Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 8 Part 2

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 751

Exam Question

Which of the following URLs is a potential indicator of a directory traversal attack?

A. http://www.example.com/var/../etc/passwd
B. http://www.example.com/var/www/../../etc/passwd
C. http://www.example.com/var/www/files/../../../etc/passwd
D. http://www.example.com/var/www/files/images/../../../../etc/passwd
E. Any of the above

Correct Answer

E. Any of the above

Question 752

Exam Question

Which of the following terms describes an attempt to read a variable value from an invalid memory address?

A. Buffer overflow
B. Null-pointer dereference
C. Integer overflow
D. Memory leak

Correct Answer

B. Null-pointer dereference

Question 753

Exam Question

Which of the following fragments of input might indicate an LDAP injection attack attempt? (Select 2 answers)

A. … AND password = ” OR ‘1’ = ‘1’;
B. administrator)(&))
C. … <script> malicious script code </script>
D. search.aspx?name=userName)(zone=*)
E. … p@$$w0rd</password></user><user><name>attacker</name> ….

Correct Answer

B. administrator)(&))
D. search.aspx?name=userName)(zone=*)

Question 754

Exam Question

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:

A. DLL
B. ISO
C. EXE
D. INI

Correct Answer

A. DLL

Question 755

Exam Question

Which of the following answers can be used to describe characteristics of a cross-site scripting attack? (Select 3 answers)

A. Exploits the trust a user’s web browser has in a website
B. A malicious script is injected into a trusted website
C. User’s browser executes attacker’s script
D. Exploits the trust a website has in the user’s web browser
E. A user is tricked by an attacker into submitting unauthorized web requests
F. Website executes attacker’s requests

Correct Answer

A. Exploits the trust a user’s web browser has in a website
B. A malicious script is injected into a trusted website
C. User’s browser executes attacker’s script

Question 756

Exam Question

A type of cryptographic attack that forces a network protocol to revert to its older, less secure version is known as:

A. Downgrade attack
B. Replay attack
C. On-path attack
D. Brute-force attack

Correct Answer

A. Downgrade attack

Question 757

Exam Question

Which cryptographic attack relies on the concepts of probability theory?

A. KPA
B. Brute-force
C. Dictionary
D. Birthday

Correct Answer

D. Birthday

Question 758

Exam Question

The practice of making an unauthorized copy of a payment card is referred to as:

A. Rooting
B. Cloning
C. Replication
D. Copying

Correct Answer

B. Cloning

Question 759

Exam Question

Due to added functionality in its plug, malicious USB cable can be used for:

A. GPS tracking
B. Capturing keystrokes
C. Sending and receiving commands
D. Delivering and executing malware
E. Any of the above

Correct Answer

E. Any of the above

Question 760

Exam Question

Which of the following refers to the contents of a rainbow table entry?

A. Hash/Password
B. IP address/Domain name
C. Username/Password
D. Account name/Hash

Correct Answer

A. Hash/Password