Practice Free SY0-601 Exam Online Questions
A dynamic application vulnerability scan identified that code injection could be performed using a web form.
Which of the following will be the best remediation to prevent this vulnerability?
- A . Implement input validations
- B . Deploy UFA
- C . Utilize a WAF
- D . Conjure HIPS
C
Explanation:
A web application firewall (WAF) is a security solution that monitors and filters the traffic between a web application and the internet. It can prevent code injection attacks by blocking malicious requests that contain code snippets or commands that could compromise the web application. A WAF can also enforce input validation rules and sanitize user inputs to prevent code injection.
Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 4: Implementing Secure Network Designs, page 194; 5 ways to prevent code injection in JavaScript and Node.js
Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?
- A . Vulnerabilities with a CVSS score greater than 6.9.
- B . Critical infrastructure vulnerabilities on non-IP protocols.
- C . CVEs related to non-Microsoft systems such as printers and switches.
- D . Missing patches for third-party software on Windows workstations and servers.
D
Explanation:
An uncredentialed scan would miss missing patches for third-party software on Windows workstations and servers. A credentialed scan, however, can scan the registry and file system to determine the patch level of third-party applications.
Reference: CompTIA Security+ Study Guide by
Emmett Dulaney, Chapter 4: Identity and Access Management, The Importance of Credentialing Scans
A cybersecurity administrator needs to allow mobile BYOD devices to access network resources.
As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).
- A . Create a new network for the mobile devices and block the communication to the internal network and servers
- B . Use a captive portal for user authentication.
- C . Authenticate users using OAuth for more resiliency
- D . Implement SSO and allow communication to the internal network
- E . Use the existing network and allow communication to the internal network and servers.
- F . Use a new and updated RADIUS server to maintain the best solution
B, C
Explanation:
When allowing mobile BYOD devices to access network resources, using a captive portal for user authentication and authenticating users using OAuth are both best practices for authentication and infrastructure security. A captive portal requires users to authenticate before accessing the network and can be used to enforce policies and restrictions. OAuth allows users to authenticate using third-party providers, reducing the risk of password reuse and credential theft.
Reference: CompTIA Security+ Study Guide, pages 217-218, 225-226
A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work.
Which of the following should be included in this design to satisfy these requirements? (Select TWO).
- A . DLP
- B . MAC filtering
- C . NAT
- D . VPN
- E . Content filler
- F . WAF
CD
Explanation:
NAT (Network Address Translation) is a technology that allows multiple devices to share a single IP address, allowing them to access the internet while still maintaining security and privacy. VPN (Virtual Private Network) is a technology that creates a secure, encrypted tunnel between two or more devices, allowing users to access the internet and other network resources securely and privately. Additionally, VPNs can also be used to restrict access to certain websites and services, such as social media sites and external email services.
A security analyst is investigating a SIEM event concerning invalid log-ins.
The system logs that match the time frame of the event show the following:
Which of the following best describes this type of attack?
- A . Rainbow table
- B . Spraying
- C . Dictionary
- D . Keylogger
A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware.
Which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure?
- A . BYOD
- B . JVDI
- C . COPE
- D . CYOD
A security researcher is using an adversary’s infrastructure and TTPs and creating a named group to track those targeted.
Which of the following is the researcher MOST likely using?
- A . The Cyber Kill Chain
- B . The incident response process
- C . The Diamond Model of Intrusion Analysis
- D . MITRE ATT&CK
D
Explanation:
The researcher is most likely using the MITRE ATT&CK framework. MITRE ATT&CK is a globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. It helps security teams better understand and track adversaries by creating a named group, which aligns with the scenario described in the question. The framework is widely recognized and referenced in the cybersecurity industry, including in CompTIA Security+ study materials.
Reference: 1. CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf 2. MITRE ATT&CK: https://attack.mitre.org/
MITRE ATT&CK is a knowledge base of adversary tactics, techniques, and procedures (TTPs) that are observed in real-world cyberattacks. MITRE ATT&CK provides a common framework and language for describing and analyzing cyber threats and their behaviors. MITRE ATT&CK also allows security researchers to create named groups that track specific adversaries based on their TTPs.
The other options are not correct because:
A security analyst at an organization observed several user logins from outside the organization’s network The analyst determined that these logins were not performed by individuals within the organization.
Which of the following recommendations would reduce the likelihood of future attacks? (Select two).
- A . Disciplinary actions for users
- B . Conditional access policies
- C . More regular account audits
- D . implementation of additional authentication factors
- E . Enforcement of content filtering policies
- F . A review of user account permissions
A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems.
Which of the following strategies should the company use to achieve this security requirement?
- A . Microservices
- B . Containerization
- C . Virtualization
- D . Infrastructure as code
A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:
✑ Consistent power levels in case of brownouts or voltage spikes
✑ A minimum of 30 minutes runtime following a power outage
✑ Ability to trigger graceful shutdowns of critical systems
Which of the following would BEST meet the requirements?
- A . Maintaining a standby, gas-powered generator
- B . Using large surge suppressors on computer equipment
- C . Configuring managed PDUs to monitor power levels
- D . Deploying an appropriately sized, network-connected UPS device
D
Explanation:
A UPS (uninterruptible power supply) device is a battery backup system that can provide consistent power levels in case of brownouts or voltage spikes. It can also provide a minimum of 30 minutes runtime following a power outage, depending on the size and load of the device. A network-connected UPS device can also communicate with critical systems and trigger graceful shutdowns if the battery level is low or the power is not restored.