Labor day Special Limited Time 50% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4s50disc

SY0-601 PDF

$47.5

$94.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

SY0-601 PDF + Testing Engine

$70

$139.99

3 Months Free Update

  • Exam Name: CompTIA Security+ Exam 2021
  • Last Update: Sep 18, 2021
  • Questions and Answers: 410
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

SY0-601 Engine

$55

$109.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

SY0-601 CompTIA Security+ Exam 2021 Questions and Answers

Question # 4

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A.

DLP

B.

HIDS

C.

EDR

D.

NIPS

Full Access
Question # 5

A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

A.

logger

B.

Metasploit

C.

tcpdump

D.

netstat

Full Access
Question # 6

An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would BEST support this solution?

A.

Web log files

B.

Browser cache

C.

DNS query logs

D.

Antivirus

Full Access
Question # 7

Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Full Access
Question # 8

A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?

• The solution must be inline in the network

• The solution must be able to block known malicious traffic

• The solution must be able to stop network-based attacks

Which of the following should the network administrator implement to BEST meet these requirements?

A.

HIDS

B.

NIDS

C.

HIPS

D.

NIPS

Full Access
Question # 9

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

A.

OAuth

B.

SSO

C.

SAML

D.

PAP

Full Access
Question # 10

Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?

A.

SIEM

B.

CASB

C.

UTM

D.

DLP

Full Access
Question # 11

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO)

A.

VPN

B.

Drive encryption

C.

Network firewall

D.

File-level encryption

E.

USB blocker

F.

MFA

Full Access
Question # 12

n organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization

need to determine for this to be successful?

A.

The baseline

B.

The endpoint configurations

C.

The adversary behavior profiles

D.

The IPS signatures

Full Access
Question # 13

A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

A.

Nmapn

B.

Heat maps

C.

Network diagrams

D.

Wireshark

Full Access
Question # 14

A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Select TWO)

A.

DNSSEC

B.

Reverse proxy

C.

VPN concentrator

D.

PKI

E.

Active Directory

F.

RADIUS

Full Access
Question # 15

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

A.

Document the collection and require a sign-off when possession changes.

B.

Lock the device in a safe or other secure location to prevent theft or alteration.

C.

Place the device in a Faraday cage to prevent corruption of the data.

D.

Record the collection in a blockchain-protected public ledger.

Full Access
Question # 16

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Full Access
Question # 17

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

A.

openssl

B.

hping

C.

netcat

D.

tcpdump

Full Access
Question # 18

An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com. The attacker 's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe?

A.

Information elicitation

B.

Typo squatting

C.

Impersonation

D.

Watering-hole attack

Full Access
Question # 19

Which of the following describes the BEST approach for deploying application patches?

A.

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

B.

Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems

C.

Test the patches m a test environment apply them to the production systems and then apply them to a staging environment

D.

Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment

Full Access
Question # 20

Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware?

A.

Install a definition-based antivirus.

B.

Implement an IDS/IPS

C.

Implement a heuristic behavior-detection solution.

D.

Implement CASB to protect the network shares.

Full Access
Question # 21

A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backups followed by differential backups

Full Access
Question # 22

Which of the following is the purpose of a risk register?

A.

To define the level or risk using probability and likelihood

B.

To register the risk with the required regulatory agencies

C.

To identify the risk, the risk owner, and the risk measures

D.

To formally log the type of risk mitigation strategy the organization is using

Full Access
Question # 23

A security researcher is attempting to gather data on the widespread use of a Zero-day exploit. Which of the following will the researcher MOST likely use to capture this data?

A.

A DNS sinkhole

B.

A honeypot

C.

A vulnerability scan

D.

cvss

Full Access
Question # 24

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The Oss are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

A.

Redundancy

B.

RAID 1+5

C.

Virtual machines

D.

Full backups

Full Access
Question # 25

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

A.

Segmentation

B.

Containment

C.

Geofencing

D.

Isolation

Full Access
Question # 26

The cost of '©movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer

A.

VLAN zoning with a file-transfer server in an external-facing zone

B.

DLP running on hosts to prevent file transfers between networks

C.

NAC that permits only data-transfer agents to move data between networks

D.

VPN with full tunneling and NAS authenticating through the Active Directory

Full Access
Question # 27

A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?

A.

WEP

B.

MSCHAP

C.

WPS

D.

SAE

Full Access
Question # 28

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Select TWO).

A.

Offboarding

B.

Mandatory vacation

C.

Job rotation

D.

Background checks

E.

Separation of duties

F.

Acceptable use

Full Access
Question # 29

A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

A.

A packet capture

B.

A user behavior analysis

C.

Threat hunting

D.

Credentialed vulnerability scanning

Full Access
Question # 30

A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should

the management team follow?

A.

Payment Card Industry Data Security Standard

B.

Cloud Security Alliance Best Practices

C.

ISO/IEC 27032 Cybersecurity Guidelines

D.

General Data Protection Regulation

Full Access
Question # 31

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Full Access
Question # 32

Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

A.

The data owner

B.

The data processor

C.

The data steward

D.

The data privacy officer.

Full Access
Question # 33

A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements?

A.

An NGFW

B.

A CASB

C.

Application whitelisting

D.

An NG-SWG

Full Access
Question # 34

A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

A.

Digitally sign the relevant game files.

B.

Embed a watermark using steganography.

C.

Implement TLS on the license activation server.

D.

Fuzz the application for unknown vulnerabilities.

Full Access
Question # 35

A large financial services firm recently released information regarding a security bfeach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gam access?

A.

A bot

B.

A fileless virus

C.

A logic bomb

D.

A RAT

Full Access
Question # 36

A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement?

A.

Asymmatric

B.

Symmetric

C.

Homeomorphic

D.

Ephemeral

Full Access
Question # 37

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

A.

The data protection officer

B.

The data processor

C.

The data owner

D.

The data controller

Full Access
Question # 38

A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A.

SIEM

B.

DLP

C.

CASB

D.

SWG

Full Access
Question # 39

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A.

An incident response plan

B.

A communications plan

C.

A business continuity plan

D.

A disaster recovery plan

Full Access
Question # 40

A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution?

A.

OAuth

B.

TACACS+

C.

SAML

D.

RADIUS

Full Access
Question # 41

A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the

requirements are:

* Employees must provide an alternate work location (i.e., a home address)

* Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.

Which of the following BEST describes the MDM options the company is using?

A.

Geofencing, content management, remote wipe, containerization, and storage segmentation

B.

Content management, remote wipe, geolocation, context-aware authentication, and containerization

C.

Application management, remote wipe, geofencing, context-aware authentication, and containerization

D.

Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption

Full Access
Question # 42

A cloud administrator is configuring five compute instances under the same subnet in a VPC Three instances are required to communicate with one another, and the other two must he logically isolated from all other instances in the VPC. Which of the following must the administrator configure to meet this requirement?

A.

One security group

B.

Two security groups

C.

Three security groups

D.

Five security groups

Full Access
Question # 43

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network

D.

Adding two hops in the VPN tunnel may slow down remote connections

Full Access
Question # 44

A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

A.

Upgrade the bandwidth available into the datacenter

B.

Implement a hot-site failover location

C.

Switch to a complete SaaS offering to customers

D.

Implement a challenge response test on all end-user queries

Full Access
Question # 45

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

A.

Predictability

B.

Key stretching

C.

Salting

D.

Hashing

Full Access
Question # 46

A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A.

A rainbow table attack

B.

A password-spraying attack

C.

A dictionary attack

D.

A keylogger attack

Full Access
Question # 47

When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

A.

Tokenization

B.

Data masking

C.

Normalization

D.

Obfuscation

Full Access
Question # 48

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

A.

Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis

B.

Restrict administrative privileges and patch ail systems and applications.

C.

Rebuild all workstations and install new antivirus software

D.

Implement application whitelisting and perform user application hardening

Full Access
Question # 49

Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline?

A.

Something you exhibit

B.

Something you can do

C.

Someone you know

D.

Somewhere you are

Full Access
Question # 50

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the

break room only have 512KB of storage. Which of the following is MOST likely the cause?

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage.

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Full Access
Question # 51

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern?

A.

Create consultant accounts for each region, each configured with push MFA notifications.

B.

Create one global administrator account and enforce Kerberos authentication

C.

Create different accounts for each region. limit their logon times, and alert on risky logins

D.

Create a guest account for each region. remember the last ten passwords, and block password reuse

Full Access
Question # 52

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO’s concerns?

A.

SSO would simplify username and password management, making it easier for hackers to pass guess accounts.

B.

SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

C.

SSO would reduce the password complexity for frontline staff.

D.

D. SSO would reduce the resilience and availability of system if the provider goes offline.

Full Access
Question # 53

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

A.

SaaS

B.

PaaS

C.

IaaS

D.

DaaS

Full Access
Question # 54

Which of the following algorithms has the SMALLEST key size?

A.

DES

B.

Twofish

C.

RSA

D.

AES

Full Access
Question # 55

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Full Access
Question # 56

An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain

high-quality video conferencing while minimizing latency when connected to the VPN?

A.

Using geographic diversity to have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher-bandwidth connections to meet the increased demand

D.

Configuring QoS properly on the VPN accelerators

Full Access
Question # 57

The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

A.

A script kiddie

B.

Shadow IT

C.

Hacktivism

D.

White-hat

Full Access
Question # 58

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF. MOM. HIPS, and CASB systems. Which of the following is the BEST way to improve the situation?

A.

Remove expensive systems that generate few alerts.

B.

Modify the systems to alert only on critical issues.

C.

Utilize a SIEM to centralize togs and dashboards.

D.

Implement a new syslog/NetFlow appliance.

Full Access
Question # 59

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the

engineer select to meet these requirements?

A.

Laptops

B.

Containers

C.

Thin clients

D.

Workstations

Full Access
Question # 60

Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

A.

Joe used Who is to produce this output.

B.

Joe used cURL to produce this output.

C.

Joe used Wireshark to produce this output

D.

The organization has adequate information available in public registration.

E.

The organization has too much information available in public registration.

F.

The organization has too little information available in public registration

Full Access
Question # 61

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Choose two.)

A.

DoS

B.

SSL stripping

C.

Memory leak

D.

Race condition

E.

Shimming

F.

Refactoring

Full Access