SY0-601 Exam Dumps Questions V22.02: The Ultimate Study Guide for CompTIA Security+ Certification

1. During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC.

Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

2. A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond.

Which of the following is MOST likely the cause?

3. A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

4. A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following is the BEST technical implementation to prevent this from happening again?

5. Which of the following controls would provide the BEST protection against tailgating?

6. An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics.

Which of the following should the organization consult for the exact requirements for the cloud provider?

7. An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered.

Which of the following BEST represents the type of testing that is being used?

8. A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet.

The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

9. A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA.

Which of te following will the engineer MOST likely use to achieve this objective?

10. As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level.

Which of the following certificate properties will meet these requirements?

11. A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment.

Which of the following would BEST assist the company with this objective?

12. A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software.

Which of the following types of malware is MOST likely infecting the hosts?

13. A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user’s PCs.

Which of the following is the most likely cause of this issue?

14. A company has discovered unauthorized devices are using its WiFi network, and it wants

to harden the access point to improve security.

Which of the following configuration should an analysis enable To improve security? (Select TWO.)

15. Which of the following identifies the point in time when an organization will recover data in the event of an outage?

16. An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue.

Which of the following attacks was used?

17. A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business

partner connection to a vendor, who is not held to the same security contral standards.

Which of the following is the MOST likely source of the breach?

18. Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link.

Which of the attacks is being used to target the company?

19. A security engineer is hardening existing solutions to reduce application vulnerabilities.

Which of the following solutions should the engineer implement FIRST? (Select TWO)

20. A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been.

Which of the following statements BEST explains the issue?

21. An enterprise needs to keep cryptographic keys in a safe manner.

Which of the following network appliances can achieve this goal?

22. The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again.

Which of the following is MOST capable of accomplishing both tasks?

23. During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

Which of the following attacks occurred?

24. Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

25. A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups.

Which of the following recovery solutions would be the BEST option to meet these requirements?

26. A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings.

Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

27. An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize.

Which of the following BEST describes this type of email?

28. Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

29. Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

30. A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry.

Which of the following is the BEST solution to prevent this type of incident from occurring again?

31. An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

32. A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system.

Which of the following would be BEST suited for this task?

33. Which of the following involves the inclusion of code in the main codebase as soon as it is written?

34. While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches.

Which of the following is the security analyst MOST likely observing?

35. A company is required to continue using legacy software to support a critical service.

Which of the following BEST explains a risk of this practice?

36. After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset.

This technique is an example of:

37. Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions.

Which of the following solutions is the company Implementing?

38. Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

39. A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted.

Which of the following is the researcher MOST likely using?

40. A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating.

The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

41. A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN.

Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

42. The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building.

Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

43. Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

44. A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior.

After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

45. An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points.

Which of the following would accomplish these requirements?

46. A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks.

Which of the following should the engineer implement?

47. A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks.

Which of the following should the administrator consider?

48. Which of the following authentication methods is considered to be the LEAST secure?

49. An organization wants to enable built-in FDE on all laptops.

Which of the following should the organization ensure is Installed on all laptops?

50. The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator.

To which of the following groups should the analyst report this real-world event?

51. The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office.

Which of the following should the CISO choose?

52. After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session

Which of the following types of attacks has occurred?

53. Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

54. During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations.

Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

55. The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches.

Which of the following choices BEST meets the requirements?

56. The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.

Which of the following is the BEST security solution to reduce this risk?

57. After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection.

Which of the following BEST describes the purpose of this device?

58. A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address.

Which of the password attacks is MOST likely happening?

59. A company was compromised, and a security analyst discovered the attacker was able to get access to a service account.

The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

60. HOTSPOT

You received the output of a recent vulnerability assessment.

Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce.

Remediation options may be selected multiple times, and some devices may require more than one remediation.

If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.

61. A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting.

Which of the following does this example describe?

62. A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks.

Which of the following would be the BEST control for the company to require from prospective vendors?

63. Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

64. Which of the following incident response steps occurs before containment?

65. Which of the following conditions impacts data sovereignty?

66. Which of the following is a cryptographic concept that operates on a fixed length of bits?

67. A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds.

Which of the following cryptographic techniques would BEST meet the requirement?

68. Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

69. Which of the following biometric authentication methods is the MOST accurate?

70. Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

71. A security analyst needs an overview of vulnerabilities for a host on the network.

Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

72. A company uses a drone for precise perimeter and boundary monitoring.

Which of the following should be MOST concerning to the company?

73. An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks.

Which of the following should the organization implement?

74. A security incident has been resolved.

Which of the following BEST describes the importance of the final phase of the incident response plan?

75. As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again.

Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

76. A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database.

Which of the following was the MOST likely cause?

77. A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss.

Which of the following would be the BEST backup strategy?

78. A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds.

Which of the following types of attacks does this scenario describe?

79. Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

80. A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking.

Which of the following cloud service provider types should business engage?

81. A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware.

Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

82. A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks.

Which of the following can block an attack at Layer 7? (Select TWO).

83. A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls.

Which of (he following should the manager request to complete the assessment?

84. A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL.

Which of the following is needed to meet the objective?

85. A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases.

Which of the following attacks is the MOST probable cause?

86. Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

87. As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops.

The review yielded the following results.

• The exception process and policy have been correctly followed by the majority of users

• A small number of users did not create tickets for the requests but were granted access

• All access had been approved by supervisors.

• Valid requests for the access sporadically occurred across multiple departments.

• Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

88. A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115.

Which of the following is occurring?

89. Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations.

Which of the following documents did Ann receive?

90. Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time?

91. Which of the following must be in place before implementing a BCP?

92. A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.

Which of the following would BEST meet these requirements? (Select TWO).

93. The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity.

Which of the following Is the BEST solution for the pilot?

94. The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols.

Which of the following will this enable?

95. A security analyst must enforce policies to harden an MDM infrastructure.

The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

96. A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business.

Which of the following constraints BEST describes the reason the findings cannot be remediated?

97. A company would like to set up a secure way to transfer data between users via their mobile phones. The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other.

Which of the following connection methods would BEST fulfill this need?

98. A network engineer and a security engineer are discussing ways to monitor network operations.

Which of the following is the BEST method?

99. When planning to build a virtual environment, an administrator need to achieve the following,

• Establish polices in Limit who can create new VMs

• Allocate resources according to actual utilization‘

• Require justication for requests outside of the standard requirements.

• Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

100. An organization recently acquired an ISO 27001 certification.

Which of the following would MOST likely be considered a benefit of this certification?