Comptia Security + SY/ 2024 Exams (LATEST UPDATES STUDY BUNDLE WITH COMPLETE SOLUTIONS| Questions and Verified Answers| 100% Correct| Grade A
Comptia Security+ (SY0-601) Certification
Exam (Latest 2023/ 2024 Update) Complete
Study Set with Questions and Verified
Answers| 100% Correct
Q: Mandatory Access Control (MAC)
Answer:
A classification of data based on how much damage it could cause.
Q: Top Secret (MAC)
Answer:
The highest level of damage.
Q: Secret (MAC)
Answer:
Causes serious damage.
Q: Confidential (MAC)
Answer:
Causes damage.
Q: Restricted (MAC)
Answer:
Has an undesirable effect.
Q: Owner (MAC)
Answer:
The user who writes data and determines classification.
Q: Steward (MAC)
Answer:
The user who labels the data.
Q: Custodian (MAC)
Answer:
The user who stores and manages classified data.
Q: Security Administrator (MAC)
Answer:
The user who gives access to classified data, once approved.
Q: Role-Based Access Control (RBAC)
Answer:
An access control system, which uses roles to determine access.
Q: Rule Based Access Control (RBAC)
Answer:
An access control system, which uses rules to determine access.
Q: Attribute-Based Access Controls (ABAC)
Answer:
An access control system, which uses account attributes to determine access.
Q: Group-Based Access Control (GBAC)
Answer:
An access control system, which uses account groups to determine access.
Q: Linux-Based Access Control (LBAC)
Answer:
An access control system, which is used by Linux to determine access and uses a numeric or
alpha format.
Q: Owner (LBAC)
Answer:
The first number listed in the LBAC permissions.
Q: Group (LBAC)
Answer:
The second number listed in the LBAC permissions.
Q: All other uses (LBAC)
Answer:
The third number listed in the LBAC permissions.
Q: Read (LBAC)
Answer:
Represented as an ‘r’ in LBAC permissions.
Q: Write (LBAC)
Answer:
Represented as an ‘w’ in LBAC permissions.
Q: Execute (LBAC)
Answer:
Represented as an ‘x’ in LBAC permissions.
Q: Signage
Answer:
Highly visible signs warning, this is a secure area.
Powered by https://learnexams.com/search/study?query=aqa
Comptia Security + SY0-601 Exam (2023/
2024 Update) Questions and Verified
Answers| 100% Correct| Grade A| Latest
Q: A researcher has been analyzing large data sets for the last ten months. The researcher works
with colleagues from other institutions and typically connects via SSH to retrieve additional data.
Historically, this setup hash worked without issue, but the researcher recently started getting the
following message:
Which of the following network attacks is the researcher MOST likely experiencing?
A. MAC cloning
B. Evil twin
C. Man-in-the-middle
D. ARP poisoning
Answer:
C
Q: An organization is developing an authentication service for use at the entry and exit ports of
country borders. The service will use data feeds obtained from passport systems, passenger
manifests, and high definition video feeds from CCTV systems that are located at the ports. The
service will incorporate machine-learning techniques to eliminate biometric enrollment processes
while still allowing authorities to identify passengers with increasing accuracy over time. The
more frequently passengers travel, the more accurately the service will identify them. Which of
the following biometrics will MOST likely be used, without the need for enrollment? (Choose
two.)
A. Voice
B. Gait
C. Vein
D. Facial
E. Retina
F. Fingerprint
Answer:
BD
Q: An organization needs to implement more stringent controls over administrator/root
credentials and
service accounts. Requirements for the project include:
- Check-in/checkout of credentials
- The ability to use but not know the password
- Automated password changes
- Logging of access to credentials
Which of the following solutions would meet the requirements?
A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenlD Connect authentication system
Answer:
D
Q: Several employees return to work the day after attending an industry trade show. That same
day, the security manager notices several malware alerts coming from each of the employee’s
workstations. The security manager investigates but finds no signs of an attack on the perimeter
firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation
media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host
firewall
Answer:
A
Q: After reading a security bulletin, a network security manager is concerned that a malicious
actor may have breached the network using the same software flaw. The exploit code is publicly
available and has been reported as being used against other industries in the same vertical. Which
of the following should the network security manager consult FIRST to determine a priority list
for forensic review?
A. The vulnerability scan output
B. The IDS logs
C. The full packet capture data
D. The SIEM alerts
Answer:
A
Q: A financial organization has adopted a new secure, encrypted document-sharing application
to help with its customer loan process. Some important PII needs to be shared across this new
platform, but it is getting blocked by the DLP systems. Which of the following actions will
BEST allow the PII to be shared with the secure application without compromising the
organization’s security posture?
A. Configure the DLP policies to allow all PII
B. Configure the firewall to allow all ports that are used by this application
C. Configure the antivirus software to allow the application
D. Configure the DLP policies to whitelist this application with the specific PII
E. Configure the application to encrypt the PII
Answer:
D
Q: An auditor is performing an assessment of a security appliance with an embedded OS that
was vulnerable during the last two assessments. Which of the following BEST explains the
appliance’s vulnerable state?
A. The system was configured with weak default security settings.
B. The device uses weak encryption ciphers.
C. The vendor has not supplied a patch for the appliance.
D. The appliance requires administrative credentials for the assessment.
Answer:
C
Q: A company’s bank has reported that multiple corporate credit cards have been stolen over
the past several weeks. The bank has provided the names of the affected cardholders to the
company’s forensics team to assist in the cyber-incident investigation.
An incident responder learns the following information:
- The timeline of stolen card numbers corresponds closely with affected users making
Internet-based purchases from diverse websites via enterprise desktop PCs. - All purchase connections were encrypted, and the company uses an SSL inspection proxy for
the
inspection of encrypted traffic of the hardwired network. - Purchases made with corporate cards over the corporate guest WiFi network, where no SSL
inspection occurs, were unaffected.
Which of the following is the MOST likely root cause?
A. HTTPS sessions are being downgraded to insecure cipher suites
B. The SSL inspection proxy is feeding even
Answer:
C
Q: A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to
check emails and update reports. Which of the following would be BEST to prevent other
devices on the network from directly accessing the laptop? (Choose two.)
A. Trusted Platform Module
B. A host-based firewall
C. A DLP solution
D. Full disk encryption
E. A VPN
F. Antivirus software
Answer:
AB
Q: A company is implementing MFA for all applications that store sensitive data. The IT
manager wants MFA to be non-disruptive and user friendly. Which of the following technologies
should the IT manager use when implementing MFA?
A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
Answer:
C
Powered by https://learnexams.com/search/study?query=aqa
Comptia Security + SY0-601 Exam Review
(Latest 2023/ 2024 Update) Questions and
Verified Answers| 100% Correct
Q: What is a security policy?
Answer:
A formalized statement that defines how security will be implemented within an organization
Q: Overall internal responsibility for security might be allocated to a dedicated department such
as a
Answer:
Director of Security, Chief Security Officer (CSO), or Chief Information Security Officer
(CISO).
Q: What is a Security Operations Center (SOC)?
Answer:
a location where security professionals monitor and protect critical information assets across
other business functions, such as finance, operations, sales/marketing, and so on. Because SOCs
can be difficult to establish, maintain, and finance, they are usually employed by larger
corporations, like a government agency or a healthcare company.
Q: What is Development and Operations (DevOps)?
Answer:
a cultural shift within an organization to encourage much more collaboration between developers
and system administrators. By creating a highly orchestrated environment, IT personnel and
developers can build, test, and release software faster and more reliably.
Q: a single point-of-contact for the notification of security incidents should be handled by a
dedicated…
Answer:
cyber incident response team (CIRT)/computer security incident response team
(CSIRT)/computer emergency response team (CERT)
Q: A multinational company manages a large amount of valuable intellectual property (IP) data,
plus personal data for its customers and account holders. What type of business unit can be used
to manage such important and complex security requirements?
Answer:
Q: A business is expanding rapidly and the owner is worried about tensions between its
established IT and programming divisions. What type of security business unit or function could
help to resolve these issues?
Answer:
Q: What is a security control?
Answer:
is something designed to make give a system or data asset the properties of confidentiality,
integrity, availability, and non-repudiation.
Q: What are the three broad categories of security controls?
Answer:
Technical, Operational, Managerial
Q: What entails a technical security control?
Answer:
the control is implemented as a system (hardware, software, or firmware). For example,
firewalls, antivirus software, and OS access control models are technical controls. Technical
controls may also be described as logical controls.
Q: What entails a managerial security control?
Answer:
the control gives oversight of the information system. Examples could include risk identification
or a tool allowing the evaluation and selection of other security controls.
Q: What entails an operational security control?
Answer:
the control is implemented primarily by people rather than systems. For example, security guards
and training programs are operational controls rather than technical controls.
Q: What are the categories of security controls according to their objective/function?
Answer:
Preventative, Detective, Corrective, Physical, Deterrent, Compensating
Q: What entails a ‘Corrective Security Control’?
Answer:
Powered by https://learnexams.com/search/study?query=aqa
Comptia Security + SY0-601 2023/ 2024
Exam| Questions and Verified Answers with
Rationales| 100% Correct| Grade A
Q: You have heard about a new malware program that presents itself to users as a virus scanner.
When users run the software, it installs itself as a hidden program that has administrator access to
various operating system components. The program then tracks system activity and allows an
attacker to remotely gain administrator access to the computer.
Which of the following terms best describes this software?
A. Privilege escalation
B. Trojan horse
C. Rootkit
D. Spyware
E. Botnet
Answer:
C. Rootkit
This program is an example of a rootkit. A rootkit is a set of programs that allow attackers to
maintain permanent, administrator-level, and hidden access to a computer. Rootkits require
administrator access for installation and typically gain this access using a Trojan horse approach-
-masquerading as a legitimate program to entice users to install the software.
While this program is an example of a Trojan horse that also performs spying activities
(spyware), the ability to hide itself and maintain administrator access makes rootkit a better
description for the software. A botnet is a group of zombie computers that are commanded from
a central control infrastructure.
Q: While browsing the internet, you notice that the browser displays ads that are targeted
towards recent keyword searches you have performed.
What is this an example of?
A. Zombie
B. Worm
C. Adware
D.Logic bomb
Answer:
C. Adware
Adware monitors actions that denote personal preferences, then sends pop-ups and ads that
match those preferences. Adware:
- Is usually passive
- Is privacy-invasive software
- Is installed on your machine by visiting a particular website or running an application
- Is usually more annoying than harmful
A logic bomb is designed to execute only under predefined conditions and lays dormant until the
predefined condition is met. A worm is a self-replicating virus. A zombie is a computer that
is infected with malware that allows remote software updates and control by a command and
control center called a zombie master.
Q: Which of the following best describes spyware?
A. It monitors the actions you take on your machine and sends the information back to its
originating source.
B. It is a malicious program disguised as legitimate software.
C. It is a program that attempts to damage a computer system and replicate itself to other
computer systems.
D. It monitors user actions that denote personal preferences, then sends pop-ups and ads to the
user that match their tastes.
Answer:
A. It monitors the actions you take on your machine and sends the information back to its
originating source.
Spyware monitors the actions you take on your machine and sends the information back to its
originating source.
Adware monitors the actions of the user that denote their personal preferences, then sends popups and ads to the user that match their tastes. A virus is a program that attempts to damage a
computer system and replicate itself to other computer systems. A Trojan horse is a malicious
program disguised as legitimate software.
Q: What is the common name for a program that has no useful purpose, but attempts to spread
itself to other systems and often damages resources on the systems where it is found?
A. Virus
B. Trojan horse
C. Java applet
D. Windows Messenger
Answer:
A. Virus
A virus is the common name for a program that has no useful purpose, but attempts to spread
itself to other systems and often damages resources on the systems where it is found. Viruses are
a serious threat to computer systems, especially if they are connected to the internet. It is often a
minimal requirement to have an antivirus scanner installed on every machine of a secured
network to protect against viruses.
Trojan horses are programs that claim to serve a useful purpose but hide a malicious purpose or
activity. Windows Messenger is an instant message chat utility. Java applets are web applications
that operate within a security sandbox.
Q: What is the primary distinguishing characteristic between a worm and a logic bomb?
A. Masquerades as a useful program
B. Self-replication
C. Spreads via email
D. Incidental damage to resources
Answer:
B. Self-replication
The primary distinguishing characteristic between a worm and a logic bomb is self-replication.
Worms are designed to replicate and spread as quickly and as broadly as possible. Logic bombs
do not self-replicate. They are designed for a specific single system or type of system. Once
planted on a system, it remains there until it is triggered.
Both worms and logic bombs can be spread via email, and both may cause incidental damage to
resources. While either may be brought into a system as a parasite on a legitimate program or file
or as the payload of a Trojan horse, the worm or logic bomb itself does not masquerade as a
useful program.
Q: What is another name for a logic bomb?
A. Asynchronous attack
B. Trojan horse
C. DNS poisoning
D. Pseudo flaw
Answer:
A. Asynchronous attack
A logic bomb is a specific example of an asynchronous attack. An asynchronous attack is a form
of malicious attack where actions taken at one time do not cause their intended, albeit negative,
action until a later time.
A pseudo flaw is a form of IDS that detects when an intruder attempts to perform a common but
potentially dangerous administrative task. DNS poisoning is the act of inserting incorrect domain
name or IP address mapping information into a DNS server or a client’s cache. A Trojan horse is
any malicious code embedded inside of a seemingly benign carrier. None of these three terms is
a synonym for logic bomb.
Q: You have installed anti-malware software that checks for viruses in email attachments. You
configure the software to quarantine any files with problems.
You receive an email with an important attachment, but the attachment is not there. Instead, you
see a message that the file has been quarantined by the anti-malware software
What has happened to the file?
A. The file extension has been changed to prevent it from running.
B. The infection has been removed, and the file has been saved to a different location.
C. It has been moved to a secure folder on your computer.
D. It has been deleted from your system.
Answer:
C. It has been moved to a secure folder on your computer.
Quarantine moves the infected file to a secure folder where it cannot be opened or run normally.
By configuring the software to quarantine any problem files, you can view, scan, and possibly
repair those files.
Quarantine does not automatically repair files. Deleting a file is one possible action to take, but
this action removes the file from your system.
Q: Which of the following measures are you most likely to implement to protect against a
worm or Trojan horse?
A. IPsec
B. Password policy
C. Anti-virus software
D. Firewall
Powered by https://learnexams.com/search/study?query=aqa