The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 411
- Exam Question
- Correct Answer
- Question 412
- Exam Question
- Correct Answer
- Question 413
- Exam Question
- Correct Answer
- Question 414
- Exam Question
- Correct Answer
- Question 415
- Exam Question
- Correct Answer
- Question 416
- Exam Question
- Correct Answer
- Question 417
- Exam Question
- Correct Answer
- Question 418
- Exam Question
- Correct Answer
- Question 419
- Exam Question
- Correct Answer
- Question 420
- Exam Question
- Correct Answer
Question 411
Exam Question
A dot-dot-slash attack is also referred to as:
A. Disassociation attack
B. On-path attack
C. Directory traversal attack
D. Downgrade attack
Correct Answer
C. Directory traversal attack
Question 412
Exam Question
Which of the following fragments of input might indicate an XML injection attack attempt?
A. … <script> malicious script code </script>
B. search.aspx?name=userName)(zone=*)
C. … p@$$w0rd</password></user><user><name>attacker</name> ….
D. administrator)(&))
E. … AND password = ” OR ‘1’ = ‘1’;
Correct Answer
C. … p@$$w0rd</password></user><user><name>attacker</name> ….
Question 413
Exam Question
Which of the following describes an application attack that relies on executing a library of code?
A. Memory leak
B. DLL injection
C. Pointer dereference
D. Buffer overflow
Correct Answer
B. DLL injection
Question 414
Exam Question
Which of the following indicates an SQL injection attack attempt?
A. DELETE FROM itemDB WHERE itemID = ‘1’;
B. SELECT * FROM users WHERE userName = ‘Alice’ AND password = ” OR ‘1’ = ‘1’;
C. DROP TABLE itemDB;
D. SELECT * FROM users WHERE email = ‘[email protected]’ AND password = ”;
Correct Answer
B. SELECT * FROM users WHERE userName = ‘Alice’ AND password = ” OR ‘1’ = ‘1’;
Question 415
Exam Question
Which of the following facilitate(s) privilege escalation attacks? (Select all that apply)
A. System/application vulnerability
B. Principle of least authority
C. Social engineering techniques
D. Mandatory Access Control (MAC)
E. System/application misconfiguration
Correct Answer
A. System/application vulnerability
C. Social engineering techniques
E. System/application misconfiguration
Question 416
Exam Question
A situation where a cryptographic hash function produces two different digests for the same data input is referred to as a hash collision.
A. True
B. False
Correct Answer
B. False
Question 417
Exam Question
An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:
A. API
B. ML
C. RAD
D. VR
Correct Answer
B. ML
Question 418
Exam Question
Which of the following terms is used to describe the theft of personal data from a payment card?
A. Pivoting
B. Skimming
C. Phishing
D. Bluejacking
Correct Answer
B. Skimming
Question 419
Exam Question
In cryptography, the term “Plaintext” is used to describe data in an unencrypted form.
A. True
B. False
Correct Answer
A. True
Question 420
Exam Question
Rainbow tables are lookup tables used to speed up the process of password guessing.
A. True
B. False
Correct Answer
A. True