CompTIA SY0-601 Free Practice Questions

NEW QUESTION 1
An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

• A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly
• B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.
• C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly.
• D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.

Answer: A

NEW QUESTION 2
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

• A. MAC cloning
• B. Evil twin
• C. Man-in-the-middle
• D. ARP poisoning

Answer: C

NEW QUESTION 3
The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

• A. A script kiddie
• B. Shadow IT
• C. Hacktivism
• D. White-hat

Answer: B

NEW QUESTION 4
A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?

• A. AH
• B. ESP
• C. SRTP
• D. LDAP

Answer: B

NEW QUESTION 5
A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?

• A. Configure the DLP policies to allow all PII
• B. Configure the firewall to allow all ports that are used by this application
• C. Configure the antivirus software to allow the application
• D. Configure the DLP policies to whitelist this application with the specific PII
• E. Configure the application to encrypt the PII

Answer: D

NEW QUESTION 6
During an incident response, a security analyst observes the following log entry on the web server.

Which of the following BEST describes the type of attack the analyst is experience?

• A. SQL injection
• B. Cross-site scripting
• C. Pass-the-hash
• D. Directory traversal

Answer: B

NEW QUESTION 7
A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

• A. Automated information sharing
• B. Open-source intelligence
• C. The dark web
• D. Vulnerability databases

Answer: C

NEW QUESTION 8
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

• A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis
• B. Restrict administrative privileges and patch ail systems and applications.
• C. Rebuild all workstations and install new antivirus software
• D. Implement application whitelisting and perform user application hardening

Answer: A

NEW QUESTION 9
A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?

• A. SPIM
• B. Vishing
• C. Spear phishing
• D. Smishing

Answer: D

NEW QUESTION 10
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

• A. A packet capture
• B. A user behavior analysis
• C. Threat hunting
• D. Credentialed vulnerability scanning

Answer: C

NEW QUESTION 11
Some laptops recently went missing from a locked storage area that is protected by keyless RFID-enabled locks. There is no obvious damage to the physical space. The security manager identifies who unlocked the door, however, human resources confirms the employee was on vacation at the time of the incident. Which of the following describes what MOST likely occurred?

• A. The employee's physical access card was cloned.
• B. The employee is colluding with human resources
• C. The employee's biometrics were harvested
• D. A criminal used lock picking tools to open the door.

Answer: A

NEW QUESTION 12
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 13
A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

• A. A malicious USB was introduced by an unsuspecting employee.
• B. The ICS firmware was outdated
• C. A local machine has a RAT installed.
• D. The HVAC was connected to the maintenance vendor.

Answer: A

NEW QUESTION 14
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

• A. Recovery
• B. Identification
• C. Lessons learned
• D. Preparation

Answer: C

NEW QUESTION 15
An organization has decided to host its web application and database in the cloud Which of the following BEST describes the security concerns for this decision?

• A. Access to the organization's servers could be exposed to other cloud-provider clients
• B. The cloud vendor is a new attack vector within the supply chain
• C. Outsourcing the code development adds risk to the cloud provider
• D. Vendor support will cease when the hosting platforms reach EOL.

Answer: B

NEW QUESTION 16
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

• A. Developing an incident response plan
• B. Building a disaster recovery plan
• C. Conducting a tabletop exercise
• D. Running a simulation exercise

Answer: C

NEW QUESTION 17
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

• A. 1
• B. 5
• C. 6

Answer: B

NEW QUESTION 18
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

• A. data controller.
• B. data owner
• C. data custodian.
• D. data processor

Answer: D

NEW QUESTION 19
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?

• A. Session replay
• B. Evil twin
• C. Bluejacking
• D. ARP poisoning

Answer: B

NEW QUESTION 20
An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

• A. The DLP appliance should be integrated into a NGFW.
• B. Split-tunnel connections can negatively impact the DLP appliance's performance
• C. Encrypted VPN traffic will not be inspected when entering or leaving the network
• D. Adding two hops in the VPN tunnel may slow down remote connections

Answer: C

NEW QUESTION 21
A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error?

• A. The examiner does not have administrative privileges to the system
• B. The system must be taken offline before a snapshot can be created
• C. Checksum mismatches are invalidating the disk image
• D. The swap file needs to be unlocked before it can be accessed

Answer: A

NEW QUESTION 22
Which of the following scenarios BEST describes a risk reduction technique?

• A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
• B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
• C. A security control objective cannot be met through a technical change, so the company changes as method of operation
• D. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.

Answer: B

NEW QUESTION 23
A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

• A. DAC
• B. ABAC
• C. SCAP
• D. SOAR

Answer: D

NEW QUESTION 24
......