Labor day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

CompTIA SY0-601 CompTIA Security+ Exam 2021 Exam Practice Test

Page: 1 / 41
Total 410 questions

CompTIA Security+ Exam 2021 Questions and Answers

Question 1

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

Options:

A.

Perfect forward secrecy

B.

Elliptic-curve cryptography

C.

Key stretching

D.

Homomorphic encryption

Question 2

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

Options:

A.

Configuring an always-on VPN

B.

Implementing application whitelisting

C.

Requiring web traffic to pass through the on-premises content filter

D.

Setting the antivirus DAT update schedule to weekly

Question 3

An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization?

Options:

A.

Shadow IT

B.

An insider threat

C.

A hacktivist

D.

An advanced persistent threat

Question 4

Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Options:

A.

Red team

B.

While team

C.

Blue team

D.

Purple team

Question 5

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?

Options:

A.

Session replay

B.

Evil twin

C.

Bluejacking

D.

ARP poisoning

Question 6

A user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?

Options:

A.

Something you know, something you have, and somewhere you are

B.

Something you know, something you can do, and somewhere you are

C.

Something you are, something you know, and something you can exhibit

D.

Something you have, somewhere you are, and someone you know

Question 7

Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee’s workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?

Options:

A.

A worm that has propagated itself across the intranet, which was initiated by presentation media

B.

A fileless virus that is contained on a vCard that is attempting to execute an attack

C.

A Trojan that has passed through and executed malicious code on the hosts

D.

A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

Question 8

A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution?

Options:

A.

OAuth

B.

TACACS+

C.

SAML

D.

RADIUS

Question 9

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.)

Options:

A.

Alarms

B.

Signage

C.

Lighting

D.

Mantraps

E.

Fencing

F.

Sensors

Question 10

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

Options:

A.

DAC

B.

ABAC

C.

SCAP

D.

SOAR

Question 11

A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server's listening ports. Which of the following tools can BEST accomplish this talk?

Options:

A.

Netcat

B.

Netstat

C.

Nmap

D.

Nessus

Question 12

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

Options:

A.

Lease a point-to-point circuit to provide dedicated access.

B.

Connect the business router to its own dedicated UPS.

C.

Purchase services from a cloud provider for high availability

D Replace the business's wired network with a wireless network.

Question 13

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on

the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

meet these criteria?

Options:

A.

Implement NAC.

B.

Implement an SWG.

C.

Implement a URL filter.

D.

Implement an MDM.

Question 14

A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

Options:

A.

Upgrade the bandwidth available into the datacenter

B.

Implement a hot-site failover location

C.

Switch to a complete SaaS offering to customers

D.

Implement a challenge response test on all end-user queries

Question 15

Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

Options:

A.

Testing security systems and processes regularly

B.

Installing and maintaining a web proxy to protect cardholder data

C.

Assigning a unique ID to each person with computer access

D.

Encrypting transmission of cardholder data across private networks

E.

Benchmarking security awareness training for contractors

F.

Using vendor-supplied default passwords for system passwords

Question 16

The new Chief Executive Officer (CEO) of a large company has announced a partnership with a vendor that will provide multiple collaboration applications t

make remote work easier. The company has a geographically dispersed staff located in numerous remote offices in different countries. The company's IT

administrators are concerned about network traffic and load if all users simultaneously download the application. Which of the following would work BEST to

allow each geographic region to download the software without negatively impacting the corporate network?

Options:

A.

Update the host IDS rules.

B.

Enable application whitelisting.

C.

Modify the corporate firewall rules.

D.

Deploy all applications simultaneously.

Question 17

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

Options:

A.

Segmentation

B.

Containment

C.

Geofencing

D.

Isolation

Question 18

A major clothing company recently lost a large amount of proprietary information The security officer must find a solution to ensure this never happens again Which of the following is the BEST technical implementation to prevent this from happening again?

Options:

A.

Configure DLP solutions

B.

Disable peer-to-peer sharing.

C.

Enable role-based access controls

D.

Mandate job rotation.

E.

Implement content filters

Question 19

A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

Options:

A.

Nmapn

B.

Heat maps

C.

Network diagrams

D.

Wireshark

Question 20

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Question 21

Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

Options:

A.

To provide data to quantity risk based on the organization's systems.

B.

To keep all software and hardware fully patched for known vulnerabilities

C.

To only allow approved, organization-owned devices onto the business network

D.

To standardize by selecting one laptop model for all users in the organization

Question 22

An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication?

Options:

A.

Quarantining the compromised accounts and computers, only providing them with network access

B.

Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.

C.

Isolating the compromised accounts and computers, cutting off all network and internet access.

D.

Logging off and deleting the compromised accounts and computers to eliminate attacker access.

Question 23

The spread of misinformation surrounding the outbreak of a novel virus on election day ted to eligible voters choosing not to take the risk of going to the polls This is an example of:

Options:

A.

prepending.

B.

an influence campaign

C.

a watering-hole attack

D.

intimidation

E.

information elicitation

Question 24

After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred?

Options:

A.

Privilege escalation

B.

Session replay

C.

Application programming interface

D.

Directory traversal

Question 25

Which of the following would MOST likely support the integrity of a voting machine?

Options:

A.

Asymmetric encryption

B.

Blockchain

C.

Transport Layer Security

D.

Perfect forward secrecy

Question 26

The lessons-learned analysis from a recent incident reveals that an administrative office worker received a call from someone claiming to be from technical

support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program

was actually a backdoor that an attacker could later use to remote control the worker's PC. Which of the following would be BEST to help prevent this type of

attack in the future?

Options:

A.

Data loss prevention

B.

Segmentation

C.

Application whitelisting

D.

Quarantine

Question 27

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Options:

A.

Segmentation

B.

Firewall whitelisting

C.

Containment

D.

isolation

Question 28

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

Options:

A.

One-time passwords

B.

Email tokens

C.

Push notifications

D.

Hardware authentication

Question 29

A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

Options:

A.

Create a new acceptable use policy.

B.

Segment the network into trusted and untrusted zones.

C.

Enforce application whitelisting.

D.

Implement DLP at the network boundary.

Question 30

Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers'

accounts. Which of the following should be implemented to prevent similar situations in the future?

Options:

A.

Ensure input validation is in place to prevent the use of invalid characters and values.

B.

Calculate all possible values to be added together and ensure the use of the proper integer in the code.

C.

Configure the web application firewall to look for and block session replay attacks.

D.

Make sure transactions that are submitted within very short time periods are prevented from being processed.

Question 31

A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

Options:

A.

Dual power supplies

B.

A UPS

C.

A generator

D.

APDU

Question 32

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:

Options:

A.

business continuity plan

B.

communications plan.

C.

disaster recovery plan.

D.

continuity of operations plan

Question 33

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To

which of the following frameworks should the security officer map the existing controls? (Select TWO).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Question 34

An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)

Options:

A.

SFTP FTPS

B.

SNMPv2 SNMPv3

C.

HTTP, HTTPS

D.

TFTP FTP

E.

SNMPv1, SNMPv2

F.

Telnet SSH

G.

TLS, SSL

Question 35

Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

Options:

A.

Joe used Who is to produce this output.

B.

Joe used cURL to produce this output.

C.

Joe used Wireshark to produce this output

D.

The organization has adequate information available in public registration.

E.

The organization has too much information available in public registration.

F.

The organization has too little information available in public registration

Question 36

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

Options:

A.

Chain of custody

B.

Checksums

C.

Non-repudiation

D.

Legal hold

Question 37

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

Options:

A.

Recovery

B.

Identification

C.

Lessons learned

D.

Preparation

Question 38

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Question 39

An attacker is attempting to exploit users by creating a fake website with the URL users. Which of the following social-engineering attacks does this describe?

Options:

A.

Information elicitation

B.

Typo squatting

C.

Impersonation

D.

Watering-hole attack

Question 40

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

Options:

A.

Use password hashing.

B.

Enforce password complexity.

C.

Implement password salting.

D.

Disable password reuse.

Question 41

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

Options:

A.

perform attribution to specific APTs and nation-state actors.

B.

anonymize any PII that is observed within the IoC data.

C.

add metadata to track the utilization of threat intelligence reports.

D.

assist companies with impact assessments based on the observed data.

Question 42

A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the

application?

Options:

A.

Repository transaction logs

B.

Common Vulnerabilities and Exposures

C.

Static code analysis

D.

Non-credentialed scans

Question 43

A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you are

E.

Something you are

F.

Something you can do

Question 44

After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator's goal? (Select TWO).

Options:

A.

Disabling guest accounts

B.

Disabling service accounts

C.

Enabling network sharing

D.

Disabling NetBIOS over TCP/IP

E.

Storing LAN manager hash values

F.

Enabling NTLM

Question 45

A security engineer is installing a WAF to protect the company’s website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.

A reverse proxy

B.

A decryption certificate

C.

A split-tunnel VPN

D.

Load-balanced servers

Question 46

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

Options:

A.

FDE

B.

NIDS

C.

EDR

D.

DLP

Question 47

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following slops:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an incoming guest. The guest AD credentials are:

User: guest01

Password: guestpass

Options:

Question 48

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

Options:

A.

federation.

B.

a remote access policy.

C.

multifactor authentication.

D.

single sign-on.

Question 49

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern?

Options:

A.

Create consultant accounts for each region, each configured with push MFA notifications.

B.

Create one global administrator account and enforce Kerberos authentication

C.

Create different accounts for each region. limit their logon times, and alert on risky logins

D.

Create a guest account for each region. remember the last ten passwords, and block password reuse

Question 50

Which of the following often operates in a client-server architecture to act as a service repository. providing enterprise consumers access to structured threat intelligence data?

Options:

A.

STIX

B.

CIRT

C.

OSINT

D.

TAXII

Question 51

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).

Options:

A.

VPN

B.

Drive encryption

C.

Network firewall

D.

File level encryption

E.

USB blocker

F.

MFA

Question 52

The cost of '©movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer

Options:

A.

VLAN zoning with a file-transfer server in an external-facing zone

B.

DLP running on hosts to prevent file transfers between networks

C.

NAC that permits only data-transfer agents to move data between networks

D.

VPN with full tunneling and NAS authenticating through the Active Directory

Question 53

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

Options:

A.

Verification

B.

Validation

C.

Normalization

D.

Staging

Question 54

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

Options:

A.

Bug bounty

B.

Black-box

C.

Gray-box

D.

White-box

Question 55

A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

Options:

A.

The most common set of MDM configurations will become the effective set of enterprise mobile security controls.

B.

All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

C.

Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

D.

MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.

Question 56

A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?

Options:

A.

WEP

B.

MSCHAP

C.

WPS

D.

SAE

Question 57

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

Options:

A.

An air gap

B.

A Faraday cage

C.

A shielded cable

D.

A demilitarized zone

Question 58

A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

Options:

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

Question 59

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

  • Check-in/checkout of credentials
  • The ability to use but not know the password
  • Automated password changes
  • Logging of access to credentials

Which of the following solutions would meet the requirements?

Options:

A.

OAuth 2.0

B.

Secure Enclave

C.

A privileged access management system

D.

An OpenID Connect authentication system

Question 60

To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials. Which of the following will BEST ensure the site’s users are not compromised after the reset?

Options:

A.

A password reuse policy

B.

Account lockout after three failed attempts

C.

Encrypted credentials in transit

D.

A geofencing policy based on login history

Question 61

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Options:

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Page: 1 / 41
Total 410 questions