The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 401
- Exam Question
- Correct Answer
- Question 402
- Exam Question
- Correct Answer
- Question 403
- Exam Question
- Correct Answer
- Question 404
- Exam Question
- Correct Answer
- Question 405
- Exam Question
- Correct Answer
- Question 406
- Exam Question
- Correct Answer
- Question 407
- Exam Question
- Correct Answer
- Question 408
- Exam Question
- Correct Answer
- Question 409
- Exam Question
- Correct Answer
- Question 410
- Exam Question
- Correct Answer
Question 401
Exam Question
The practice of modifying an application’s code without changing its external behavior is referred to as:
A. API call
B. Refactoring
C. Sideloading
D. Shimming
Correct Answer
B. Refactoring
Question 402
Exam Question
SSL stripping is an example of: (Select 2 answers)
A. Brute-force attack
B. Downgrade attack
C. Watering hole attack
D. On-path attack
E. Denial-of-Service (DoS) attack
Correct Answer
B. Downgrade attack
D. On-path attack
Question 403
Exam Question
What is the purpose of a DoS attack?
A. Code injection
B. Resource exhaustion
C. Malware infection
D. Privilege escalation
Correct Answer
B. Resource exhaustion
Question 404
Exam Question
Which of the following answers can be used to describe characteristics of a cross-site request forgery attack? (Select 3 answers)
A. Exploits the trust a website has in the user’s web browser
B. A user is tricked by an attacker into submitting unauthorized web requests
C. Website executes attacker’s requests
D. Exploits the trust a user’s web browser has in a website
E. A malicious script is injected into a trusted website
F. User’s browser executes attacker’s script
Correct Answer
A. Exploits the trust a website has in the user’s web browser
B. A user is tricked by an attacker into submitting unauthorized web requests
C. Website executes attacker’s requests
Question 405
Exam Question
Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it?
A. Buffer overflow
B. Pointer dereference
C. Memory leak
D. Integer overflow
Correct Answer
D. Integer overflow
Question 406
Exam Question
Which of the following are the characteristic features of a session ID? (Select 3 answers)
A. Stored on a server
B. A unique identifier assigned by the website to a specific user
C. Contains user’s authentication credentials, e.g. username and password
D. A piece of data that can be stored in a cookie, or embedded as an URL parameter
E. Stored in a visitor’s browser
F. A unique identifier assigned to a server
Correct Answer
B. A unique identifier assigned by the website to a specific user
D. A piece of data that can be stored in a cookie, or embedded as an URL parameter
E. Stored in a visitor’s browser
Question 407
Exam Question
Which of the following answers refers to a countermeasure against code injection?
A. Fuzzing
B. Input validation
C. Code signing
D. Normalization
Correct Answer
B. Input validation
Question 408
Exam Question
Which of the programming aspects listed below are critical in secure application development process? (Select 2 answers)
A. Patch management
B. Input validation
C. Password protection
D. Error and exception handling
E. Application whitelisting
Correct Answer
B. Input validation
D. Error and exception handling
Question 409
Exam Question
A malfunction in a preprogrammed sequential access to a shared resource is described as:
A. Race condition
B. Buffer overflow
C. Memory leak
D. Pointer dereference
Correct Answer
A. Race condition
Question 410
Exam Question
A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is called:
A. IV attack
B. SQL injection
C. Buffer overflow
D. Fuzz test
Correct Answer
C. Buffer overflow