Sample Question 4
A security analyst has been asked by the Chief Information Security Officer to• develop a secure method of providing centralized management of infrastructure• reduce the need to constantly replace aging end user machines• provide a consistent user desktop expenenceWhich of the following BEST meets these requirements?
B. Mobile device management
D. Containers ation
Sample Question 5
Which of the following BEST reduces the security risks introduced when running systemsthat have expired vendor support and lack an immediate replacement?
A. Implement proper network access restrictions
B. Initiate a bug bounty program
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans
Sample Question 6
A company is considering transitioning to the cloud. The company employs individuals fromvarious locations around the world The company does not want to increase its on-premisesinfrastructure blueprint and only wants to pay for additional compute power required. Whichof the following solutions would BEST meet the needs of the company?
A. Private cloud
B. Hybrid environment
C. Managed security service provider
D. Hot backup site
Sample Question 7
The board of doctors at a company contracted with an insurance firm to limit theorganization’s liability. Which of the following risk management practices does the BESTdescribe?
Sample Question 8
An administrator needs to protect user passwords and has been advised to hash thepasswords. Which of the following BEST describes what the administrator is being advisedto do?
A. Perform a mathematical operation on the passwords that will convert them into umgue stnngs
B. Add extra data to the passwords so their length is increased, making them harder to brute force
C. Store all passwords in the system in a rainbow table that has a centralized location
D. Enforce the use of one-time passwords that are changed for every login session.
Sample Question 9
An employee received a word processing file that was delivered as an email attachmentThe subject line and email content enticed the employee to open the attachment. Which ofthe following attack vectors BEST matches this malware?
A. Embedded Python code
B. Macro-enabled file
C. Bash scripting
D. Credential-harvesting website
Sample Question 10
A company is implementing BYOD and wants to ensure all users have access to the samecloud-based services. Which of the following would BEST allow the company to meet thisrequirement?
Sample Question 11
A customer service representative reported an unusual text message that was sent to thehelp desk. The message contained an unrecognized invoice number with a large balancedue and a link to click for more details. Which of the following BEST descnbes thistechnique?
Sample Question 12
A software company adopted the following processes before releasing software toproduction;• Peer review• Static code scanning• SigningA considerable number of vulnerabilities are still being detected when code is executed onproduction Which of the following security tools can improve vulnerability detection on thisenvironment?
A. File integrity monitonng for the source code
B. Dynamic code analysis tool
C. Encrypted code repository
D. Endpoint detection and response solution
Sample Question 13
A security analyst has identified malware spreading through the corporate network and hasactivated the CSIRT Which of the following should the analyst do NEXT?
A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.
Sample Question 14
Two organizations plan to collaborate on the evaluation of new SIEM solutions for theirrespective companies.A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?
Sample Question 15
After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device byexploiting a vulnerability in the device's firmware, a penetration tester then gains shellaccess on another networked asset This technique is an example of:
A. privilege escalation
Sample Question 16
A company wants to restrict emailing of PHI documents. The company is implementing aDLP solution In order to reslnct PHI documents which of the following should be performedFIRST?
D. Change management
Sample Question 17
Two hospitals merged into a single organization. The privacy officer requested a review ofall records to ensure encryption was used during record storage, in compliance withregulations. During the review, the officer discovered thai medical diagnosis codes andpatient names were left unsecured. Which of the following types of data does thiscombination BEST represent?
A. Personal health information
B. Personally Identifiable Information
C. ToKenized data
D. Proprietary data
Sample Question 18
A security analyst has identified malv/are spreading through the corporate network and hasactivated the CSIRT Which of the following should the analyst do NEXT?
A. Review howthe malware was introduced to the network
B. Attempt to quarantine all infected hosts to limit further spread
C. Create help desk tickets to get infected systems reimaged
D. Update all endpomt antivirus solutions with the latest updates
Sample Question 19
Several universities are participating m a collaborative research project and need to sharecompute and storage resources Which of the following cloud deployment strategies wouldBEST meet this need?
Sample Question 20
After a recent security breach, a security analyst reports that several administrativeusernames and passwords are being sent via cleartext across the network to accessnetwork devices over port 23. Which of the following should be implemented so allcredentials sent over the network are encrypted when remotely accessing and configuringnetwork devices?
Sample Question 21
Which of the following is assured when a user signs an email using a private key?
Sample Question 22
During a trial, a judge determined evidence gathered from a hard drive was not admissible.Which of the following BEST explains this reasoning?
A. The forensic investigator forgot to run a checksum on the disk image after creation
B. The chain of custody form did not note time zone offsets between transportation regions
C. The computer was turned off. and a RAM image could not be taken at the same time
D. The hard drive was not properly kept in an antistatic bag when rt was moved
Sample Question 23
A network engineer created two subnets that will be used for production and developmentservers. Per security policy, production and development servers must each have adedicated network that cannot communicate with one another directly. Which of thefollowing should be deployed so that server administrators can access these devices?
B. Internet proxy servers
D. Jump servers
Sample Question 24
A security engineer is building a file transfer solution to send files to a business partner.The users would like to drop off the files in a specific directory and have the server send tothe business partner. The connection to the business partner is over the internet and needsto be secure. Which of the following can be used?
Sample Question 25
Business partners are working on a secunty mechanism lo validate transactions securely.The requirement is for one company to be responsible for deploying a trusted solution thatwill register and issue artifacts used to sign encrypt, and decrypt transaction files. Which ofthe following is the BEST solution to adopt?
Sample Question 26
A forensic analyst needs to prove that data has not been tampered with since it wascollected Which of the following methods will the analyst MOST likely use?
A. Look for tampenng on the evidence collection bag
B. Encrypt the collected data using asymmetric encryption
C. Ensure proper procedures for chain of custody are being followed
D. Calculate the checksum using a hashing algorithm
Sample Question 27
An amusement park is implementing a btomelnc system that validates customers'fingerpnnts to ensure they are not sharing tickets The park's owner values customersabove all and would prefer customers' convenience over security For this reason which ofthe following features should the security team prioritize FIRST?
A. Low FAR
B. Low efficacy
C. Low FRR
D. Low CER
Sample Question 28
A security analyst receives an alert from trie company's SIEM that anomalous activity iscoming from a local source IP address of 192.168.34.26. The Chief Information SecurityOfficer asks the analyst to block the originating source Several days later, anotheremployee opens an internal ticket stating that vulnerability scans are no longer beingperformed properly. The IP address the employee provides is 192 168.3426. Which of thefollowing describes this type of alert?
A. True positive
B. True negative
C. False positive
D. False negative
Sample Question 29
A social media company based in North Amenca is looking to expand into new globalmarkets and needs to maintain compliance with international standards With which of thefollowing is the company's data protection officer MOST likely concerned''
A. NIST Framework
B. ISO 27001
Sample Question 30
A security analyst wants to fingerpnnt a web server Which of the following tools will thesecurity analyst MOST likely use to accomplish this task?
A. nmap -p1-65S35 192.168.0.10
B. dig 192.168.0.10
C. cur1 --htadhttp://192.168.0.10
D. ping 192.168.0.10
Sample Question 31
Which of the following would be indicative of a hidden audio file found inside of a piece ofsource code?
B. Homomotphic encryption
C. Cipher surte
Sample Question 32
Which of the following documents provides expectations at a technical level for quality,availability, and responsibilities?
Sample Question 33
A company is providing security awareness training regarding the importance of notforwarding social media messages from unverified sources. Which of the following riskswould this training help to prevent?
C. Identity fraud
D. Credential harvesting
Sample Question 34
Which of the following typically uses a combination of human and artificial intelligence toanalyze event data and take action without intervention?
Sample Question 35
An organization has activated an incident response plan due to a malware outbreak on itsnetwork The organization has brought in a forensics team that has identified an internetfacing Windows server as the likely point of initial compromise The malware family that wasdetected is known to be distributed by manually logging on to servers and running themalicious code Which of the following actions would be BEST to prevent reinfection fromthe initial infection vector?
A. Prevent connections over TFTP from the internal network
B. Create a firewall rule that blocks port 22 from the internet to the server
C. Disable file shanng over port 445 to the server
D. Block port 3389 inbound from untrusted networks
Sample Question 36
Which of the following describes the exploitation of an interactive process to gain access torestncted areas?
B. Buffer overflow
C. Privilege escalation
Sample Question 37
A security engineer is deploying a new wireless for a company. The company shares officespace with multiple tenants. Which of the following should the engineer configured on thewireless network to ensure that confidential data is not exposed to unauthorized users?
Sample Question 38
A company needs to validate its updated incident response plan using a real-worldscenario that will test decision points and relevant incident response actions withoutinterrupting daily operations. Which of the following would BEST meet the company'srequirements?
A. Red-team exercise
B. Capture-the-flag exercise
C. Tabletop exercise
D. Phishing exercise
Sample Question 39
The Chief Information Security Officer directed a nsk reduction in shadow IT and created apolicy requiring all unsanctioned high-nsk SaaS applications to be blocked from useraccess Which of the following is the BEST security solution to reduce this risk?
B. VPN concentrator
D. VPC endpoint
Sample Question 40
The Chief Information Secunty Officer (CISO) requested a report on potential areas ofimprovement following a security incident. Which of the following incident responseprocesses is the CISO requesting?
A. Lessons learned
E. Root cause analysis
Sample Question 41
An organization wants to participate in threat intelligence information sharing with peergroups. Which of the following would MOST likely meet the organizations requirement?
A. Perform OSINT investigations
B. Subscribe to threat intelligence feeds
C. Submit RFCs
D. Implement a TAXII server
Sample Question 42
Which of the following organizations sets frameworks and controls for optimal securityconfiguration on systems?
C. PCI DSS
Sample Question 43
A technician enables full disk encryption on a laptop that will be taken on a business tnp.Which of the following does this process BEST protect?
A. Data in transit
B. Data in processing
C. Data at rest
D. Data tokenization
Sample Question 44
A routine audit of medical billing claims revealed that several claims were submitted withoutthe subscriber's knowledge. A review of the audit logs for the medical billing company'ssystem indicated a company employee downloaded customer records and adjusted thedirect deposit information to a personal bank account. Which of the following does thisaction describe?
A. Insider threat
B. Social engineering
C. Third-party risk
D. Data breach
Sample Question 45
A company is implementing a DLP solution on the file server. The file server has Pll.financial information, and health information stored on it Depending on what type of datathat is hosted on the file server, the company wants different DLP rules assigned to thedata Which of the following should the company do to help accomplish this goal?
A. Classify the data
B. Mask the data
C. Assign an application owner
D. Perform a risk analysis
Sample Question 46
A security policy states that common words should not be used as passwords. A securityauditor was able to perform a dictionary attack against corporate credentials Which of thefollowing controls was being violated?
A. Password complexity
B. Password history
C. Password reuse
D. Password length
Sample Question 47
After reluming from a conference, a user's laptop has been operating slower than normaland overheating and the fans have been running constantly Dunng the diagnosis process,an unknown piece of hardware is found connected to the laptop's motherboard Which ofthe following attack vectors was exploited to install the hardware?
A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access
Sample Question 48
A new company wants to avoid channel interference when building a WLAN. The companyneeds to know the radio frequency behavior, identify dead zones, and determine the bestplace for access points. Which of the following should be done FIRST?
A. Configure heat maps.
B. Utilize captive portals.
C. Conduct a site survey.
D. Install Wi-Fi analyzers.
Sample Question 49
A company suspects that some corporate accounts were compromised. The number ofsuspicious logins from locations not recognized by the users is increasing Employees whotravel need their accounts protected without the nsk of blocking legitimate login requeststhat may be made over new sign-in properties. Which of the following security controls canbe implemented?
A. Enforce MFA when an account request reaches a nsk threshold
B. Implement geofencing to only allow access from headquarters
C. Enforce time-based login requests that align with business hours
D. Shift the access control scheme to a discretionary access control
Sample Question 50
Which of the following is a policy that provides a greater depth of knowldge across anorganization?
A. Asset manahement policy
B. Separation of duties policy
C. Acceptable use policy
D. Job Rotation policy
Sample Question 51
Which of the following is the BEST example of a cost-effective physical control to enforce aUSB removable media restriction policy?
A. Putting security/antitamper tape over USB ports logging the port numbers and regularlyinspecting the ports
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C. Placing systems into locked key-controlled containers with no access to the USB ports
D. Installing an endpoint agent to detect connectivity of USB and removable media
Sample Question 52
Multiple business accounts were compromised a few days after a public website had itscredentials database leaked on the internet No business emails were Identified in thebreach, but the security team thinks that the list of passwords exposed was later used tocompromise business accounls Which of Ihe following would mitigate the issue?
A. Complexity requirements
B. Password history
C. Acceptable use policy
D. Shared accounts
Sample Question 53
A Chief Information Security Officer wants to ensure the organization is validating andchecking the Integrity of zone transfers. Which of the following solutions should beimplemented?
Is SY0-601 harder? ›
SY0-601 was released November 12th 2020 and will replace the SY0-501 exam on July 31st, 2021. This exam introduces new concepts and represents a 25% increase in testable material from the SY0-501 exam. Basically, this exam will be much tougher than the SY0-501 exam.How many questions are on the SEC+ 601 exam? ›
- Get to Know the Security+ Exam Objectives. ...
- Create An Effective Study Plan. ...
- Take CompTIA SY0-601 Practice Test. ...
- Become Familiar with CompTIA SY0-601 Exam Structure. ...
- Obtain Appropriate Study Resources.
The score that you're looking to earn is between a scale of 100 to 900. You have to earn a 750 to pass your Security Plus certification.How do I study for SYO 601? ›
- Get a good study guide.
- Set a goal 45 days out from the day you receive your study guide.
- Start studying the book.
- Supplement your studies with online materials such as blog posts.
- Buy a voucher (assuming your employer doesn't buy it for you).
The Security+ exam is used to assess candidates' knowledge of basic security concepts and best practices. This is considered an entry-level exam but is not an easy test to pass.How many times can you retake Security+? ›
CompTIA Security + does not require any waiting period between the first and second retake. Students must wait 14 days for a third or subsequent retake exam. There is no annual limit on the number of attempts on the same exam.How long does IT take to study for security 601? ›
How long does it take to study for the CompTIA Security+ 601 exam? Your preparation depends upon your experience and the knowledge about exam domains you already have. Approximately, 4-5 weeks are enough to study and prepare for the exam.Is SY0 601 multiple-choice? ›
The latest version of CompTIA Security+ (SY0-601) includes both performance-based and multiple-choice exam questions across five domains: Attacks, Threats and Vulnerabilities (24%) Architecture and Design (21%)How many questions do I need to get right Security+? ›
CompTIA Security+ has 90 questions that consist of both MCQs and performance-based questions that you need to solve within 90 minutes. You must score 750 out of a total of 900 to pass this exam. Check out the CompTIA Security+ Course to clear this certification exam.
What is the difference between SYO 501 and SYO 601? ›
CompTIA Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective – the number of examples increased by about 25%. This was intentional to help you better understand the meaning of each exam objective.How do I study for the Security+ exam? ›
- CompTIA Security+ SY0-501 vs. ...
- Get a good study guide.
- Make a study plan.
- Study in bite-sized chunks.
- Become familiar with the exam domains.
- Prepare for the performance-based questions.
- Take at least three practice exams.
- Sample CompTIA Security+ Questions.
If you are already familiar with the topics on the exam, 30 to 45 days is an acceptable Security+ study time. If someone has no prior IT knowledge, 60 days would be a better option.How many questions is the Security+? ›
The CompTIA Security+ exam has no more than 90 questions. After completing the exam, you will be asked to fill out some optional exit survey information about your study practices and why you decided to get certified. This will consist of about 12 multiple-choice questions.What's the difference between SEC+ 501 and 601? ›
Number of Domains: The Security+ SY0-501 covered six domains, while the SY0-601 has just five. Different Priorities: The SY0-601 exam has newer priorities when it comes to domains. The 'Attacks, Threats and Vulnerabilities' domain holds 24% weightage, compared to 21% in the SY0-501.What is the difference between SYO 501 and SYO 601? ›
CompTIA Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective – the number of examples increased by about 25%. This was intentional to help you better understand the meaning of each exam objective.