CompTIA SY0-601 CompTIA Security+ Exam Practice Test

Page: 1 / 14
Total 608 questions
Question 1

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?



Answer : A

chmod is a Linux command that can be used to change or modify the permissions of files and directories. The /etc/shadow file is a system file that stores the encrypted passwords of user accounts in Linux. The /etc/shadow file should have restricted permissions to prevent unauthorized access or modification of the passwords. The recommended permissions for the /etc/shadow file are read/write for root user only (600). If the systems administrator observes that the /etc/shadow file has permissions beyond the baseline recommendation, they can use the chmod command to resolve this issue by setting the appropriate permissions for the file. For example, chmod 600 /etc/shadow would set the permissions of the /etc/shadow file to read/write for root user only.181920Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 9: Implementing Identity and Access Management Controls, page 404;chmod - Wikipedia;Linux /etc/shadow file - nixCraft;How to Change File Permissions in Linux - Linuxize


Question 2

In which of the following scenarios is tokenization the best privacy technique to use?



Answer : C

Tokenization is a privacy technique that replaces sensitive data elements, such as credit card numbers, with non-sensitive equivalents, called tokens, that have no intrinsic or exploitable value. Tokenization can be used to enable established customers to safely store credit card information without exposing their actual card numbers to potential theft or misuse.The tokens can be used to process payments without revealing the original data456Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 8: Implementing Secure Protocols, page 362;What is tokenization? | McKinsey;What is Tokenization? Definition and Examples | OpenText - Micro Focus;Tokenization (data security) - Wikipedia


Question 3

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?



Answer : A

Order of volatility is the order in which a forensic specialist should collect evidence based on how quickly the data can be lost or altered. The most volatile data, such as CPU registers and cache, should be collected first, followed by less volatile data, such as disk drives and archival media.Order of volatility helps preserve the integrity and validity of the evidence and prevent data loss or corruption123Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 11: Explaining Digital Forensics Concepts, page 494;Order of Volatility - Computer Forensics Recruiter;Order of Volatility -- CompTIA Security+ SY0-401: 2.4;CFR and Order of Volatility - Get Certified Get Ahead


Question 4

A company is looking to migrate some servers to the cloud to minimize its technology footprint The company has a customer relationship management system on premises Which of the following solutions will require the least infrastructure and application support from the company?



Answer : A

SaaS stands for Software as a Service and is a cloud computing model that delivers software solutions from a third party over the internet. SaaS requires the least infrastructure and application support from the company because it eliminates the need to install, manage, update, or maintain any software or hardware on-premises. The company can simply access the customer relationship management system as a SaaS application through a web browser or an API, without worrying about the underlying infrastructure, platform, or network.The SaaS provider is responsible for managing all aspects of the software delivery and performance


Question 5

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?



Answer : B

A syslog server is a centralized log management system that collects, stores, and manages syslog messages generated by various network devices, servers, applications, and other sources. A syslog server can assist the investigators in this case because it can provide an alternative source of log files that may contain evidence of the incident. The privileged user may have deleted the local log files on the server, but not the remote log files on the syslog server.Therefore, the investigators can access the syslog server and analyze the log messages related to the user's activities and actions


Question 6

A security administrator received an alert for a user account with the following log activity:

Which of the following best describes the trigger for the alert the administrator received?



Answer : C

Impossible travel time is an anomaly detection that indicates a possible compromise of a user account. It occurs when the same user connects from two different countries and the time between those connections is shorter than the time it would take to travel from the first location to the second by conventional means. This suggests that a different user is using the same credentials or that a proxy or VPN is being used to mask the true location. The log activity shows that the user connected from two different IP addresses in different countries (US and Brazil) within a span of 37 minutes, which is impossible to achieve by normal travel.Reference:Detecting and Remediating Impossible Travel - Microsoft Community Hub;Anomaly detection policies - Microsoft Defender for Cloud Apps;Understanding Microsoft 365 Impossible Travel Rules | Blumira


Question 7

Which of the following test describes the risk that is present once mitigations are applied?



Answer : B

Residual risk is the risk that remains after applying risk mitigation measures, such as controls, policies, or procedures. It reflects the level of uncertainty and potential impact that cannot be completely eliminated by risk management efforts. Residual risk is calculated by subtracting the risk reduction from the inherent risk, or by multiplying the inherent risk by the risk control effectiveness. Residual risk should be compared to the acceptable level of risk to determine if further action is needed or if the risk can be accepted by the management.Reference:CompTIA Security+ SY0-601 Certification Study Guide, Chapter 10: Summarizing Risk Management Concepts, page 456;Residual risk - Wikipedia;Residual risk definition and why it's important - Advisera


Page:    1 / 14   
Total 608 questions