CompTIA Security+ Practice Tests
eBook - ePub

CompTIA Security+ Practice Tests

Exam SY0-601

David Seidl

Share book
  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

CompTIA Security+ Practice Tests

Exam SY0-601

David Seidl

Book details
Book preview
Table of contents
Citations

About This Book

Get ready for a career in IT security and efficiently prepare for the SY0-601 exam with a single, comprehensive resource

CompTIA Security+ Practice Tests: Exam SY0-601, Second Edition efficiently prepares you for the CompTIA Security+ SY0-601 Exam with one practice exam and domain-by-domain questions. With a total of 1, 000 practice questions, you'll be as prepared as possible to take Exam SY0-601.

Written by accomplished author and IT security expert David Seidl, the 2 nd Edition of CompTIA Security+ Practice Tests includes questions covering all five crucial domains and objectives on the SY0-601 exam:

  • Attacks, Threats, and Vulnerabilities
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
  • Governance, Risk, and Compliance

Perfect for anyone looking to prepare for the SY0-601 Exam, upgrade their skills by earning a high-level security certification (like CASP+, CISSP, or CISA), as well as anyone hoping to get into the IT security field, CompTIA Security+ Practice Tests allows for efficient and comprehensive preparation and study.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is CompTIA Security+ Practice Tests an online PDF/ePUB?
Yes, you can access CompTIA Security+ Practice Tests by David Seidl in PDF and/or ePUB format, as well as other popular books in Informatik & Zertifizierungsleitfäden in der Informatik. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Sybex
Year
2021
ISBN
9781119735441
Edition
2
Topic
Informatik
Subtopic
Zertifizierungsleitfäden in der Informatik

Chapter 1
Threats, Attacks, and Vulnerabilities

THE COMPTIA SECURITY+ EXAM SY0-601 TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING:
  • 1.1 Compare and contrast different types of social engineering techniques
  • 1.2 Given a scenario, analyze potential indicators to determine the type of attack
  • 1.3 Given a scenario, analyze potential indicators associated with application attacks
  • 1.4 Given a scenario, analyze potential indicators associated with network attacks
  • 1.5 Explain different threat actors, vectors, and intelligence sources
  • 1.6 Explain the security concerns associated with various types of vulnerabilities
  • 1.7 Summarize the techniques used in security assessments
  • 1.8 Explain the techniques used in penetration testing
  1. Ahmed is a sales manager with a major insurance company. He has received an email that is encouraging him to click on a link and fill out a survey. He is suspicious of the email, but it does mention a major insurance association, and that makes him think it might be legitimate. Which of the following best describes this attack?
    1. Phishing
    2. Social engineering
    3. Spear phishing
    4. Trojan horse
  2. You are a security administrator for a medium-sized bank. You have discovered a piece of software on your bank's database server that is not supposed to be there. It appears that the software will begin deleting database files if a specific employee is terminated. What best describes this?
    1. Worm
    2. Logic bomb
    3. Trojan horse
    4. Rootkit
  3. You are responsible for incident response at Acme Bank. The Acme Bank website has been attacked. The attacker used the login screen, but rather than enter login credentials, they entered some odd text: ' or '1' = '1 . What is the best description for this attack?
    1. Cross-site scripting
    2. Cross-site request forgery
    3. SQL injection
    4. ARP poisoning
  4. Users are complaining that they cannot connect to the wireless network. You discover that the WAPs are being subjected to a wireless attack designed to block their Wi-Fi signals. Which of the following is the best label for this attack?
    1. IV attack
    2. Jamming
    3. WPS attack
    4. Botnet
  5. Frank is deeply concerned about attacks to his company's e-commerce server. He is particularly worried about cross-site scripting and SQL injection. Which of the following would best defend against these two specific attacks?
    1. Encrypted web traffic
    2. Input validation
    3. A firewall
    4. An IDS
  6. You are responsible for network security at Acme Company. Users have been reporting that personal data is being stolen when using the wireless network. They all insist they only connect to the corporate wireless access point (AP). However, logs for the AP show that these users have not connected to it. Which of the following could best explain this situation?
    1. Session hijacking
    2. Clickjacking
    3. Rogue access point
    4. Bluejacking
  7. What type of attack depends on the attacker entering JavaScript into a text area that is intended for users to enter text that will be viewed by other users?
    1. SQL injection
    2. Clickjacking
    3. Cross-site scripting
    4. Bluejacking
  8. Rick wants to make offline brute-force attacks against his password file very difficult for attackers. Which of the following is not a common technique to make passwords harder to crack?
    1. Use of a salt
    2. Use of a pepper
    3. Use of a purpose-built password hashing algorithm
    4. Encrypting password plain text using symmetric encryption
  9. What term is used to describe spam over Internet messaging services?
    1. SPIM
    2. SMSPAM
    3. IMSPAM
    4. TwoFaceTiming
  10. Susan is analyzing the source code for an application and discovers a pointer de-reference and returns NULL. This causes the program to attempt to read from the NULL pointer and results in a segmentation fault. What impact could this have for the application?
    1. A data breach
    2. A denial-of-service condition
    3. Permissions creep
    4. Privilege escalation
  11. Teresa is the security manager for a mid-sized insurance company. She receives a call from law enforcement, telling her that some computers on her network participated in a massive denial-of-service (DoS) attack. Teresa is certain that none of the employees at her company would be involved in a cybercrime. What would best explain this scenario?
    1. It is a result of social engineering.
    2. The machines all have backdoors.
    3. The machines are bots.
    4. The machines are infected with crypto-viruses.
  12. Unusual outbound network traffic, geographical irregularities, and increases in database read volumes are all examples of what key element of...

Table of contents