SY0-601
COMPTIA SECURITY CERTIFICATION EXAM
QUESTIONS WITH ACCURATE ANSWERS
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.
Monitor user access to compromised systems. - ANSWER-Back up all log files and audit trails.
Which of the following items would be implemented at the Network layer of the security model?
Wireless networks
Network plans
Firewalls using ACLs
Penetration testing - ANSWER-Penetration testing
Prepare to Document means establishing the process you will use to document your network.
Which of the following makes this documentation more useful?
Identify the choke points on the network.
Automate administration as much as possible.
Identify who is responsible for each device.
Have a printed hard copy kept in a secure location. - ANSWER-Have a printed hard copy kept in
a secure location.
You assign access permissions so that users can only access the resources required to accomplish
their specific work tasks. Which security principle are you complying with?
Cross-training
Job rotation
Need to know
Principle of least privilege - ANSWER-Principle of least privilege
A recreation of historical events is made possible through which of the following?
,Incident reports
Audits
Audit trails
Penetration testing - ANSWER-Audit trails
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file
redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and
financial information.
Which kind of exploit has been used in this scenario?
Man-in-the-middle
Reconnaissance
DNS poisoning
Domain name kiting - ANSWER-DNS poisoning
When you inform an employee that he or she is being terminated, which of the following is the
most important activity?
Disable his or her network access
Allow him or her to collect their personal items
Allow him or her to complete their current work projects
Give him or her two weeks' notice - ANSWER-Disable his or her network access
Which protocol does HTTPS use to offer greater security in web transactions?
Kerberos
IPsec
SSL
Telnet - ANSWER-SSL
How often should change-control management be implemented?
Any time a production system is altered.
At regular intervals throughout the year.
Only when changes are made that affect senior management.
, Only when a production system is altered greatly. - ANSWER-Any time a production system is
altered.
A user copies files from her desktop computer to a USB flash device and puts the device into her
pocket. Which of the following security risks is most pressing?
Non-repudiation
Confidentiality
Availability
Integrity - ANSWER-Confidentiality
Which ISO publication lays out guidelines for selecting and implementing security controls?
31000
27002
27701
27001 - ANSWER-27002
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a
sticky note with your password written on it. Which of the following types of non-technical
password attacks have you enabled?
Social engineering
Dumpster diving
Shoulder surfing
Password guessing - ANSWER-Dumpster diving
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that everything after the single quote is a comment
Indicates that the comment has ended and data is being entered
Indicates that code is ending and a comment is being entered
Indicates that data has ended and a command is beginning - ANSWER-Indicates that data has
ended and a command is beginning
You have detected and identified a security event. What's the first step you should complete?
Isolation
Segmentation
COMPTIA SECURITY CERTIFICATION EXAM
QUESTIONS WITH ACCURATE ANSWERS
Which of the following is an important aspect of evidence-gathering?
Back up all log files and audit trails.
Purge transaction logs.
Restore damaged data from backup media.
Monitor user access to compromised systems. - ANSWER-Back up all log files and audit trails.
Which of the following items would be implemented at the Network layer of the security model?
Wireless networks
Network plans
Firewalls using ACLs
Penetration testing - ANSWER-Penetration testing
Prepare to Document means establishing the process you will use to document your network.
Which of the following makes this documentation more useful?
Identify the choke points on the network.
Automate administration as much as possible.
Identify who is responsible for each device.
Have a printed hard copy kept in a secure location. - ANSWER-Have a printed hard copy kept in
a secure location.
You assign access permissions so that users can only access the resources required to accomplish
their specific work tasks. Which security principle are you complying with?
Cross-training
Job rotation
Need to know
Principle of least privilege - ANSWER-Principle of least privilege
A recreation of historical events is made possible through which of the following?
,Incident reports
Audits
Audit trails
Penetration testing - ANSWER-Audit trails
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file
redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and
financial information.
Which kind of exploit has been used in this scenario?
Man-in-the-middle
Reconnaissance
DNS poisoning
Domain name kiting - ANSWER-DNS poisoning
When you inform an employee that he or she is being terminated, which of the following is the
most important activity?
Disable his or her network access
Allow him or her to collect their personal items
Allow him or her to complete their current work projects
Give him or her two weeks' notice - ANSWER-Disable his or her network access
Which protocol does HTTPS use to offer greater security in web transactions?
Kerberos
IPsec
SSL
Telnet - ANSWER-SSL
How often should change-control management be implemented?
Any time a production system is altered.
At regular intervals throughout the year.
Only when changes are made that affect senior management.
, Only when a production system is altered greatly. - ANSWER-Any time a production system is
altered.
A user copies files from her desktop computer to a USB flash device and puts the device into her
pocket. Which of the following security risks is most pressing?
Non-repudiation
Confidentiality
Availability
Integrity - ANSWER-Confidentiality
Which ISO publication lays out guidelines for selecting and implementing security controls?
31000
27002
27701
27001 - ANSWER-27002
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a
sticky note with your password written on it. Which of the following types of non-technical
password attacks have you enabled?
Social engineering
Dumpster diving
Shoulder surfing
Password guessing - ANSWER-Dumpster diving
Which of the following functions does a single quote (') perform in an SQL injection?
Indicates that everything after the single quote is a comment
Indicates that the comment has ended and data is being entered
Indicates that code is ending and a comment is being entered
Indicates that data has ended and a command is beginning - ANSWER-Indicates that data has
ended and a command is beginning
You have detected and identified a security event. What's the first step you should complete?
Isolation
Segmentation
