CompTIA Security+ (SY0-601) Complete Course &
Exam
1. You are at the doctor's office and waiting for the physician to enter the room to examine you. You look across
the room and see a pile of patient records on the physician's desk. There is no one in the room and your curiosity
has gotten the better of you, so you walk across the room and start reading through
the other patient records on the desk. Which tenent of security have you just violated?: Confidentiality ensures that
data or information has not been disclosed to unauthorized people. In this case, you are not the doctor or the patient
whose records you looked at, therefore, confidentiality has been breached.
2. You have just walked up to the bank teller and requested to withdraw $100 from checking account #7654123
(your account). The teller asks for your name and driver's license before conducting this transaction. After she
looks at your driver's license, she thanks you for your business, pulls out $100 from the cash drawer, and hands
you back the license and the $100 bill. What category best describes what the bank teller just did?: Authentication
occurs when a person's identity is established with proof and confirmed by a system. In this case, the bank teller verified
you were the account holder by verifying your name and looking over your photo identification (driver's license) prior to
giving you the cash being withdrawn.
3. You are in the kitchen cooking dinner while your spouse is in the other room
watching the news on the television. The top story is about how hackers have been able to gain access to one of the
state's election systems and tamper with the results. Unfortunately, you only heard a fraction of the story, but
your spouse knows that you have been learning about hackers in your Security+ course and asks you, "Which
type of hacker do you think would be able to do this?": APTs
4. A user has reported that their workstation is running very slowly. A techni- cian begins to investigate the issue
and notices a lot of unknown processes running in the background. The technician determines that the user has
re- cently downloaded a new application from the internet and may have become infected with malware. Which
of the following types of infections does the workstation MOST likely have?: A trojan is a type of malware that looks
legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some
other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT),
which is used to allow an attacker to remotely control a workstation or steal information from it. To operate, a trojan will
create numerous processes that run in the background of the system.
5. On your lunch break, you walked down to the coffee shop on the corner. You
open your laptop and connect to their wireless network. After a few minutes of surfing the Internet, a pop-up is
displayed on your screen. You close the
, CompTIA Security+ (SY0-601) Complete Course &
Exam
pop-up, finish your lunch break, shut down the laptop, and put it back into your backpack. When you get back to
the office, you take out the laptop and turn it on, but instead of your normal desktop background, you are greeted
by a full screen image with a padlock and a message stating you have to pay 1 BTC to regain access to your
personal files. What type of malware has infected your laptop?: Ransomware
6. A computer is infected with a piece of malware that has infected the Win- dows kernel in an effort to hide.
Which type of malware MOST likely infected this computer?: Rootkit
7. Your company's Security Operations Center (SOC) is currently detecting an ongoing DDoS attack against
your network's file server. One of the cyberse- curity analysts has identified forty internal workstations on the
network that are conducting the attack against your network's file server. The cybersecurity analyst believes these
internal workstations are infected with malware and places them into a quarantined area of the network. The
analyst then submits a service desk ticket to have the workstations scanned and cleaned of the infection. What
type of malware was the workstation likely a victim of based on the scenario provided?: Botnet
8. The Security Operations Center Director for Dion Training received a pop-up message on his workstation that
said, "You will regret firing me; just wait until Christmas!" He suspects the message came from a disgruntled
former employee that may have set up a piece of software to create this pop-up on his machine. The director is
now concerned that other code might be lurking within the network that could create a negative effect on
Christmas. He directs his team of cybersecurity analysts to begin searching the network for this suspicious code.
What type of malware should they be searching for?: Logic Bomb
9. In which type of attack does the attacker begin with a normal user account and then seeks to gain additional
access rights?: Privilege escalation
10.You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server
to a remote host. After an in-depth forensic review, you determine that the web server's BIOS had been modified
by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what
should you do in order to prevent the malicious actor from affecting the BIOS again?: Utilize secure boot
11.Your company recently suffered a small data breach that was caused by an employee emailing themselves a
copy of the current customer's names, account numbers, and credit card limits. You are determined that
something like this shall never happen again. Which of the following logical security
, CompTIA Security+ (SY0-601) Complete Course &
Exam
concepts should you implement to prevent a trusted insider from stealing your corporate data?: DLP
12.You are trying to select the best device to install in order to detect an outside attacker who is trying to reach
into your internal network. The device should log the event, but it should not take any action to stop it. Which of
the following devices would be the BEST for you to select?: IDS
13.Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a corporate
network?: BYOD
14.Your smartphone begins to receive unsolicited messages while you are eating lunch at the restaurant across
the street from your office. What might cause this to occur?: Bluejacking
15.Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued
smartphone was stolen during their lunch meeting with a rival company's executive. Tim quickly checks the
MDM admin- istration tool and identifies that the user's smartphone is still communicating with the MDM and
displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device
remains confidential and inaccessible to the thief?: Perform a remote wipe of the device
16.Which type of threat will patches NOT effectively combat as a security control?: Zero-day attacks
17.What should administrators perform to reduce the attack surface of a system and to remove unnecessary
software, services, and insecure config- uration settings?: Hardening
18.Which of the following security controls provides Windows system admin- istrators with an efficient way to
deploy system configuration settings across a large number of devices?: GPO
19.Which of the following BEST describes when a third-party takes compo- nents produced by a legitimate
manufacturer and assembles an unauthorized replica that is sold in the general marketplace?: Counterfeiting
20.Which of the following programs was designed to secure the manufactur- ing infrastructure for information
technology vendors providing hardware to the military?: Trusted Foundry (TF)
21.Following a root cause analysis of the unexpected failure of an edge router, a cybersecurity analyst
discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst
suspects that the router may be a counterfeit device. Which of the following controls would have been most
effective in preventing this issue?: Conduct anti-counterfeit training
Exam
1. You are at the doctor's office and waiting for the physician to enter the room to examine you. You look across
the room and see a pile of patient records on the physician's desk. There is no one in the room and your curiosity
has gotten the better of you, so you walk across the room and start reading through
the other patient records on the desk. Which tenent of security have you just violated?: Confidentiality ensures that
data or information has not been disclosed to unauthorized people. In this case, you are not the doctor or the patient
whose records you looked at, therefore, confidentiality has been breached.
2. You have just walked up to the bank teller and requested to withdraw $100 from checking account #7654123
(your account). The teller asks for your name and driver's license before conducting this transaction. After she
looks at your driver's license, she thanks you for your business, pulls out $100 from the cash drawer, and hands
you back the license and the $100 bill. What category best describes what the bank teller just did?: Authentication
occurs when a person's identity is established with proof and confirmed by a system. In this case, the bank teller verified
you were the account holder by verifying your name and looking over your photo identification (driver's license) prior to
giving you the cash being withdrawn.
3. You are in the kitchen cooking dinner while your spouse is in the other room
watching the news on the television. The top story is about how hackers have been able to gain access to one of the
state's election systems and tamper with the results. Unfortunately, you only heard a fraction of the story, but
your spouse knows that you have been learning about hackers in your Security+ course and asks you, "Which
type of hacker do you think would be able to do this?": APTs
4. A user has reported that their workstation is running very slowly. A techni- cian begins to investigate the issue
and notices a lot of unknown processes running in the background. The technician determines that the user has
re- cently downloaded a new application from the internet and may have become infected with malware. Which
of the following types of infections does the workstation MOST likely have?: A trojan is a type of malware that looks
legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some
other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT),
which is used to allow an attacker to remotely control a workstation or steal information from it. To operate, a trojan will
create numerous processes that run in the background of the system.
5. On your lunch break, you walked down to the coffee shop on the corner. You
open your laptop and connect to their wireless network. After a few minutes of surfing the Internet, a pop-up is
displayed on your screen. You close the
, CompTIA Security+ (SY0-601) Complete Course &
Exam
pop-up, finish your lunch break, shut down the laptop, and put it back into your backpack. When you get back to
the office, you take out the laptop and turn it on, but instead of your normal desktop background, you are greeted
by a full screen image with a padlock and a message stating you have to pay 1 BTC to regain access to your
personal files. What type of malware has infected your laptop?: Ransomware
6. A computer is infected with a piece of malware that has infected the Win- dows kernel in an effort to hide.
Which type of malware MOST likely infected this computer?: Rootkit
7. Your company's Security Operations Center (SOC) is currently detecting an ongoing DDoS attack against
your network's file server. One of the cyberse- curity analysts has identified forty internal workstations on the
network that are conducting the attack against your network's file server. The cybersecurity analyst believes these
internal workstations are infected with malware and places them into a quarantined area of the network. The
analyst then submits a service desk ticket to have the workstations scanned and cleaned of the infection. What
type of malware was the workstation likely a victim of based on the scenario provided?: Botnet
8. The Security Operations Center Director for Dion Training received a pop-up message on his workstation that
said, "You will regret firing me; just wait until Christmas!" He suspects the message came from a disgruntled
former employee that may have set up a piece of software to create this pop-up on his machine. The director is
now concerned that other code might be lurking within the network that could create a negative effect on
Christmas. He directs his team of cybersecurity analysts to begin searching the network for this suspicious code.
What type of malware should they be searching for?: Logic Bomb
9. In which type of attack does the attacker begin with a normal user account and then seeks to gain additional
access rights?: Privilege escalation
10.You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server
to a remote host. After an in-depth forensic review, you determine that the web server's BIOS had been modified
by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what
should you do in order to prevent the malicious actor from affecting the BIOS again?: Utilize secure boot
11.Your company recently suffered a small data breach that was caused by an employee emailing themselves a
copy of the current customer's names, account numbers, and credit card limits. You are determined that
something like this shall never happen again. Which of the following logical security
, CompTIA Security+ (SY0-601) Complete Course &
Exam
concepts should you implement to prevent a trusted insider from stealing your corporate data?: DLP
12.You are trying to select the best device to install in order to detect an outside attacker who is trying to reach
into your internal network. The device should log the event, but it should not take any action to stop it. Which of
the following devices would be the BEST for you to select?: IDS
13.Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a corporate
network?: BYOD
14.Your smartphone begins to receive unsolicited messages while you are eating lunch at the restaurant across
the street from your office. What might cause this to occur?: Bluejacking
15.Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued
smartphone was stolen during their lunch meeting with a rival company's executive. Tim quickly checks the
MDM admin- istration tool and identifies that the user's smartphone is still communicating with the MDM and
displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device
remains confidential and inaccessible to the thief?: Perform a remote wipe of the device
16.Which type of threat will patches NOT effectively combat as a security control?: Zero-day attacks
17.What should administrators perform to reduce the attack surface of a system and to remove unnecessary
software, services, and insecure config- uration settings?: Hardening
18.Which of the following security controls provides Windows system admin- istrators with an efficient way to
deploy system configuration settings across a large number of devices?: GPO
19.Which of the following BEST describes when a third-party takes compo- nents produced by a legitimate
manufacturer and assembles an unauthorized replica that is sold in the general marketplace?: Counterfeiting
20.Which of the following programs was designed to secure the manufactur- ing infrastructure for information
technology vendors providing hardware to the military?: Trusted Foundry (TF)
21.Following a root cause analysis of the unexpected failure of an edge router, a cybersecurity analyst
discovered that the system administrator had purchased the device from an unauthorized reseller. The analyst
suspects that the router may be a counterfeit device. Which of the following controls would have been most
effective in preventing this issue?: Conduct anti-counterfeit training
