The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 101
- Exam Question
- Correct Answer
- Question 102
- Exam Question
- Correct Answer
- Question 103
- Exam Question
- Correct Answer
- Question 104
- Exam Question
- Correct Answer
- Question 105
- Exam Question
- Correct Answer
- Question 106
- Exam Question
- Correct Answer
- Question 107
- Exam Question
- Correct Answer
- Question 108
- Exam Question
- Correct Answer
- Question 109
- Exam Question
- Correct Answer
- Question 110
- Exam Question
- Correct Answer
Question 101
Exam Question
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:
A. business continuity plan.
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan.
Correct Answer
C. disaster recovery plan.
Question 102
Exam Question
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming
Correct Answer
A. Watering-hole attack
Question 103
Exam Question
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)
A. Alarms
B. Signage
C. Lighting
D. Mantraps
E. Fencing
F. Sensors
Correct Answer
E. Fencing
F. Sensors
Question 104
Exam Question
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
Correct Answer
D. CVSS
Question 105
Exam Question
A security incident may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?
A. Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tamperevident bag.
B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
C. Remove the CEO’s hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches.
D. Refrain from completing a forensic analysis of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
Correct Answer
D. Refrain from completing a forensic analysis of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
Question 106
Exam Question
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?
A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts
Correct Answer
A. Updating the playbooks with better decision points
Question 107
Exam Question
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure?
A. A captive portal
B. PSK
C. 802.1X
D. WPS
Correct Answer
C. 802.1X
Question 108
Exam Question
The term “Anonymized data” refers to data that is made anonymous in such a way that the original subject or person described by the data can no longer be identified. This type of privacy-enhancing technology is used for example during mass population surveys to protect the identity of participants. Pseudo-anonymization (a.k.a. pseudonymization) replaces personal data with artificial identifiers (a.k.a. pseudonyms). The main difference between anonymization and pseudo-anonymization is that in case of the latter the original data can be restored to its original state with the use of additional reference information enabling the identification of the original subject or person the data pertains to.
A. True
B. False
Correct Answer
A. True
Question 109
Exam Question
Replacing password characters in a password field with a series of asterisks is an example of:
A. Data masking
B. Tokenization
C. Anonymization
D. Pseudo-anonymization
Correct Answer
A. Data masking
Question 110
Exam Question
The US Health Insurance Portability and Accountability Act (HIPAA) provides privacy protection for: (Select best answer)
A. PII
B. ESN
C. PHI
D. PIV
Correct Answer
C. PHI