comptia sy0-601 practice test

CompTIA Security+ 2021

Last exam update: May 13 ,2025
Page 1 out of 72. Viewing questions 1-10 out of 711

Question 1

A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve
AAA? (Choose two.)

  • A. DNSSEC
  • B. Reverse proxy
  • C. VPN concentrator
  • D. PKI
  • E. Active Directory
  • F. RADIUS
Mark Question:
Answer:

ef


Reference:
https://docs.aerohive.com/330000/docs/guides/EAP-TLS_NPS_RADIUS_Server.pdf

User Votes:
A
50%
B 1 votes
50%
C
50%
D 1 votes
50%
E 1 votes
50%
F 2 votes
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000

Question 2

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

  • A. Data masking
  • B. Encryption
  • C. Geolocation policy
  • D. Data sovereignty regulation
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

A police department is using the cloud to share information with city officials. Which of the following cloud models describes this scenario?

  • A. Hybrid
  • B. Private
  • C. Public
  • D. Community
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?

  • A. Intelligence fusion
  • B. Review reports
  • C. Log reviews
  • D. Threat feeds
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?

  • A. WEP
  • B. MSCHAP
  • C. WPS
  • D. SAE
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

  • A. Hashing
  • B. Tokenization
  • C. Encryption
  • D. Segmentation
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Joe, a user at a company, clicked an email links that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

  • A. Install a definition-based antivirus.
  • B. Implement an IDS/IPS
  • C. Implement a heuristic behavior-detection solution.
  • D. Implement CASB to protect the network shares.
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

During an engagement, penetration testers left USB keys that contained specially crafted malware in the company's parking lot. A couple days later, the malware contacted the command-and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report?

  • A. Conduct an awareness campaign on the usage of removable media.
  • B. Issue a user guidance program focused on vishing campaigns.
  • C. Implement more complex password management practices.
  • D. Establish a procedure on identifying and reporting suspicious messages.
Mark Question:
Answer:

a

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

  • A. Create different accounts for each region, each configured with push MFA notifications.
  • B. Create one global administrator account and enforce Kerberos authentication.
  • C. Create different accounts for each region, limit their logon times, and alert on risky logins.
  • D. Create a guest account for each region, remember the last ten passwords, and block password reuse.
Mark Question:
Answer:

a

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following would satisfy three-factor authentication?

  • A. Password, retina scanner, and NFC card
  • B. Password, fingerprint scanner, and retina scanner
  • C. Password, hard token, and NFC card
  • D. Fingerprint scanner, hard token, and retina scanner
Mark Question:
Answer:

a

User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2