Security plus SY0-601 Practice Test

Share This Post

Security+ SY0-601 Practice Test

Below are 25 Security plus SY0-601 practice test questions. In all of them, you will have the question text first, the distracters, and correct answer(s) second, then an explanation, and finally which CompTIA main domain and exam sub-objective the question pertains to. Any Security+ preparation should start with an in-depth review of the exam objectives. If you do not have them then click here to download the Security+ SY0-601 Exam Objectives PDF. We keep a fair amount of free certification learning resources for CompTIA, Microsoft, the Project Management Institute (PMI), and LPI, to access those click here.

This Security plus SY0-601 Exam Simulator and practice test offer you questions addressing all the CompTIA Main Domains and exam sub-objectives.

Button to click for a walkthrough of a performance based question

Security plus SY0-601 Practice Test  – Question 1 

You are using SSL/TLS to secure your communications. Which of these statements best describes where and how these communications are inspected?

The server inspects the communication upon receipt.

The client inspects the communication during transmission.

The communication is intercepted between the client and server and inspected.

The client performs inspection before transmission.

Correct answer: The communication is intercepted between the client and server and inspected.

Explanation: SSL/TLS interception uses software on “middleware” devices, typically between the client and website to decrypt, scan, and analyze transmissions. The middleware relies on a trusted root certificate installed on the client. Some malware and adware can bypass browser warning screens by installing their own certificates that are trusted by the client but not issued by the server. This is not ideal to put it mildly. HTTPS is designed to prevent this passive attack type.

Main Domain 2.0  Architecture and Design
Exam Sub-Objective 2.1 Explain the importance of security concepts in an enterprise environment.

Question 2

You are designing a mantrap for your company’s entrance. The first door can be opened with a valid security badge. On the second door you want to use biometric authentication. Which choice is commonly accepted and accurate?

Facial recognition

Fingerprint

Voice print

Iris scan

Correct answer: Fingerprint

Explanation: Biometric authentication systems are being implemented by an ever-growing number of organizations. From a security perspective, the fingerprint is most widely deployed because it is accurate and difficult to defeat. Comparing that to the other choices, you will find that facial recognition can be defeated with a good digital image of the user and high-quality audio reproduction can get you past voice print. Iris scans are not prevalent as they are expensive to implement and interestingly, your iris and voice can change over time. Your fingerprint is unique and remains consistent for life which cannot be said of the other methods.

Main Domain 2.0 Architecture and Design
Exam Objective 2.7 Explain the importance of physical security controls.

Question 3

You need to implement a secondary NAS solution for your network. Your implementation needs to be able to rapidly deployable in emergencies like the failure of the primary NAS or its components. It must also prevent data loss. Which of the choices best suits these requirements?

Incremental cloud backup

A full copy of the primary NAS stored on a second NAS unit.

Differential cloud backup

Dedicated Private cloud full backup

Correct answer: A full copy of the primary NAS stored on a second NAS unit locally.

Explanation: In the event of a failure of a NAS disk or the device itself your ability to restore its contents and availability is crucial. The best choice here is a complete secondary NAS copy stored locally. This solution eliminates any time-sensitive configuration and allows you to simply switch over to it while you make any repairs necessary to the primary NAS. You will not lose time or data. Incremental and differential backups will be less effective than a full backup. Restoration takes time and restoring them from the cloud takes more time.

2.0 Architecture and Design
Exam Sub-Objective 2.5  Given a scenario, implement cybersecurity resilience.

Question 4

In 2015 researchers Lindsey, King, Hebl, & Levine tested three diversity training techniques for employee development. Which choice is NOT one of those techniques?

Perspective-taking
Goal setting
Sensitivity training
Stereotype discrediting

Correct answer: Sensitivity training

Explanation: The research conducted by Lindsey, King, Hebl, & Levine in 2015 tested
three strategies of diversity training. These were Perspective taking, Goal setting, and Stereotype discrediting. Sensitivity training, while important, was not part of the study.

Main Domain 5.0 Governance, Risk, and Compliance
Exam Objective 5.3 Explain the importance of policies to organizational security

Question 5

Credit card transactions are prime targets for hackers. Which of the choices listed specifies the controls necessary to provide secure transactions?

State laws
GPDR
NIST
PCI DSS

Correct answer: PCI DSS

Explanation: The Payment Card Industry Data Security Standard (PCI DSS) provides the framework to continuously monitor and enforce the controls specified. The General Data Protection Regulation – GDPR is a legal framework focused on personal information. The National Institute of Standards and Technology – NIST is also broader in scope. State laws although necessary, are not sufficient as they, in and by themselves, would not stop a hacker.

Main Domain 5.0 Governance, Risk, and Compliance
Exam Objective 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact the organizational security posture

Question 6

Secure network provenance (SNP) enables network operators to understand why they are in a particular state. Which of the choices is part of SNP?

Use forensic analytics
Determine why suspicious entries appear in routing tables
Determine the origin of a suspicious entry
Identify faulty network equipment
All of these are correct

Correct answer: All of these are correct

Explanation: Secure network provenance uses forensic techniques to analyze the how’s and why’s of adversarial tactics. Routing tables are scrutinized as they can be the origin of suspicious activity on devices. This process will also allow operators to identify faulty equipment.

Main Domain 4.0 Operations and Incident Response
Exam Objective 4.5 Explain the key aspects of digital forensics

Question 7

You are in a meeting with the members involved in your business continuity plan (BCP) to address a simulated emergency. This hands-off discussion centers around the actions to be taken in an emergency along with how those actions will be tested. How is this meeting classified?

Walkthrough
Tabletop
Simulation
Eradication

Correct answer: Tabletop

Explanation: A tabletop exercise is designed to allow all parties responsible for security and business continuity to share the actions that would be taken in an emergency scenario. This is a setting where concept sharing is encouraged. A walkthrough exercise involves taking the outcome of a tabletop exercise and validating the processes recommended. Simulation uses a backup of the assets in an emergency scenario. Eradication includes the actions necessary to neutralize the threat.

Main Domain 4.0 Operations and Incident Response
Exam Objective 4.3 Given an incident, utilize appropriate data sources to support an investigation

Question 8

Which of the choices shown is an embedded system IC (integrated circuit) chip? (Choose two)

Arduino
FPGA
Raspberry Pi
Subscriber Identity Module
Wearables

Correct answers: FPGA and Arduino

Explanation: Intel’s field-programmable gate array (FPGA) allows system designers to easily make changes to the code embedded on the chip. Arduino is a microcontroller that runs a single instruction repeatedly. Raspberry Pi is a mini-computer and operating system that runs on embedded components. A Subscriber Identity Module (SIM) holds the activation information on cell phones or smartphones. Wearables are not embedded systems.

Main Domain 2.0 Architecture and Design
Exam Objective 2.6 Explain the security implications of embedded and specialized systems

Question 9

You have a new drone and take it to a large field near the airport. It seems that you can fly freely in all but one direction. What would cause this?

Geotagging
Geolocation
Geofencing
GPS tagging

Correct answer: Geofencing

Explanation: Geofencing around the airport ensures your drone is prevented from flying towards the airport. Airports, government facilities, and other critical sites use geofencing to create a no-fly zone that the drone software will not cross. Geolocation is the process of using GPS to determine your exact location or the location of some device. Geotagging adds additional location data to images and messages sent from your device. GPS tagging is simply another term for geotagging.

Main Domain 3.0 Implementation
Exam Objective 3.5 Given a scenario, implement secure mobile solutions

Question 10

This cyber-attack framework utilizes a globally accessible database based on real-world attacks and techniques.

MITRE
Diamond
Cyber Kill Chain
None of these

Correct answer: MITRE

Explanation: The MITRE ATT&CK framework contains methods and techniques used in real-world attacks and can be referenced globally. It is updated frequently. Cyber Kill Chain is a model as is the Diamond Model of Intrusion Analysis.

Main Domain 4.0 Operations and Incident Response
Exam Objective 4.2 Summarize the importance of policies, processes, and procedures for incident response

Question 11

Which of the malware and threats shown runs automatically as a Windows Startup program or service and does NOT use its own executable file?

Worm

Crypto malware

Fileless virus

Logic bomb

Correct answer: Fileless virus

Explanation: The fileless virus is different than traditional malware that is launched by the user opening an infected object. This type loads directly into memory and can persist through system reboots.

Main Domain: 1.0 Attacks, Threats, and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 12

Adversarial artificial intelligence (AI) attacks are remarkably effective when the malware can manipulate which of these choices? Choose the best answer.

Ports

Machine training data

Downgrading

None of these are correct

Correct answer: Machine training data

Explanation:  AI learns from input and operational feedback from the device. Its evolution is reliant on the integrity of the data provided to it. When an adversary can access the machine training data the smallest change to the instructions can have exponential results.

Main Domain: 1.0 Attacks, Threats, and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 13

Using an unmanned aerial device to identify accessible WAPs is commonly referred to as one of the choices below.

War tagging

War flying

Footprinting

War driving

Correct answer: War flying

Explanation: The familiar process of war driving has been given wings in the form of drones. Now reconnaissance can be conducted using drones fitted with Wi-Fi analyzers to gather information about accessible WAPs.

Main Domain: 1.0 Attacks, Threats, and Vulnerabilities

Exam Objective: 1.8 Explain the techniques used in penetration testing.

Question 14

Which of the intrusion detection models listed addresses mitigation of the attack?

MITRE

Diamond

Cyber Kill Chain

None of these

Correct answer:  Diamond

Explanation: The Diamond model of intrusion detection analysis is a process that identifies threats and provides analytic techniques to actively respond to attacks as opposed to simply identifying them.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.2 Summarize the importance of policies, processes, and procedures for incident response.

Question 15

This command will allow you to query the contents of the systemd journal when used without arguments.

Sudo

Cat

Journalctl

Logger

Correct answer: Journalctl

Explanation: By default, the journalctl command will display the contents of the system file. Sudo escalates privilege. Cat reads files but requires a target file. Logger enables you to add instructions to a logfile.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.3 Given an incident, utilize appropriate data sources to support an investigation.

Question 16

Which of the choices is a password attack type that reduces multiple attempt account lockouts by using a single common password against a large number of accounts?

Combing

Spraying

Sequenced

Rainbow

Correct answer: Spraying

Explanation   Password spraying is essentially the opposite of a brute force attack. A brute force attack will target a single account and attempt huge numbers of password combinations. The account is locked by policy. Password spraying is often called low and slow.  It works by using the same password against every account. This works because the amount of time it takes to cycle through all the accounts is long enough to allow the process to repeat using a new password without causing a lockout. Lockouts occur when multiple incorrect logins are attempted in a short period of time.

Main Domain: 1.0 Threats, Attacks and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 17

This object can be used to maliciously gain unauthorized workstations and network access.

USB cable

Flash drive

Card clone

All of these

Correct answer: All of these

Explanation: All the responses are true. Removable media like a flash drive can transmit malware with ease. Card cloning (aka. Skimming) creates a duplicate copy of the card data. The data can be manipulated and/or transferred to another card. The reduction in the size of transceivers now makes it possible to create a USB cable that can communicate with the attacker wirelessly without the user’s knowledge.

Main Domain: 1.0 Threats, Attacks and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 18

Which of the choices provided defines a threat using services accessed by different apps without approval? It does this using the OAuth from an approved SaaS app like Microsoft 365 or Google G Suite.

Dark web

Shadow IT

SSO

None of these.

Correct answer: Shadow IT

Explanation: With IT-based hardware proliferating, users are likely to use smartphones, for example, to check corporate email. OAuth-enabled apps can be allowed access to shared data with a user’s credentials creating a larger attack surface. The apps can access shared data cloud to cloud, bypassing the company network and its protections.

Main Domain: 1.0 Threats, Attacks and Vulnerabilities

Exam Objective: 1.5 Explain different threat actors, vectors, and intelligence sources.

Question 19

Which of the choices shown is an embedded system IC (integrated circuit) chip? (Choose two)

Arduino

FPGA

Raspberry Pi

Subscriber Identity Module

Wearables

Correct answer: FPGA, Arduino

Explanation: Intel’s field programmable gate array (FPGA) allows system designers to easily make changes to the code embedded on the chip. Arduino is a microcontroller that runs a single instruction repeatedly. Raspberry Pi is mini-computer and operating system that runs on embedded components. A Subscriber Identity Module (SIM) holds the activation information on cell phones or smartphones. Wearables are not embedded systems.

Main Domain: 2.0 Architecture and Design

Exam Objective: 2.6 Explain the security implications of embedded and specialized systems.

Question 20

You have been asked to update your campus wireless coverage area. The objective is to identify signal leaks around your buildings that can be intercepted by hackers. The campus consists of four buildings spread over 600 acres. Choose the best option for quickly performing this assessment?

Drone

Wireless cracker

Packet capture

Collector

Correct answer: Drone

Explanation: The best way to collect your data is to use a drone fitted with a Wi-Fi analyzer. This will illustrate any areas where a misplaced or overpowered WAP can compromise your data. A wireless cracker is not needed, nor is packet capture at this point. A collector would not be used here.

Main Domain: 3.0 Implementation

Exam Objective: 3.5 Given a scenario, implement secure mobile solutions.

Question 21

You have a new drone and take it to a large field out near the airport. It seems that you can fly freely in all but one direction. What would cause this?

Geotagging

Geolocation

Geofencing

GPS tagging

Correct answer: Geofencing

Explanation: Geofencing around the airport ensures your drone is prevented from flying toward the airport. Airports, government facilities, and other critical sites use geofencing to create a no-fly zone that the drone software will not cross. Geolocation is the process of using GPS to determine your exact location or the location of some device. Geotagging adds additional location data to images and messages sent from your device. GPS tagging is simply another term for geotagging.

Main Domain: 3.0 Implementation

Exam Objective: 3.5 Given a scenario, implement secure mobile solutions.

Question 22

Which of the intrusion detection models listed addresses mitigation of the attack?

MITRE

Diamond

Cyber Kill Chain

None of these

Correct answer:  Diamond

Explanation: The Diamond model of intrusion detection analysis is a process that identifies threats and provides analytic techniques to actively respond to attacks as opposed to simply identifying them.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.2 Summarize the importance of policies, processes, and procedures for incident response.

Question 23

The ipfix utility exports the data regarding the flow of IP-based traffic to a _______.

Tcpdump

Collector

Logger

All of these

Correct answer:  Collector

Explanation: Ipfix captures IP traffic flow on a connection and pushes it to the collector.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.3 Given an incident, utilize appropriate data sources to support an investigation.

Question 24

You are in a meeting with the members involved in your business continuity plan (BCP) to address a simulated emergency. This hands-off discussion centers around the actions to be taken in an emergency along with how those actions will be tested. How is this meeting classified?

Walkthrough

Tabletop

Simulation

Eradication

Correct answer: Tabletop

Explanation: A tabletop exercise is designed to allow all parties responsible for security and business continuity to share the actions that would be taken in an emergency scenario. This is a setting where concept sharing is encouraged. A walkthrough exercise involves taking the outcome of a tabletop exercise and validating the processes recommended. The simulation uses a backup of the assets in an emergency scenario. Eradication includes the actions necessary to neutralize the threat.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.2 Summarize the importance of policies, processes, and procedures for incident response.

Question 25

Credit card transactions are prime targets for hackers. Which of the choices listed specifies the controls necessary to provide secure transactions?

State laws

GPDR

NIST

PCI DSS

Correct answer: PCI DSS

Explanation: The Payment Card Industry Data Security Standard (PCI DSS) provides the framework to continuously monitor and enforce the controls specified. The GDPR is a legal framework focused on personal information. The NIST is also broader in scope. State laws although necessary are not sufficient as they, in and by themselves, would not stop a hacker.

Main Domain: 5.0 Governance, Risk, and Compliance

Exam Objective: 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.

End of the Security plus SY0-601 practice test.

We hope you enjoyed these Security plus SY0-601 practice test questions. Best of luck with the exam!

Security plus SY0-601 Practice Test
Security Configuration and Analysis

Security plus SY0-601 Practice Test

 

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

2 thoughts on “Security plus SY0-601 Practice Test

  1. Corrections: Question 2 should say most frequently used instead of “most effective”. Question 10 should say “cyber-attack framework”, since none of the answers are actual attacks. Question 3 should be modified, as the “best” approach for diversity training can very by organization, and a person’s experience and background.

    1. Thanks, Simon, we appreciate the feedback! The relevant edits have been made to questions 2; 3 and 10.
      Best of luck in your quest for certification.

Leave a Reply

Your email address will not be published. Required fields are marked *

Pass the exam on the first try guaranteed

By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.