Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 1 Part 2

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 91

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:

  • The legitimate website’s IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
  • The forged website’s IP address appears to be 10.2.12.99, based on NetFlow records.
  • All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP.
  • DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

A. A reverse proxy was used to redirect network traffic.
* B. An SSL strip MITM attack was performed.
C. An attacker temporarily poisoned a name server.
D. An ARP poisoning attack was successfully executed.

Question 92

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

A. Nmap
B. cURL
C. Netcat
* D. Wireshark

Question 93

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

A. Man-in-the-middle
B. Spear phishing
C. Evil twin
* D. DNS poisoning

Question 94

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?

A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
* E. A right-to-audit clause

Question 95

A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

A. Segmentation
* B. Firewall whitelisting
C. Containment
D. Isolation

Question 96

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

A. Data encryption
* B. Data masking
C. Data deduplication
D. Data minimization

Question 97

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

* A. Create different accounts for each region, each configured with push MFA notifications.
B. Create one global administrator account and enforce Kerberos authentication.
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

Question 98

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

* A. Verification
B. Validation
C. Normalization
D. Staging

Question 99

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

  • The devices will be used internationally by staff who travel extensively.
  • Occasional personal use is acceptable due to the travel requirements.
  • Users must be able to install and configure sanctioned programs and productivity suites.
  • The devices must be encrypted.
  • The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

A. Configuring an always-on VPN
B. Implementing application whitelisting
C. Requiring web traffic to pass through the on-premises content filter
* D. Setting the antivirus DAT update schedule to weekly

Question 100

An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?

A. Access to the organization’s servers could be exposed to other cloud-provider clients.
* B. The cloud vendor is a new attack vector within the supply chain.
C. Outsourcing the code development adds risk to the cloud provider.
D. Vendor support will cease when the hosting platforms reach EOL.