Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 7 Part 1

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 611

Exam Question

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

A. True
B. False

Correct Answer

B. False

Question 612

Exam Question

What is the purpose of code signing? (Select 2 answers)

A. Disables code reuse
B. Confirms the application’s source of origin
C. Enables application installation
D. Validates the application’s integrity
E. Protects the application against unauthorized use

Correct Answer

B. Confirms the application’s source of origin
D. Validates the application’s integrity

Question 613

Exam Question

The term “Secure cookie” refers to a type of HTTP cookie that has Secure attribute set. The Secure attribute prevents the transmission of a cookie over an unencrypted channel (i.e. the cookie is not sent over HTTP; HTTPS is used instead).

A. True
B. False

Correct Answer

A. True

Question 614

Exam Question

The term “Measured Boot” refers to a security mechanism first introduced by Microsoft in Windows 8. Measured Boot checks system startup components and stores the resulting boot configuration log in the Trusted Platform Module (TPM). The log is then sent for remote attestation to a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot allows for neutralization of hard-to-detect malware and rootkits which are run before the OS.

A. True
B. False

Correct Answer

A. True

Question 615

Exam Question

Which firewall would provide the best protection for an ingress/egress point of a corporate network? (Select 2 answers)

A. Hardware firewall
B. Network-based firewall
C. Software firewall
D. Host-based firewall

Correct Answer

A. Hardware firewall
B. Network-based firewall

Question 616

Exam Question

Which of the following answers illustrates the difference between passive and active network security breach response?

A. HIPS vs. NIPS
B. UTM vs. Firewall
C. NIPS vs. UTM
D. IDS vs. IPS

Correct Answer

D. IDS vs. IPS

Question 617

Exam Question

Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?

A. IDS
B. Packet filter
C. NGFW
D. Stateful firewall

Correct Answer

C. NGFW

Question 618

Exam Question

A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:

A. DEP
B. RADIUS
C. DLP
D. PGP

Correct Answer

C. DLP

Question 619

Exam Question

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:

A. DHCP scope
B. DHCP reservation
C. DHCP snooping
D. DHCP relay agent

Correct Answer

C. DHCP snooping

Question 620

Exam Question

Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network?

A. NTPsec
B. SNMPv3
C. SRTP
D. IPsec

Correct Answer

A. NTPsec