Improve CompTIA Security+ Exam SY0-601 Answers

NEW QUESTION 1
A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server?

• A. Randomize the shared credentials
• B. Use only guest accounts to connect.
• C. Use SSH keys and remove generic passwords
• D. Remove all user accounts.

Answer: C

NEW QUESTION 2
When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

• A. Tokenization
• B. Data masking
• C. Normalization
• D. Obfuscation

Answer: C

NEW QUESTION 3
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

• A. Predictability
• B. Key stretching
• C. Salting
• D. Hashing

Answer: C

NEW QUESTION 4
A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication?

• A. Hard token
• B. Retina scan
• C. SMS text
• D. Keypad PIN

Answer: B

NEW QUESTION 5
In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

• A. Identification
• B. Preparation
• C. Eradiction
• D. Recovery
• E. Containment

Answer: E

NEW QUESTION 6
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

• A. Order of volatility
• B. Data recovery
• C. Chain of custody
• D. Non-repudiation

Answer: C

NEW QUESTION 7
A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

• A. FDE
• B. NIDS
• C. EDR
• D. DLP

Answer: C

NEW QUESTION 8
An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

• A. The end user purchased and installed a PUP from a web browser
• B. A bot on the computer is brute forcing passwords against a website
• C. A hacker is attempting to exfiltrate sensitive data
• D. Ransomware is communicating with a command-and-control server.

Answer: A

NEW QUESTION 9
A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?

• A. CASB
• B. SWG
• C. Containerization
• D. Automated failover

Answer: C

NEW QUESTION 10
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:
• Mobile device OSs must be patched up to the latest release
• A screen lock must be enabled (passcode or biometric)
• Corporate data must be removed if the device is reported lost or stolen
Which of the following controls should the security engineer configure? (Select TWO)

• A. Containerization
• B. Storage segmentation
• C. Posturing
• D. Remote wipe
• E. Full-device encryption
• F. Geofencing

Answer: DE

NEW QUESTION 11
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should the administrator configure?

• A. A captive portal
• B. PSK
• C. 802.1X
• D. WPS

Answer: C

NEW QUESTION 12
A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?

• A. The S/MME plug-in is not enabled.
• B. The SLL certificate has expired.
• C. Secure IMAP was not implemented
• D. POP3S is not supported.

Answer: A

NEW QUESTION 13
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)

• A. Perform a site survey
• B. Deploy an FTK Imager
• C. Create a heat map
• D. Scan for rogue access points
• E. Upgrade the security protocols
• F. Install a captive portal

Answer: AC

NEW QUESTION 14
Which of the following control sets should a well-written BCP include? (Select THREE)

• A. Preventive
• B. Detective
• C. Deterrent
• D. Corrective
• E. Compensating
• F. Physical
• G. Recovery

Answer: ADG

NEW QUESTION 15
A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?

• A. Configure the DLP policies to allow all PII
• B. Configure the firewall to allow all ports that are used by this application
• C. Configure the antivirus software to allow the application
• D. Configure the DLP policies to whitelist this application with the specific PII
• E. Configure the application to encrypt the PII

Answer: D

NEW QUESTION 16
Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

• A. Footprinting
• B. White-box testing
• C. A drone/UAV
• D. Pivoting

Answer: A

NEW QUESTION 17
Which of the following describes the ability of code to target a hypervisor from inside

• A. Fog computing
• B. VM escape
• C. Software-defined networking
• D. Image forgery
• E. Container breakout

Answer: B

NEW QUESTION 18
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst’s findings, which of the following attacks is being executed?

• A. Credential harvesting
• B. Keylogger
• C. Brute-force
• D. Spraying

Answer: D

NEW QUESTION 19
The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

• A. Updating the playbooks with better decision points
• B. Dividing the network into trusted and untrusted zones
• C. Providing additional end-user training on acceptable use
• D. Implementing manual quarantining of infected hosts

Answer: A

NEW QUESTION 20
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

• A. MAC cloning
• B. Evil twin
• C. Man-in-the-middle
• D. ARP poisoning

Answer: C

NEW QUESTION 21
A network engineer needs to build a solution that will allow guests at the company’s headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following should the engineer employ to meet these requirements?

• A. Implement open PSK on the APs
• B. Deploy a WAF
• C. Configure WIPS on the APs
• D. Install a captive portal

Answer: D

NEW QUESTION 22
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

• A. Watering-hole attack
• B. Credential harvesting
• C. Hybrid warfare
• D. Pharming

Answer: A

NEW QUESTION 23
......