CompTIA Security+ Practice Tests
eBook - ePub

CompTIA Security+ Practice Tests

Exam SY0-601

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

CompTIA Security+ Practice Tests

Exam SY0-601

About this book

Get ready for a career in IT security and efficiently prepare for the SY0-601 exam with a single, comprehensive resource

CompTIA Security+ Practice Tests: Exam SY0-601, Second Edition efficiently prepares you for the CompTIA Security+ SY0-601 Exam with one practice exam and domain-by-domain questions. With a total of 1, 000 practice questions, you'll be as prepared as possible to take Exam SY0-601.

Written by accomplished author and IT security expert David Seidl, the 2 nd Edition of CompTIA Security+ Practice Tests includes questions covering all five crucial domains and objectives on the SY0-601 exam:

  • Attacks, Threats, and Vulnerabilities
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
  • Governance, Risk, and Compliance

Perfect for anyone looking to prepare for the SY0-601 Exam, upgrade their skills by earning a high-level security certification (like CASP+, CISSP, or CISA), as well as anyone hoping to get into the IT security field, CompTIA Security+ Practice Tests allows for efficient and comprehensive preparation and study.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weโ€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere โ€” even offline. Perfect for commutes or when youโ€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access CompTIA Security+ Practice Tests by David Seidl in PDF and/or ePUB format, as well as other popular books in Computer Science & Certification Guides in Computer Science. We have over one million books available in our catalogue for you to explore.

Chapter 1
Threats, Attacks, and Vulnerabilities

THE COMPTIA SECURITY+ EXAM SY0-601 TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:
  • 1.1 Compare and contrast different types of social engineering techniques
  • 1.2 Given a scenario, analyze potential indicators to determine the type of attack
  • 1.3 Given a scenario, analyze potential indicators associated with application attacks
  • 1.4 Given a scenario, analyze potential indicators associated with network attacks
  • 1.5 Explain different threat actors, vectors, and intelligence sources
  • 1.6 Explain the security concerns associated with various types of vulnerabilities
  • 1.7 Summarize the techniques used in security assessments
  • 1.8 Explain the techniques used in penetration testing
  1. Ahmed is a sales manager with a major insurance company. He has received an email that is encouraging him to click on a link and fill out a survey. He is suspicious of the email, but it does mention a major insurance association, and that makes him think it might be legitimate. Which of the following best describes this attack?
    1. Phishing
    2. Social engineering
    3. Spear phishing
    4. Trojan horse
  2. You are a security administrator for a medium-sized bank. You have discovered a piece of software on your bank's database server that is not supposed to be there. It appears that the software will begin deleting database files if a specific employee is terminated. What best describes this?
    1. Worm
    2. Logic bomb
    3. Trojan horse
    4. Rootkit
  3. You are responsible for incident response at Acme Bank. The Acme Bank website has been attacked. The attacker used the login screen, but rather than enter login credentials, they entered some odd text: ' or '1' = '1 . What is the best description for this attack?
    1. Cross-site scripting
    2. Cross-site request forgery
    3. SQL injection
    4. ARP poisoning
  4. Users are complaining that they cannot connect to the wireless network. You discover that the WAPs are being subjected to a wireless attack designed to block their Wi-Fi signals. Which of the following is the best label for this attack?
    1. IV attack
    2. Jamming
    3. WPS attack
    4. Botnet
  5. Frank is deeply concerned about attacks to his company's e-commerce server. He is particularly worried about cross-site scripting and SQL injection. Which of the following would best defend against these two specific attacks?
    1. Encrypted web traffic
    2. Input validation
    3. A firewall
    4. An IDS
  6. You are responsible for network security at Acme Company. Users have been reporting that personal data is being stolen when using the wireless network. They all insist they only connect to the corporate wireless access point (AP). However, logs for the AP show that these users have not connected to it. Which of the following could best explain this situation?
    1. Session hijacking
    2. Clickjacking
    3. Rogue access point
    4. Bluejacking
  7. What type of attack depends on the attacker entering JavaScript into a text area that is intended for users to enter text that will be viewed by other users?
    1. SQL injection
    2. Clickjacking
    3. Cross-site scripting
    4. Bluejacking
  8. Rick wants to make offline brute-force attacks against his password file very difficult for attackers. Which of the following is not a common technique to make passwords harder to crack?
    1. Use of a salt
    2. Use of a pepper
    3. Use of a purpose-built password hashing algorithm
    4. Encrypting password plain text using symmetric encryption
  9. What term is used to describe spam over Internet messaging services?
    1. SPIM
    2. SMSPAM
    3. IMSPAM
    4. TwoFaceTiming
  10. Susan is analyzing the source code for an application and discovers a pointer de-reference and returns NULL. This causes the program to attempt to read from the NULL pointer and results in a segmentation fault. What impact could this have for the application?
    1. A data breach
    2. A denial-of-service condition
    3. Permissions creep
    4. Privilege escalation
  11. Teresa is the security manager for a mid-sized insurance company. She receives a call from law enforcement, telling her that some computers on her network participated in a massive denial-of-service (DoS) attack. Teresa is certain that none of the employees at her company would be involved in a cybercrime. What would best explain this scenario?
    1. It is a result of social engineering.
    2. The machines all have backdoors.
    3. The machines are bots.
    4. The machines are infected with crypto-viruses.
  12. Unusual outbound network traffic, geographical irregularities, and increases in database read volumes are all examples of what key element of...

Table of contents

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. About the Author
  8. About the Technical Editor
  9. Introduction
  10. Chapter 1: Threats, Attacks, and Vulnerabilities
  11. Chapter 2: Architecture and Design
  12. Chapter 3: Implementation
  13. Chapter 4: Operations and Incident Response
  14. Chapter 5: Governance, Risk, and Compliance
  15. Appendix: Answers and Explanations
  16. Index
  17. End User License Agreement