The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Table of Contents
- Question 611
- Exam Question
- Correct Answer
- Question 612
- Exam Question
- Correct Answer
- Question 613
- Exam Question
- Correct Answer
- Question 614
- Exam Question
- Correct Answer
- Question 615
- Exam Question
- Correct Answer
- Question 616
- Exam Question
- Correct Answer
- Question 617
- Exam Question
- Correct Answer
- Question 618
- Exam Question
- Correct Answer
- Question 619
- Exam Question
- Correct Answer
- Question 620
- Exam Question
- Correct Answer
Question 611
Exam Question
A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.
A. True
B. False
Correct Answer
B. False
Question 612
Exam Question
What is the purpose of code signing? (Select 2 answers)
A. Disables code reuse
B. Confirms the application’s source of origin
C. Enables application installation
D. Validates the application’s integrity
E. Protects the application against unauthorized use
Correct Answer
B. Confirms the application’s source of origin
D. Validates the application’s integrity
Question 613
Exam Question
The term “Secure cookie” refers to a type of HTTP cookie that has Secure attribute set. The Secure attribute prevents the transmission of a cookie over an unencrypted channel (i.e. the cookie is not sent over HTTP; HTTPS is used instead).
A. True
B. False
Correct Answer
A. True
Question 614
Exam Question
The term “Measured Boot” refers to a security mechanism first introduced by Microsoft in Windows 8. Measured Boot checks system startup components and stores the resulting boot configuration log in the Trusted Platform Module (TPM). The log is then sent for remote attestation to a trusted server on the network to verify the integrity of the Windows startup process. Measured Boot allows for neutralization of hard-to-detect malware and rootkits which are run before the OS.
A. True
B. False
Correct Answer
A. True
Question 615
Exam Question
Which firewall would provide the best protection for an ingress/egress point of a corporate network? (Select 2 answers)
A. Hardware firewall
B. Network-based firewall
C. Software firewall
D. Host-based firewall
Correct Answer
A. Hardware firewall
B. Network-based firewall
Question 616
Exam Question
Which of the following answers illustrates the difference between passive and active network security breach response?
A. HIPS vs. NIPS
B. UTM vs. Firewall
C. NIPS vs. UTM
D. IDS vs. IPS
Correct Answer
D. IDS vs. IPS
Question 617
Exam Question
Which of the following answers refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?
A. IDS
B. Packet filter
C. NGFW
D. Stateful firewall
Correct Answer
C. NGFW
Question 618
Exam Question
A software or hardware-based security solution designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network (data exfiltration) is known as:
A. DEP
B. RADIUS
C. DLP
D. PGP
Correct Answer
C. DLP
Question 619
Exam Question
A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
A. DHCP scope
B. DHCP reservation
C. DHCP snooping
D. DHCP relay agent
Correct Answer
C. DHCP snooping
Question 620
Exam Question
Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network?
A. NTPsec
B. SNMPv3
C. SRTP
D. IPsec
Correct Answer
A. NTPsec