comptia sy0-601 practice test
CompTIA Security+ Exam
Question 1
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the
organizations vulnerabilities. Which of the following would BEST meet this need?
- A. CVE
- B. SIEM
- C. SOAR
- D. CVSS
Answer:
D
Question 2
Which of the following environments minimizes end-user disruption and MOST likely to be used to assess the impacts of any
database migrations or major system changes by using the final version of the code?
- A. Staging
- B. Test
- C. Production
- D. Development
Answer:
A
Explanation:
Reference: https://searchsoftwarequality.techtarget.com/definition/staging-
environment#:~:text=A%20staging%20environment%20(stage)%20is,like%
20environment%20before%20application%20deployment
Question 3
A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new
product before its general release. Which of the following BEST describes the tasks the developer is conducting?
- A. Verification
- B. Validation
- C. Normalization
- D. Staging
Answer:
A
Question 4
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT
operations in a:
- A. business continuity plan.
- B. communications plan.
- C. disaster recovery plan.
- D. continuity of operations plan.
Answer:
C
Question 5
A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to
software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported.
The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to
be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following
resiliency techniques will provide these capabilities?
- A. Redundancy
- B. RAID 1+5
- C. Virtual machines
- D. Full backups
Answer:
A
Question 6
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft.
Which of the following would be the MOST acceptable?
- A. SED
- B. HSM
- C. DLP
- D. TPM
Answer:
A
Question 7
A systems administrator needs to implement an access control scheme that will allow an objects access policy to be
determined by its owner. Which of the following access control schemes BEST fits the requirements?
- A. Role-based access control
- B. Discretionary access control
- C. Mandatory access control
- D. Attribute-based access control
Answer:
B
Question 8
An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain
relevant information. One of the posts says the following:
Which of the following BEST describes the attack that was attempted against the forum readers?
- A. SQLi attack
- B. DLL attack
- C. XSS attack
- D. API attack
Answer:
C
Question 9
A security analyst discovers that a companys username and password database was posted on an Internet forum. The
usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of
data exfiltration in the future?
- A. Create DLP controls that prevent documents from leaving the network.
- B. Implement salting and hashing.
- C. Configure the web content filter to block access to the forum.
- D. Increase password complexity requirements.
Answer:
B
Question 10
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last
two assessments. Which of the following BEST explains the appliances vulnerable state?
- A. The system was configured with weak default security settings.
- B. The device uses weak encryption ciphers.
- C. The vendor has not supplied a patch for the appliance.
- D. The appliance requires administrative credentials for the assessment.
Answer:
C