal
network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator.
To which of the following groups should the analyst report this real-world event?
- A . The NOC team
- B . The vulnerability management team
- C . The CIRT
- D . The read team
C
Explanation:
The Computer Incident Response Team (CIRT) is responsible for handling incidents and ensuring that the incident response plan is followed.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 9
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
- A . Compensating control
- B . Network segmentation
- C . Transfer of risk
- D . SNMP traps
A
Explanation:
A compensating control is a type of security control that is implemented in lieu of a recommended security measure that is deemed too difficult or impractical to implement at the present time. A compensating control must provide equivalent or comparable protection for the system or network and meet the intent and rigor of the original security requirement. An example of a compensating control is using a host-based firewall on a legacy Linux system to allow connections from only specific internal IP addresses, as it can provide a similar level of defense as a network firewall that may not be compatible with the system.
Reference:
https://www.techtarget.com/whatis/definition/compensating-control
https://reciprocity.com/resources/whats-the-difference-between-compensating-controls-and-mitigating-controls/
A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company’s web application.
Which of the following cloud concepts would BEST these requirements?
- A . SaaS
- B . VDI
- C . Containers
- D . Microservices
C
Explanation:
Containers are a type of virtualization technology that allow applications to run in a secure, isolated environment on a single host. They can be quickly scaled up or down as needed, making them an ideal solution for unpredictable loads. Additionally, containers are designed to be lightweight and portable, so they can easily be moved from one host to another.
Reference: CompTIA Security+ Sy0-601 official Text book, page 863.
A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private.".
Which of the following is the best way to fix this issue?
- A . Ignore the warning and continue to use the application normally.
- B . Install the certificate on each endpoint that needs to use the application.
- C . Send the new certificate to the users to install on their browsers.
- D . Send a CSR to a known CA and install the signed certificate on the application’s server.
D
Explanation:
A certificate issued by an internal CA is not trusted by default by external users or applications. Therefore, when a user tries to reach the application that uses an internal CA certificate, they will receive a warning message that their connection is not private1. The best way to fix this issue is to use a certificate signed by a well-known public CA that is trusted by most browsers and operating systems1. To do this, the security administrator needs to send a certificate signing request (CSR) to a public CA and install the signed certificate on the application’s server2. The other options are not recommended or feasible. Ignoring the warning and continuing to use the application normally is insecure and exposes the user to potential man-in-the-middle attacks3. Installing the certificate on each endpoint that needs to use the application is impractical and cumbersome, especially if there are many users or devices involved3. Sending the new certificate to the users to install on their browsers is also inconvenient and may not work for some browsers or devices3.
Reference: 1: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-self-signed-certificate 2: https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-certificate-management 3: https://serverfault.com/questions/1106443/should-i-use-a-public-or-a-internal-ca-for-client-certificate-mtls
A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in.
Which of the blowing most likely occurred?
- A . A spraying attack was used to determine which credentials to use
- B . A packet capture tool was used to steal the password
- C . A remote-access Trojan was used to install the malware
- D . A directory attack was used to log in as the server administrator
B
Explanation:
Telnet is an insecure protocol that transmits data in cleartext over the network. This means that anyone who can intercept the network traffic can read the data, including the username and password of the server administrator. A packet capture tool is a software or hardware device that can capture and analyze network packets. An attacker can use a packet capture tool to steal the password and use it to install malicious software on the server.
Reference: https://www.comptia.org/content/guides/what-is-network-security
A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text,.
Which Of following is most likely installed on compromised host?
- A . Keylogger
- B . Spyware
- C . Torjan
- D . Ransomware
A
Explanation:
A keylogger is a type of malware that records the keystrokes of the user and sends them to a remote attacker. The attacker can use the keystrokes to steal the user’s credentials, personal information, or other sensitive data. A keylogger can generate packets that contain large amounts of text, as the packet capture data shows.
A security analyst has been tasked with creating a new WiFi network for the company.
The requirements received by the analyst are as follows:
• Must be able to differentiate between users connected to WiFi
• The encryption keys need to change routinely without interrupting the users or forcing reauthentication
• Must be able to integrate with RADIUS
• Must not have any open SSIDs
Which of the following options BEST accommodates these requirements?
- A . WPA2-Enterprise
- B . WPA3-PSK
- C . 802.11n
- D . WPS
A
Explanation:
Detailed WPA2-Enterprise can accommodate all of the requirements listed. WPA2-Enterprise uses 802.1X authentication to differentiate between users, supports the use of RADIUS for authentication, and allows for the use of dynamic encryption keys that can be changed without disrupting the users or requiring reauthentication. Additionally, WPA2-Enterprise does not allow for open SSIDs.
Reference: CompTIA Security+ Study Guide: Exam SY0-601, Chapter 7: Securing Networks, p. 317