©SIRJOEL EXAM SOLUTIONS
10/3/2024 9:54 PM
CompTIA Security+ SY0-601 Practice Exam
Questions With Correct Answers
The user installed Trojan horse malware. - answer✔A user used an administrator account to
download and install a software application. After the user launched the .exe extension installer
file, the user experienced frequent crashes, slow computer performance, and strange services
running when turning on the computer. What most likely happened to cause these issues?
A worm - answer✔A security operations center (SOC) analyst investigates the propagation of a
memory-resident virus across the network and notices a rapid consumption of network
bandwidth, causing a Denial of Service (DoS). What type of virus is this?
PUP (potentially unwanted program) - answer✔A user purchased a laptop from a local computer
shop. After powering on the laptop for the first time, the user noticed a few programs like Norton
Antivirus asking for permission to install. How would an IT security specialist classify these
programs?
-Uses lightweight shellcode
-Uses low observable characteristic attacks - answer✔A fileless malicious software can replicate
between processes in memory on a local host or over network shares. What other behaviors and
techniques would classify malware as fileless rather than a normal virus? (Select all that apply.)
-Computer Bots,
-Command & Control - answer✔An attacker is planning to set up a backdoor that will infect a
set of specific computers at an organization, to inflict a set of other intrusion attacks remotely.
Which of the following will support the attackers' plan? (Select all that apply.)
-Launch a Distributed Denial of Service (DDoS) attack
-Establish a connection with a Command and Control server
-Launch a mass-mail spam attack - answer✔If a user's computer becomes infected with a botnet,
which of the following can this compromise allow the attacker to do? (Select all that apply.)
, ©SIRJOEL EXAM SOLUTIONS
10/3/2024 9:54 PM
Have up-to-date backups. - answer✔If a user's device becomes infected with crypto-malware,
which of the following is the best way to mitigate this compromise?
A logic bomb - answer✔A security specialist discovers a malicious script on a computer. The
script is set to execute if the administrator's account becomes disabled. What type of malware did
the specialist discover?
Spyware infected the computers. - answer✔End-users at an organization contact the
cybersecurity department. After downloading a file, they are being redirected to shopping
websites they did not intend to navigate to, and built-in webcams turn on. The security team
confirms the issue as malicious, and notes modified DNS (Domain Name System) queries that
go to nefarious websites hosting malware. What most likely happened to the users' computers?
A Remote Access Trojan (RAT) - answer✔An attacker installs Trojan malware that can execute
remote backdoor commands, such as the ability to upload files and install software to a victim
PC. What type of Trojan malware is this?
Password spraying attack - answer✔A hacker is trying to gain remote access to a company
computer by trying brute force password attacks using a few common passwords in conjunction
with multiple usernames. What specific type of password attack is the hacker most likely
performing?
-A rainbow table
-A dictionary word - answer✔An attacker can exploit a weakness in a password protocol to
calculate the hash of a password. Which of the following can the attacker match the hash to, as a
means to obtain the password? (Select all that apply.)
A rainbow table attack - answer✔Which of the following attacks do security professionals
expose themselves to, if they do not salt passwords with a random value?
Clone it. - answer✔How can an attacker make unauthorized use of acquired user and account
details from a user's smart card?
Skimming - answer✔What type of attack is occurring when a counterfeit card reader is in use?
Cross-site scripting (XSS) - answer✔An attacker discovered an input validation vulnerability on
a website, crafted a URL with additional HTML code, and emailed the link to a victim. The
victim unknowingly defaced (vandalized) the web site after clicking on the malicious URL. No
other malicious operations occurred outside of the web application's root directory. This scenario
is describing which type of attack?
, ©SIRJOEL EXAM SOLUTIONS
10/3/2024 9:54 PM
DLL injection - answer✔An attacker escalated privileges to a local administrator and used code
refactoring to evade antivirus detection. The attacker then allowed one process to attach to
another and forced the operating system to load a malicious binary package. What did the
attacker successfully perform?
LDAP injection - answer✔Using an open connection to a small company's network, an attacker
submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query
from a client computer. What type of injection attack did the attacker perform?
A malicious process can alter the execution environment to create a null pointer, and crash the
program. - answer✔How can the lack of logic statement tests on memory location variables be
detrimental to software in development?
A buffer overflow - answer✔An attacker gained remote access to a user's computer by exploiting
a vulnerability in a piece of software on the device. The attacker sent data that was able to
manipulate the memory size that the application reserved to store expected data. Which
vulnerability exploit resulted from the attacker's actions?
Race condition - answer✔Developers found a "time of check to time of use" (TOCTTOU)
vulnerability in their application. The vulnerability made it possible to change temporary data
created within the app before the app uses the data later. This vulnerability is taking advantage of
what process in the application?
Revealing database server configuration - answer✔A web application's code prevents the output
of any type of information when an error occurs during a request. The development team cited
security reasons as to why they developed the application in this way. What sort of security
issues did the team have concerns about in this case?
Replay attack - answer✔An intruder monitors an admin's unsecure connection to a server and
finds some required data, like a cookie file, that legitimately establishes a session with a web
server. Knowing the admin's logon credentials, what type of attack can the intruder perform with
the cookie file?
Server-side request forgery - answer✔An attacker submitted a modified uniform resource locator
(URL) link to a website that eventually established connections to back-end databases and
exposed internal service configurations. The attacker did not hijack a user to perform this attack.
This describes which of the following types of attacks?
Cross-site Request Forgery (XSRF) - answer✔An attacker modified the HTML code of a
legitimate password-change web form, then hosted the .html file on the attacker's web server.
The attacker then emailed a URL link of the hosted file to a real user of the web page. Once the
10/3/2024 9:54 PM
CompTIA Security+ SY0-601 Practice Exam
Questions With Correct Answers
The user installed Trojan horse malware. - answer✔A user used an administrator account to
download and install a software application. After the user launched the .exe extension installer
file, the user experienced frequent crashes, slow computer performance, and strange services
running when turning on the computer. What most likely happened to cause these issues?
A worm - answer✔A security operations center (SOC) analyst investigates the propagation of a
memory-resident virus across the network and notices a rapid consumption of network
bandwidth, causing a Denial of Service (DoS). What type of virus is this?
PUP (potentially unwanted program) - answer✔A user purchased a laptop from a local computer
shop. After powering on the laptop for the first time, the user noticed a few programs like Norton
Antivirus asking for permission to install. How would an IT security specialist classify these
programs?
-Uses lightweight shellcode
-Uses low observable characteristic attacks - answer✔A fileless malicious software can replicate
between processes in memory on a local host or over network shares. What other behaviors and
techniques would classify malware as fileless rather than a normal virus? (Select all that apply.)
-Computer Bots,
-Command & Control - answer✔An attacker is planning to set up a backdoor that will infect a
set of specific computers at an organization, to inflict a set of other intrusion attacks remotely.
Which of the following will support the attackers' plan? (Select all that apply.)
-Launch a Distributed Denial of Service (DDoS) attack
-Establish a connection with a Command and Control server
-Launch a mass-mail spam attack - answer✔If a user's computer becomes infected with a botnet,
which of the following can this compromise allow the attacker to do? (Select all that apply.)
, ©SIRJOEL EXAM SOLUTIONS
10/3/2024 9:54 PM
Have up-to-date backups. - answer✔If a user's device becomes infected with crypto-malware,
which of the following is the best way to mitigate this compromise?
A logic bomb - answer✔A security specialist discovers a malicious script on a computer. The
script is set to execute if the administrator's account becomes disabled. What type of malware did
the specialist discover?
Spyware infected the computers. - answer✔End-users at an organization contact the
cybersecurity department. After downloading a file, they are being redirected to shopping
websites they did not intend to navigate to, and built-in webcams turn on. The security team
confirms the issue as malicious, and notes modified DNS (Domain Name System) queries that
go to nefarious websites hosting malware. What most likely happened to the users' computers?
A Remote Access Trojan (RAT) - answer✔An attacker installs Trojan malware that can execute
remote backdoor commands, such as the ability to upload files and install software to a victim
PC. What type of Trojan malware is this?
Password spraying attack - answer✔A hacker is trying to gain remote access to a company
computer by trying brute force password attacks using a few common passwords in conjunction
with multiple usernames. What specific type of password attack is the hacker most likely
performing?
-A rainbow table
-A dictionary word - answer✔An attacker can exploit a weakness in a password protocol to
calculate the hash of a password. Which of the following can the attacker match the hash to, as a
means to obtain the password? (Select all that apply.)
A rainbow table attack - answer✔Which of the following attacks do security professionals
expose themselves to, if they do not salt passwords with a random value?
Clone it. - answer✔How can an attacker make unauthorized use of acquired user and account
details from a user's smart card?
Skimming - answer✔What type of attack is occurring when a counterfeit card reader is in use?
Cross-site scripting (XSS) - answer✔An attacker discovered an input validation vulnerability on
a website, crafted a URL with additional HTML code, and emailed the link to a victim. The
victim unknowingly defaced (vandalized) the web site after clicking on the malicious URL. No
other malicious operations occurred outside of the web application's root directory. This scenario
is describing which type of attack?
, ©SIRJOEL EXAM SOLUTIONS
10/3/2024 9:54 PM
DLL injection - answer✔An attacker escalated privileges to a local administrator and used code
refactoring to evade antivirus detection. The attacker then allowed one process to attach to
another and forced the operating system to load a malicious binary package. What did the
attacker successfully perform?
LDAP injection - answer✔Using an open connection to a small company's network, an attacker
submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query
from a client computer. What type of injection attack did the attacker perform?
A malicious process can alter the execution environment to create a null pointer, and crash the
program. - answer✔How can the lack of logic statement tests on memory location variables be
detrimental to software in development?
A buffer overflow - answer✔An attacker gained remote access to a user's computer by exploiting
a vulnerability in a piece of software on the device. The attacker sent data that was able to
manipulate the memory size that the application reserved to store expected data. Which
vulnerability exploit resulted from the attacker's actions?
Race condition - answer✔Developers found a "time of check to time of use" (TOCTTOU)
vulnerability in their application. The vulnerability made it possible to change temporary data
created within the app before the app uses the data later. This vulnerability is taking advantage of
what process in the application?
Revealing database server configuration - answer✔A web application's code prevents the output
of any type of information when an error occurs during a request. The development team cited
security reasons as to why they developed the application in this way. What sort of security
issues did the team have concerns about in this case?
Replay attack - answer✔An intruder monitors an admin's unsecure connection to a server and
finds some required data, like a cookie file, that legitimately establishes a session with a web
server. Knowing the admin's logon credentials, what type of attack can the intruder perform with
the cookie file?
Server-side request forgery - answer✔An attacker submitted a modified uniform resource locator
(URL) link to a website that eventually established connections to back-end databases and
exposed internal service configurations. The attacker did not hijack a user to perform this attack.
This describes which of the following types of attacks?
Cross-site Request Forgery (XSRF) - answer✔An attacker modified the HTML code of a
legitimate password-change web form, then hosted the .html file on the attacker's web server.
The attacker then emailed a URL link of the hosted file to a real user of the web page. Once the
