CompTIA October 2022 CompTIA Security+ Exam 2022 SY0-601 Dumps New Questions (2023)

Sample Question 4

A security analyst has been asked by the Chief Information Security Officer to• develop a secure method of providing centralized management of infrastructure• reduce the need to constantly replace aging end user machines• provide a consistent user desktop expenenceWhich of the following BEST meets these requirements?

A. BYOD
B. Mobile device management
C. VDI
D. Containers ation

Sample Question 5

Which of the following BEST reduces the security risks introduced when running systemsthat have expired vendor support and lack an immediate replacement?

A. Implement proper network access restrictions
B. Initiate a bug bounty program
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans

Sample Question 6

A company is considering transitioning to the cloud. The company employs individuals fromvarious locations around the world The company does not want to increase its on-premisesinfrastructure blueprint and only wants to pay for additional compute power required. Whichof the following solutions would BEST meet the needs of the company?

A. Private cloud
B. Hybrid environment
C. Managed security service provider
D. Hot backup site

Sample Question 7

The board of doctors at a company contracted with an insurance firm to limit theorganization’s liability. Which of the following risk management practices does the BESTdescribe?

A. Transference
B. Avoidance
C. Mitigation
D. Acknowledgement

Sample Question 8

An administrator needs to protect user passwords and has been advised to hash thepasswords. Which of the following BEST describes what the administrator is being advisedto do?

A. Perform a mathematical operation on the passwords that will convert them into umgue stnngs
B. Add extra data to the passwords so their length is increased, making them harder to brute force
C. Store all passwords in the system in a rainbow table that has a centralized location
D. Enforce the use of one-time passwords that are changed for every login session.

Sample Question 9

An employee received a word processing file that was delivered as an email attachmentThe subject line and email content enticed the employee to open the attachment. Which ofthe following attack vectors BEST matches this malware?

A. Embedded Python code
B. Macro-enabled file
C. Bash scripting
D. Credential-harvesting website

Sample Question 10

A company is implementing BYOD and wants to ensure all users have access to the samecloud-based services. Which of the following would BEST allow the company to meet thisrequirement?

A. laaS
B. PasS
C. MaaS
D. SaaS

Sample Question 11

A customer service representative reported an unusual text message that was sent to thehelp desk. The message contained an unrecognized invoice number with a large balancedue and a link to click for more details. Which of the following BEST descnbes thistechnique?

A. Vishing
B. Whaling
C. Phishing
D. Smishing

Sample Question 12

A software company adopted the following processes before releasing software toproduction;• Peer review• Static code scanning• SigningA considerable number of vulnerabilities are still being detected when code is executed onproduction Which of the following security tools can improve vulnerability detection on thisenvironment?

A. File integrity monitonng for the source code
B. Dynamic code analysis tool
C. Encrypted code repository
D. Endpoint detection and response solution

Sample Question 13

A security analyst has identified malware spreading through the corporate network and hasactivated the CSIRT Which of the following should the analyst do NEXT?

A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.

Sample Question 14

Two organizations plan to collaborate on the evaluation of new SIEM solutions for theirrespective companies.A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?

A. MOU
B. ISA
C. SLA
D. NDA

Sample Question 15

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device byexploiting a vulnerability in the device's firmware, a penetration tester then gains shellaccess on another networked asset This technique is an example of:

A. privilege escalation
B. footprinting
C. persistence
D. pivoting.

Sample Question 16

A company wants to restrict emailing of PHI documents. The company is implementing aDLP solution In order to reslnct PHI documents which of the following should be performedFIRST?

A. Retention
B. Governance
C. Classification
D. Change management

Sample Question 17

Two hospitals merged into a single organization. The privacy officer requested a review ofall records to ensure encryption was used during record storage, in compliance withregulations. During the review, the officer discovered thai medical diagnosis codes andpatient names were left unsecured. Which of the following types of data does thiscombination BEST represent?

A. Personal health information
B. Personally Identifiable Information
C. ToKenized data
D. Proprietary data

Sample Question 18

A security analyst has identified malv/are spreading through the corporate network and hasactivated the CSIRT Which of the following should the analyst do NEXT?

A. Review howthe malware was introduced to the network
B. Attempt to quarantine all infected hosts to limit further spread
C. Create help desk tickets to get infected systems reimaged
D. Update all endpomt antivirus solutions with the latest updates

Sample Question 19

Several universities are participating m a collaborative research project and need to sharecompute and storage resources Which of the following cloud deployment strategies wouldBEST meet this need?

A. Community
B. Private
C. Public
D. Hybrid

Sample Question 20

After a recent security breach, a security analyst reports that several administrativeusernames and passwords are being sent via cleartext across the network to accessnetwork devices over port 23. Which of the following should be implemented so allcredentials sent over the network are encrypted when remotely accessing and configuringnetwork devices?

A. SSH
B. SNMPv3
C. SFTP
D. Telnet
E. FTP

Sample Question 21

Which of the following is assured when a user signs an email using a private key?

A. Non-repudiation
B. Confidentiality
C. Availably
D. Authentication

Sample Question 22

During a trial, a judge determined evidence gathered from a hard drive was not admissible.Which of the following BEST explains this reasoning?

A. The forensic investigator forgot to run a checksum on the disk image after creation
B. The chain of custody form did not note time zone offsets between transportation regions
C. The computer was turned off. and a RAM image could not be taken at the same time
D. The hard drive was not properly kept in an antistatic bag when rt was moved

Sample Question 23

A network engineer created two subnets that will be used for production and developmentservers. Per security policy, production and development servers must each have adedicated network that cannot communicate with one another directly. Which of thefollowing should be deployed so that server administrators can access these devices?

A. VLANS
B. Internet proxy servers
C. NIDS
D. Jump servers

Sample Question 24

A security engineer is building a file transfer solution to send files to a business partner.The users would like to drop off the files in a specific directory and have the server send tothe business partner. The connection to the business partner is over the internet and needsto be secure. Which of the following can be used?

A. S/MIME
B. LDAPS
C. SSH
D. SRTP

Sample Question 25

Business partners are working on a secunty mechanism lo validate transactions securely.The requirement is for one company to be responsible for deploying a trusted solution thatwill register and issue artifacts used to sign encrypt, and decrypt transaction files. Which ofthe following is the BEST solution to adopt?

A. PKI
B. Blockchain
C. SAML
D. OAuth

Sample Question 26

A forensic analyst needs to prove that data has not been tampered with since it wascollected Which of the following methods will the analyst MOST likely use?

A. Look for tampenng on the evidence collection bag
B. Encrypt the collected data using asymmetric encryption
C. Ensure proper procedures for chain of custody are being followed
D. Calculate the checksum using a hashing algorithm

Sample Question 27

An amusement park is implementing a btomelnc system that validates customers'fingerpnnts to ensure they are not sharing tickets The park's owner values customersabove all and would prefer customers' convenience over security For this reason which ofthe following features should the security team prioritize FIRST?

A. Low FAR
B. Low efficacy
C. Low FRR
D. Low CER

Sample Question 28

A security analyst receives an alert from trie company's SIEM that anomalous activity iscoming from a local source IP address of 192.168.34.26. The Chief Information SecurityOfficer asks the analyst to block the originating source Several days later, anotheremployee opens an internal ticket stating that vulnerability scans are no longer beingperformed properly. The IP address the employee provides is 192 168.3426. Which of thefollowing describes this type of alert?

A. True positive
B. True negative
C. False positive
D. False negative

Sample Question 29

A social media company based in North Amenca is looking to expand into new globalmarkets and needs to maintain compliance with international standards With which of thefollowing is the company's data protection officer MOST likely concerned''

A. NIST Framework
B. ISO 27001
C. GDPR
D. PCI-DSS

Sample Question 30

A security analyst wants to fingerpnnt a web server Which of the following tools will thesecurity analyst MOST likely use to accomplish this task?

A. nmap -p1-65S35 192.168.0.10
B. dig 192.168.0.10
C. cur1 --htadhttp://192.168.0.10
D. ping 192.168.0.10

Sample Question 31

Which of the following would be indicative of a hidden audio file found inside of a piece ofsource code?

A. Steganography
B. Homomotphic encryption
C. Cipher surte
D. Blockchain

Sample Question 32

Which of the following documents provides expectations at a technical level for quality,availability, and responsibilities?

A. EOL
B. SLA
C. MOU
D. EOSL

Sample Question 33

A company is providing security awareness training regarding the importance of notforwarding social media messages from unverified sources. Which of the following riskswould this training help to prevent?

A. Hoaxes
B. SPIMs
C. Identity fraud
D. Credential harvesting

Sample Question 34

Which of the following typically uses a combination of human and artificial intelligence toanalyze event data and take action without intervention?

A. TTP
B. OSINT
C. SOAR
D. SIEM

Sample Question 35

An organization has activated an incident response plan due to a malware outbreak on itsnetwork The organization has brought in a forensics team that has identified an internetfacing Windows server as the likely point of initial compromise The malware family that wasdetected is known to be distributed by manually logging on to servers and running themalicious code Which of the following actions would be BEST to prevent reinfection fromthe initial infection vector?

A. Prevent connections over TFTP from the internal network
B. Create a firewall rule that blocks port 22 from the internet to the server
C. Disable file shanng over port 445 to the server
D. Block port 3389 inbound from untrusted networks

Sample Question 36

Which of the following describes the exploitation of an interactive process to gain access torestncted areas?

A. Persistence
B. Buffer overflow
C. Privilege escalation
D. Pharming

Sample Question 37

A security engineer is deploying a new wireless for a company. The company shares officespace with multiple tenants. Which of the following should the engineer configured on thewireless network to ensure that confidential data is not exposed to unauthorized users?

A. EAP
B. TLS
C. HTTPS
D. AES

Sample Question 38

A company needs to validate its updated incident response plan using a real-worldscenario that will test decision points and relevant incident response actions withoutinterrupting daily operations. Which of the following would BEST meet the company'srequirements?

A. Red-team exercise
B. Capture-the-flag exercise
C. Tabletop exercise
D. Phishing exercise

Sample Question 39

The Chief Information Security Officer directed a nsk reduction in shadow IT and created apolicy requiring all unsanctioned high-nsk SaaS applications to be blocked from useraccess Which of the following is the BEST security solution to reduce this risk?

A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint

Sample Question 40

The Chief Information Secunty Officer (CISO) requested a report on potential areas ofimprovement following a security incident. Which of the following incident responseprocesses is the CISO requesting?

A. Lessons learned
B. Preparation
C. Detection
D. Containment
E. Root cause analysis

Sample Question 41

An organization wants to participate in threat intelligence information sharing with peergroups. Which of the following would MOST likely meet the organizations requirement?

A. Perform OSINT investigations
B. Subscribe to threat intelligence feeds
C. Submit RFCs
D. Implement a TAXII server

Sample Question 42

Which of the following organizations sets frameworks and controls for optimal securityconfiguration on systems?

A. ISO
B. GDPR
C. PCI DSS
D. NIST

Sample Question 43

A technician enables full disk encryption on a laptop that will be taken on a business tnp.Which of the following does this process BEST protect?

A. Data in transit
B. Data in processing
C. Data at rest
D. Data tokenization

Sample Question 44

A routine audit of medical billing claims revealed that several claims were submitted withoutthe subscriber's knowledge. A review of the audit logs for the medical billing company'ssystem indicated a company employee downloaded customer records and adjusted thedirect deposit information to a personal bank account. Which of the following does thisaction describe?

A. Insider threat
B. Social engineering
C. Third-party risk
D. Data breach

Sample Question 45

A company is implementing a DLP solution on the file server. The file server has Pll.financial information, and health information stored on it Depending on what type of datathat is hosted on the file server, the company wants different DLP rules assigned to thedata Which of the following should the company do to help accomplish this goal?

A. Classify the data
B. Mask the data
C. Assign an application owner
D. Perform a risk analysis

Sample Question 46

A security policy states that common words should not be used as passwords. A securityauditor was able to perform a dictionary attack against corporate credentials Which of thefollowing controls was being violated?

A. Password complexity
B. Password history
C. Password reuse
D. Password length

Sample Question 47

After reluming from a conference, a user's laptop has been operating slower than normaland overheating and the fans have been running constantly Dunng the diagnosis process,an unknown piece of hardware is found connected to the laptop's motherboard Which ofthe following attack vectors was exploited to install the hardware?

A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access

Sample Question 48

A new company wants to avoid channel interference when building a WLAN. The companyneeds to know the radio frequency behavior, identify dead zones, and determine the bestplace for access points. Which of the following should be done FIRST?

A. Configure heat maps.
B. Utilize captive portals.
C. Conduct a site survey.
D. Install Wi-Fi analyzers.

Sample Question 49

A company suspects that some corporate accounts were compromised. The number ofsuspicious logins from locations not recognized by the users is increasing Employees whotravel need their accounts protected without the nsk of blocking legitimate login requeststhat may be made over new sign-in properties. Which of the following security controls canbe implemented?

A. Enforce MFA when an account request reaches a nsk threshold
B. Implement geofencing to only allow access from headquarters
C. Enforce time-based login requests that align with business hours
D. Shift the access control scheme to a discretionary access control

Sample Question 50

Which of the following is a policy that provides a greater depth of knowldge across anorganization?

A. Asset manahement policy
B. Separation of duties policy
C. Acceptable use policy
D. Job Rotation policy

Sample Question 51

Which of the following is the BEST example of a cost-effective physical control to enforce aUSB removable media restriction policy?

A. Putting security/antitamper tape over USB ports logging the port numbers and regularlyinspecting the ports
B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C. Placing systems into locked key-controlled containers with no access to the USB ports
D. Installing an endpoint agent to detect connectivity of USB and removable media

Sample Question 52

Multiple business accounts were compromised a few days after a public website had itscredentials database leaked on the internet No business emails were Identified in thebreach, but the security team thinks that the list of passwords exposed was later used tocompromise business accounls Which of Ihe following would mitigate the issue?

A. Complexity requirements
B. Password history
C. Acceptable use policy
D. Shared accounts

Sample Question 53

A Chief Information Security Officer wants to ensure the organization is validating andchecking the Integrity of zone transfers. Which of the following solutions should beimplemented?

A. DNSSEC
B. LOAPS
C. NGFW
D. DLP