Free CompTIA Security+ SY0-601 Exam Practice Test

A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?

• Non-repudiation
• Baseline configurations
• MFA
• DLP

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

• A spraying attack was used to determine which credentials to use
• A packet capture tool was used to steal the password
• A remote-access Trojan was used to install the malware
• A directory attack was used to log in as the server administrator

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available?

• Adding a new UPS dedicated to the rack
• Installing a managed PDU
• Using only a dual power supplies unit
• Increasing power generator capacity

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendormost likely be required to review and sign?

• SLA
• NDA
• MOU
• AUP

A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on theirdevices, the following requirements must be met:Mobile device OSs must be patched up to the latest release.A screen lock must be enabled (passcode or biometric).Corporate data must be removed if the device is reported lost or stolen.Which of the following controls should the security engineer configure? (Select two).

• Disable firmware over-the-air
• Storage segmentation
• Posture checking
• Remote wipe
• Full device encryption
• Geofencing

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:CPU 0 percent busy, from 300 sec ago 1 sec ave: 99 percent busy 5 sec ave: 97 percent busy 1 min ave: 83 percent busyWhich of the following is The router experiencing?

• DDoS attack
• Memory leak
• Buffer overflow
• Resource exhaustion

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

• Privacy
• Availability
• Integrity
• Confidentiality

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

• Plaintext
• Birthdat
• Brute-force
• Rainbow table

A new security engineer has started hardening systems. One o( the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability lo use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

• TFTP was disabled on the local hosts.
• SSH was turned off instead of modifying the configuration file.
• Remote login was disabled in the networkd.conf instead of using the sshd. conf.
• Network services are no longer running on the NAS

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meetthis objective?

• SIEM
• HIDS
• CASB
• EDR