The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 141
- Exam Question
- Correct Answer
- Question 142
- Exam Question
- Correct Answer
- Question 143
- Exam Question
- Correct Answer
- Question 144
- Exam Question
- Correct Answer
- Question 145
- Exam Question
- Correct Answer
- Question 146
- Exam Question
- Correct Answer
- Question 147
- Exam Question
- Correct Answer
- Question 148
- Exam Question
- Correct Answer
- Question 149
- Exam Question
- Correct Answer
- Question 150
- Exam Question
- Correct Answer
Question 141
Exam Question
The term “Forensic artifact” is used to describe an unintentional trace of an attacker activity that can be identified on a host or network. Forensic artifacts include information that can be extracted from (among other sources) registry keys (applies to MS Windows), event logs, timestamps, web browser search history, or files left in the system trash folder.
A. True
B. False
Correct Answer
A. True
Question 142
Exam Question
Which of the following can be used as an extension of RAM? (Select 2 answers)
A. Pagefile
B. Extended partition
C. Swap partition
D. Primary storage
E. Archive file
Correct Answer
A. Pagefile
C. Swap partition
Question 143
Exam Question
Which memory type provides a CPU with the fastest access to frequently used data?
A. Secondary storage
B. Flash memory
C. DRAM
D. Cache memory
Correct Answer
D. Cache memory
Question 144
Exam Question
File timestamp is a metadata that contains information about a file and reflects when the file was created, last accessed, and last modified. In digital forensics, timestamps can be used for example to validate the integrity of an access log file (i.e. to check whether the file has been tampered with to mask unauthorized access attempt). Because different systems might be set to different time zones, in order to determine the chronological order of events during a security incident it is also important to take into account time offset which denotes the difference between the timestamp and a chosen reference time (a.k.a. time normalization).
A. True
B. False
Correct Answer
A. True
Question 145
Exam Question
The term “SOAR runbook” refers to an exact sequence of actions that might be used to enable an automated response to a security incident.
A. True
B. False
Correct Answer
A. True
Question 146
Exam Question
One of the best practices for malware removal involves the process of isolation of files and applications suspected of containing malware to prevent further execution and potential harm to the user’s system. This process is referred to as:
A. Quarantine
B. Content filtering
C. Protected mode
D. Blacklisting
Correct Answer
A. Quarantine
Question 147
Exam Question
Which of the following answers refers to a cross-platform IP traffic collection method that takes advantage of packet sampling to optimize bandwidth and hardware resources usage?
A. sFlow
B. NXLog
C. NetFlow
D. IPFIX
Correct Answer
A. sFlow
Question 148
Exam Question
The term “Metadata” refers to a type of data that provides information about other data, but not the content of the data. This type of data can be viewed, but by default it is not visible to the user. The basic metadata related to email communication comes from email headers and includes detailed information about the sender and recipient of the message as well as the path that a message went through. Examples of mobile device metadata include device model, geolocation, information about the camera used to take a photo, Internet, phone, text messaging, and application usage statistics, as well as metadata from different types of files stored on the device. In web browsing, metadata comes from HTML meta tags placed in the head section of a web page. In case of files, the basic metadata examples include information about the author (e.g. the person who created the file), file type, size, creation date and time, last modification date and time.
A. True
B. False
Correct Answer
A. True
Question 149
Exam Question
Which of the following answers refers to a Linux utility for querying and displaying logs that are stored in binary form?
A. logger
B. uncompress
C. read
D. journalctl
Correct Answer
D. journalctl
Question 150
Exam Question
Examples of utilities that enable logging of data from different types of systems in a central repository include: (Select all that apply)
A. syslog
B. rsyslog
C. journalctl
D. syslog-ng
E. NXLog
Correct Answer
A. syslog
B. rsyslog
D. syslog-ng
E. NXLog