Security+ SY0-601 Practice Test

Below are 25 Security plus SY0-601 practice test questions. In all of them, you will have the question text first, the distracters, and correct answer(s) second, then an explanation, and finally which CompTIA main domain and exam objective the question pertains to. Any Security+ preparation should start with an in-depth review of the exam objectives. If you do not have them then click here to download the Security+ SY0-601 Exam Objectives PDF.

This Security plus SY0-601 practice test offers you questions addressing all the CompTIA Main Domains and many of the exam objectives.

Security plus SY0-601 Practice Test  – Question 1 

This technique adds malicious code to the beginning of a file. It ensures that the malware is activated when the user opens the modified file.

Prepending
Tainting
Appending
None of these

Correct answer: Prepending

Explanation: Prepending is adding code to the beginning of a presumably safe file. It activates when the file is opened. Appending malware adds the code to the end of the file. Tainting is not relevant to the subject.

Main Domain 1.0 Attacks, Threats, and Vulnerabilities
Exam Objective 1.1 Compare and contrast different types of social engineering techniques.

Question 2

Of the choices shown, which is the MOST prevalent malware attack vector?

Email
Wireless
Removeable media
Supply chain

Correct answer: email

Explanation: Easily over 90% of malware is delivered via good old-fashioned email, where the user can be tricked into activating the malicious payload. Wireless attacks exist in the open, but the current WAPs are configured to protect the users. USB sticks are prevalent and can be used maliciously by simply dropping an infected item in your company’s parking lot. Most users would simply plug it in at their desk and they are infected. The supply chain consists of manufacturers, vendors and any source that helps implement delivery of the finished product. There are numerous opportunities to infect products.

Main Domain 1.0 Attacks, Threats, and Vulnerabilities
Exam Objective 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 3

Which of the choices does BEST describe the purpose of diversity training?

Enable employees with dissimilar backgrounds to operate effectively together
Encourage the employee to view situations from the perspective of others
Help employees discredit and overcome common prejudicial stereotypes
Improve the employee’s values and relations in the corporate environment
All of these are correct

Correct answer: Enable employees with dissimilar backgrounds to operate effectively together

Explanation: While all the choices are relevant, the best choice would be to enable employees with dissimilar backgrounds to operate effectively together as this is the main objective of diversity training. The three detractors, although all in and by themselves correct statements are the means to the end that can be achieved by assisting the employee in improving their personal values by viewing things from the perspective of others and discrediting prejudice.

Main Domain 5.0 Governance, Risk, and Compliance
Exam Objective 5.3 Explain the importance of policies to organizational security

Question 4

In 2015 researchers Lindsey, King, Hebl, & Levine tested three diversity training techniques for employee development. Which choice is NOT one of those techniques?

Perspective-taking
Goal setting
Sensitivity training
Stereotype discrediting

Correct answer: Sensitivity training

Explanation: The research conducted by Lindsey, King, Hebl, & Levine in 2015 tested
three strategies of diversity training. These were Perspective taking, Goal setting, and Stereotype discrediting. Sensitivity training, while important, was not part of the study.

Main Domain 5.0 Governance, Risk, and Compliance
Exam Objective 5.3 Explain the importance of policies to organizational security

Question 5

Credit card transactions are prime targets for hackers. Which of the choices listed specifies the controls necessary to provide secure transactions?

State laws
GPDR
NIST
PCI DSS

Correct answer: PCI DSS

Explanation: The Payment Card Industry Data Security Standard (PCI DSS) provides the framework to continuously monitor and enforce the controls specified. The General Data Protection Regulation – GDPR is a legal framework focused on personal information. The National Institute of Standards and Technology – NIST is also broader in scope. State laws although necessary, are not sufficient as they, in and by themselves, would not stop a hacker.

Main Domain 5.0 Governance, Risk, and Compliance
Exam Objective 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact the organizational security posture

Question 6

Secure network provenance (SNP) enables network operators to understand why they are in a particular state. Which of the choices is part of SNP?

Use forensic analytics
Determine why suspicious entries appear in routing tables
Determine the origin of a suspicious entry
Identify faulty network equipment
All of these are correct

Correct answer: All of these are correct

Explanation: Secure network provenance uses forensic techniques to analyze the how’s and why’s of adversarial tactics. Routing tables are scrutinized as they can be the origin of suspicious activity on devices. This process will also allow operators to identify faulty equipment.

Main Domain 4.0 Operations and Incident Response
Exam Objective 4.5 Explain the key aspects of digital forensics

Question 7

You are in a meeting with the members involved in your business continuity plan (BCP) to address a simulated emergency. This hands-off discussion centers around the actions to be taken in an emergency along with how those actions will be tested. How is this meeting classified?

Walkthrough
Tabletop
Simulation
Eradication

Correct answer: Tabletop

Explanation: A tabletop exercise is designed to allow all parties responsible for security and business continuity to share the actions that would be taken in an emergency scenario. This is a setting where concept sharing is encouraged. A walkthrough exercise involves taking the outcome of a tabletop exercise and validating the processes recommended. Simulation uses a backup of the assets in an emergency scenario. Eradication includes the actions necessary to neutralize the threat.

Main Domain 4.0 Operations and Incident Response
Exam Objective 4.3 Given an incident, utilize appropriate data sources to support an investigation

Question 8

Which of the choices shown is an embedded system IC (integrated circuit) chip? (Choose two)

Arduino
FPGA
Raspberry Pi
Subscriber Identity Module
Wearables

Correct answers: FPGA and Arduino

Explanation: Intel’s field-programmable gate array (FPGA) allows system designers to easily make changes to the code embedded on the chip. Arduino is a microcontroller that runs a single instruction repeatedly. Raspberry Pi is a mini-computer and operating system that runs on embedded components. A Subscriber Identity Module (SIM) holds the activation information on cell phones or smartphones. Wearables are not embedded systems.

Main Domain 2.0 Architecture and Design
Exam Objective 2.6 Explain the security implications of embedded and specialized systems

Question 9

You have a new drone and take it to a large field out near the airport. It seems that you can fly freely in all but one direction. What would cause this?

Geotagging
Geolocation
Geofencing
GPS tagging

Correct answer: Geofencing

Explanation: Geofencing around the airport ensures your drone is prevented from flying towards the airport. Airports, government facilities, and other critical sites use geofencing to create a no-fly zone that the drone software will not cross. Geolocation is the process of using GPS to determine your exact location or the location of some device. Geotagging adds additional location data to images and messages sent from your device. GPS tagging is simply another term for geotagging.

Main Domain 3.0 Implementation
Exam Objective 3.5 Given a scenario, implement secure mobile solutions

Question 10

This cyber-attack framework utilizes a globally accessible database based on real-world attacks and techniques.

MITRE
Diamond
Cyber Kill Chain
None of these

Correct answer: MITRE

Explanation: The MITRE ATT&CK framework contains methods and techniques used in real-world attacks and can be referenced globally. It is updated frequently. Cyber Kill Chain is a model as is the Diamond Model of Intrusion Analysis.

Main Domain 4.0 Operations and Incident Response
Exam Objective 4.2 Summarize the importance of policies, processes, and procedures for incident response

Question 11

Which of the malware and threats shown runs automatically as a Windows Startup program or service and does NOT use its own executable file?

Worm

Crypto malware

Fileless virus

Logic bomb

Correct answer: Fileless virus

Explanation: The fileless virus is different than traditional malware that is launched by the user opening an infected object. This type loads directly into memory and can persist through system reboots.

Main Domain: 1.0 Attacks, Threats, and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 12

Adversarial artificial intelligence (AI) attacks are remarkably effective when the malware can manipulate which of these choices? Choose the best answer.

Ports

Machine training data

Downgrading

None of these are correct

Correct answer: Machine training data

Explanation:  AI learns from input and operational feedback from the device. Its evolution is reliant on the integrity of the data provided to it. When an adversary can access the machine training data the smallest change to the instructions can have exponential results.

Main Domain: 1.0 Attacks, Threats, and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 13

Using an unmanned aerial device to identify accessible WAPs is commonly referred to as one of the choices below.

War tagging

War flying

Footprinting

War driving

Correct answer: War flying

Explanation: The familiar process of war driving has been given wings in the form of drones. Now reconnaissance can be conducted using drones fitted with Wi-Fi analyzers to gather information about accessible WAPs.

Main Domain: 1.0 Attacks, Threats, and Vulnerabilities

Exam Objective: 1.8 Explain the techniques used in penetration testing.

Question 14

Which of the intrusion detection models listed addresses mitigation of the attack?

MITRE

Diamond

Cyber Kill Chain

None of these

Correct answer:  Diamond

Explanation: The Diamond model of intrusion detection analysis is a process that identifies threats and provides analytic techniques to actively respond to attacks as opposed to simply identifying them.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.2 Summarize the importance of policies, processes, and procedures for incident response.

Question 15

This command will allow you to query the contents of the systemd journal when used without arguments.

Sudo

Cat

Journalctl

Logger

Correct answer: Journalctl

Explanation: By default, the journalctl command will display the contents of the system file. Sudo escalates privilege. Cat reads files but requires a target file. Logger enables you to add instructions to a logfile.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.3 Given an incident, utilize appropriate data sources to support an investigation.

Question 16

Which of the choices is a password attack type that reduces multiple attempt account lockouts by using a single common password against a large number of accounts?

Combing

Spraying

Sequenced

Rainbow

Correct answer: Spraying

Explanation   Password spraying is essentially the opposite of a brute force attack. A brute force attack will target a single account and attempt huge numbers of password combinations. The account is locked by policy. Password spraying is often called low and slow.  It works by using the same password against every account. This works because the amount of time it takes to cycle through all the accounts is long enough to allow the process to repeat using a new password without causing a lockout. Lockouts occur when multiple incorrect logins are attempted in a short period of time.

Main Domain: 1.0 Threats, Attacks and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 17

This object can be used to maliciously gain unauthorized workstation and network access.

USB cable

Flash drive

Card clone

All of these

Correct answer: All of these

Explanation: All the responses are true. Removable media like a flash drive can transmit malware with ease. Card cloning (aka. Skimming) creates a duplicate copy of the card data. The data can be manipulated and/or transferred to another card. The reduction in the size of transceivers now makes it possible to create a USB cable that can communicate with the attacker wirelessly without the user’s knowledge.

Main Domain: 1.0 Threats, Attacks and Vulnerabilities

Exam Objective: 1.2 Given a scenario, analyze potential indicators to determine the type of attack.

Question 18

Which of the choices provided defines a threat using services accessed by different apps without approval. It does this using the OAuth from an approved SaaS app like Microsoft 365 or Google G Suite.

Dark web

Shadow IT

SSO

None of these.

Correct answer: Shadow IT

Explanation: With IT based hardware proliferating, users are likely to use smartphones for example, to check corporate email. OAuth-enabled apps can be allowed access to shared data with a user’s credentials creating a larger attack surface. The apps can access shared data cloud to cloud, bypassing the company network and its protections.

Main Domain: 1.0 Threats, Attacks and Vulnerabilities

Exam Objective: 1.5 Explain different threat actors, vectors, and intelligence sources.

Question 19

Which of the choices shown is an embedded system IC (integrated circuit) chip? (Choose two)

Arduino

FPGA

Raspberry Pi

Subscriber Identity Module

Wearables

Correct answer: FPGA, Arduino

Explanation: Intel’s field programmable gate array (FPGA) allows system designers to easily make changes to the code embedded on the chip. Arduino is a microcontroller that runs a single instruction repeatedly. Raspberry Pi is mini-computer and operating system that runs on embedded components. A Subscriber Identity Module (SIM) holds the activation information on cell phones or smartphones. Wearables are not embedded systems.

Main Domain: 2.0 Architecture and Design

Exam Objective: 2.6 Explain the security implications of embedded and specialized systems.

Question 20

You have been asked to update your campus wireless coverage area. The objective is to identify signal leaks around your buildings that can be intercepted by hackers. The campus consists of four buildings spread over 600 acres. Choose the best option for quickly performing this assessment?

Drone

Wireless cracker

Packet capture

Collector

Correct answer: Drone

Explanation: The best way to collect your data is to use a drone fitted with a Wi-Fi analyzer. This will illustrate any areas where a misplaced or overpowered WAP can compromise your data. A wireless cracker is not needed, nor is packet capture at this point. A collector would not be used here.

Main Domain: 3.0 Implementation

Exam Objective: 3.5 Given a scenario, implement secure mobile solutions.

Question 21

You have a new drone and take it to a large field out near the airport. It seems that you can fly freely in all but one direction. What would cause this?

Geotagging

Geolocation

Geofencing

GPS tagging

Correct answer: Geofencing

Explanation: Geofencing around the airport ensures your drone is prevented from flying towards the airport. Airports, government facilities, and other critical sites use geofencing to create a no-fly zone that the drone software will not cross. Geolocation is the process of using GPS to determine your exact location or the location of some device. Geotagging adds additional location data to images and messages sent from your device. GPS tagging is simply another term for geotagging.

Main Domain: 3.0 Implementation

Exam Objective: 3.5 Given a scenario, implement secure mobile solutions.

Question 22

Which of the intrusion detection models listed addresses mitigation of the attack?

MITRE

Diamond

Cyber Kill Chain

None of these

Correct answer:  Diamond

Explanation: The Diamond model of intrusion detection analysis is a process that identifies threats and provides analytic techniques to actively respond to attacks as opposed to simply identifying them.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.2 Summarize the importance of policies, processes, and procedures for incident response.

Question 23

The ipfix utility exports the data regarding the flow of IP based traffic to a _______.

Tcpdump

Collector

Logger

All of these

Correct answer:  Collector

Explanation: Ipfix captures IP traffic flow on a connection and pushes it to the collector.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.3 Given an incident, utilize appropriate data sources to support an investigation.

Question 24

You are in a meeting with the members involved in your business continuity plan (BCP) to address a simulated emergency. This hands-off discussion centers around the actions to be taken in an emergency along with how those actions will be tested. How is this meeting classified?

Walkthrough

Tabletop

Simulation

Eradication

Correct answer: Tabletop

Explanation: A tabletop exercise is designed to allow all parties responsible for security and business continuity to share the actions that would be taken in an emergency scenario. This is a setting where concept sharing is encouraged. A walkthrough exercise involves taking the outcome of a tabletop exercise and validating the processes recommended. Simulation uses a backup of the assets in an emergency scenario. Eradication includes the actions necessary to neutralize the threat.

Main Domain: 4.0 Operations and Incident Response

Exam Objective: 4.2 Summarize the importance of policies, processes, and procedures for incident response.

Question 25

Credit card transactions are prime targets for hackers. Which of the choices listed specifies the controls necessary to provide secure transactions?

State laws

GPDR

NIST

PCI DSS

Correct answer: PCI DSS

Explanation: The Payment Card Industry Data Security Standard (PCI DSS) provides the framework to continuously monitor and enforce the controls specified. The GDPR is a legal framework focused on personal information. The NIST is also broader in scope. State laws although necessary are not sufficient as they, in and by themselves, would not stop a hacker.

Main Domain: 5.0 Governance, Risk, and Compliance

Exam Objective: 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.

End of the Security plus SY0-601 practice test.

We hope you enjoyed these Security plus SY0-601 practice test questions. Best of luck with the exam!

Security plus SY0-601 Practice Test
Security Configuration and Analysis

Security plus SY0-601 Practice Test

 

2 thoughts on “Security plus SY0-601 Practice Test

  1. Corrections: Question 2 should say most frequently used instead of “most effective”. Question 10 should say “cyber-attack framework”, since none of the answers are actual attacks. Question 3 should be modified, as the “best” approach for diversity training can very by organization, and a person’s experience and background.

    1. Thanks, Simon, we appreciate the feedback! The relevant edits have been made to questions 2; 3 and 10.
      Best of luck in your quest for certification.

Leave a Reply

Your email address will not be published. Required fields are marked *

On Facebook

Trust Guard Security Scanned
Share This
Real Time Web Analytics