CompTIA Security+ SY0-601 Practice
Questions.
The user installed Trojan horse malware. - correct answer A user used an
administrator account to download and install a software application. After the user
launched the .exe extension installer file, the user experienced frequent crashes, slow
computer performance, and strange services running when turning on the computer.
What most likely happened to cause these issues?
A worm - correct answer A security operations center (SOC) analyst investigates the
propagation of a memory-resident virus across the network and notices a rapid
consumption of network bandwidth, causing a Denial of Service (DoS). What type of
virus is this?
PUP (potentially unwanted program) - correct answer A user purchased a laptop from
a local computer shop. After powering on the laptop for the first time, the user noticed a
few programs like Norton Antivirus asking for permission to install. How would an IT
security specialist classify these programs?
-Uses lightweight shellcode
-Uses low observable characteristic attacks - correct answer A fileless malicious
software can replicate between processes in memory on a local host or over network
shares. What other behaviors and techniques would classify malware as fileless rather
than a normal virus? (Select all that apply.)
-Computer Bots,
-Command & Control - correct answer An attacker is planning to set up a backdoor
that will infect a set of specific computers at an organization, to inflict a set of other
intrusion attacks remotely. Which of the following will support the attackers' plan?
(Select all that apply.)
-Launch a Distributed Denial of Service (DDoS) attack
-Establish a connection with a Command and Control server
-Launch a mass-mail spam attack - correct answer If a user's computer becomes
infected with a botnet, which of the following can this compromise allow the attacker to
do? (Select all that apply.)
Have up-to-date backups. - correct answer If a user's device becomes infected with
crypto-malware, which of the following is the best way to mitigate this compromise?
A logic bomb - correct answer A security specialist discovers a malicious script on a
computer. The script is set to execute if the administrator's account becomes disabled.
What type of malware did the specialist discover?
,Spyware infected the computers. - correct answer End-users at an organization
contact the cybersecurity department. After downloading a file, they are being redirected
to shopping websites they did not intend to navigate to, and built-in webcams turn on.
The security team confirms the issue as malicious, and notes modified DNS (Domain
Name System) queries that go to nefarious websites hosting malware. What most likely
happened to the users' computers?
A Remote Access Trojan (RAT) - correct answer An attacker installs Trojan malware
that can execute remote backdoor commands, such as the ability to upload files and
install software to a victim PC. What type of Trojan malware is this?
Password spraying attack - correct answer A hacker is trying to gain remote access to
a company computer by trying brute force password attacks using a few common
passwords in conjunction with multiple usernames. What specific type of password
attack is the hacker most likely performing?
-A rainbow table
-A dictionary word - correct answer An attacker can exploit a weakness in a password
protocol to calculate the hash of a password. Which of the following can the attacker
match the hash to, as a means to obtain the password? (Select all that apply.)
A rainbow table attack - correct answer Which of the following attacks do security
professionals expose themselves to, if they do not salt passwords with a random value?
Clone it. - correct answer How can an attacker make unauthorized use of acquired
user and account details from a user's smart card?
Skimming - correct answer What type of attack is occurring when a counterfeit card
reader is in use?
Cross-site scripting (XSS) - correct answer An attacker discovered an input validation
vulnerability on a website, crafted a URL with additional HTML code, and emailed the
link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking
on the malicious URL. No other malicious operations occurred outside of the web
application's root directory. This scenario is describing which type of attack?
DLL injection - correct answer An attacker escalated privileges to a local administrator
and used code refactoring to evade antivirus detection. The attacker then allowed one
process to attach to another and forced the operating system to load a malicious binary
package. What did the attacker successfully perform?
LDAP injection - correct answer Using an open connection to a small company's
network, an attacker submitted arbitrary queries on port 389 to the domain controllers.
The attacker initiated the query from a client computer. What type of injection attack did
the attacker perform?
, A malicious process can alter the execution environment to create a null pointer, and
crash the program. - correct answer How can the lack of logic statement tests on
memory location variables be detrimental to software in development?
A buffer overflow - correct answer An attacker gained remote access to a user's
computer by exploiting a vulnerability in a piece of software on the device. The attacker
sent data that was able to manipulate the memory size that the application reserved to
store expected data. Which vulnerability exploit resulted from the attacker's actions?
Race condition - correct answer Developers found a "time of check to time of use"
(TOCTTOU) vulnerability in their application. The vulnerability made it possible to
change temporary data created within the app before the app uses the data later. This
vulnerability is taking advantage of what process in the application?
Revealing database server configuration - correct answer A web application's code
prevents the output of any type of information when an error occurs during a request.
The development team cited security reasons as to why they developed the application
in this way. What sort of security issues did the team have concerns about in this case?
Replay attack - correct answer An intruder monitors an admin's unsecure connection
to a server and finds some required data, like a cookie file, that legitimately establishes
a session with a web server. Knowing the admin's logon credentials, what type of attack
can the intruder perform with the cookie file?
Server-side request forgery - correct answer An attacker submitted a modified uniform
resource locator (URL) link to a website that eventually established connections to
back-end databases and exposed internal service configurations. The attacker did not
hijack a user to perform this attack. This describes which of the following types of
attacks?
Cross-site Request Forgery (XSRF) - correct answer An attacker modified the HTML
code of a legitimate password-change web form, then hosted the .html file on the
attacker's web server. The attacker then emailed a URL link of the hosted file to a real
user of the web page. Once the user clicked the link, it changed the user's password to
a value the attacker set. Based on this information, what type of attack is the website
vulnerable to?
-Key discovery
-Improper error handling - correct answer The latest web application, using default
settings, is currently accepting application programming interface (API) calls over
HyperText Transfer Protocol (HTTP). The environment has a moderate key
management system. Even with basic server security, the API connection is vulnerable
to which of the following? (Select all that apply.)
-Resource exhaustion
-Denial of service (DoS)
Questions.
The user installed Trojan horse malware. - correct answer A user used an
administrator account to download and install a software application. After the user
launched the .exe extension installer file, the user experienced frequent crashes, slow
computer performance, and strange services running when turning on the computer.
What most likely happened to cause these issues?
A worm - correct answer A security operations center (SOC) analyst investigates the
propagation of a memory-resident virus across the network and notices a rapid
consumption of network bandwidth, causing a Denial of Service (DoS). What type of
virus is this?
PUP (potentially unwanted program) - correct answer A user purchased a laptop from
a local computer shop. After powering on the laptop for the first time, the user noticed a
few programs like Norton Antivirus asking for permission to install. How would an IT
security specialist classify these programs?
-Uses lightweight shellcode
-Uses low observable characteristic attacks - correct answer A fileless malicious
software can replicate between processes in memory on a local host or over network
shares. What other behaviors and techniques would classify malware as fileless rather
than a normal virus? (Select all that apply.)
-Computer Bots,
-Command & Control - correct answer An attacker is planning to set up a backdoor
that will infect a set of specific computers at an organization, to inflict a set of other
intrusion attacks remotely. Which of the following will support the attackers' plan?
(Select all that apply.)
-Launch a Distributed Denial of Service (DDoS) attack
-Establish a connection with a Command and Control server
-Launch a mass-mail spam attack - correct answer If a user's computer becomes
infected with a botnet, which of the following can this compromise allow the attacker to
do? (Select all that apply.)
Have up-to-date backups. - correct answer If a user's device becomes infected with
crypto-malware, which of the following is the best way to mitigate this compromise?
A logic bomb - correct answer A security specialist discovers a malicious script on a
computer. The script is set to execute if the administrator's account becomes disabled.
What type of malware did the specialist discover?
,Spyware infected the computers. - correct answer End-users at an organization
contact the cybersecurity department. After downloading a file, they are being redirected
to shopping websites they did not intend to navigate to, and built-in webcams turn on.
The security team confirms the issue as malicious, and notes modified DNS (Domain
Name System) queries that go to nefarious websites hosting malware. What most likely
happened to the users' computers?
A Remote Access Trojan (RAT) - correct answer An attacker installs Trojan malware
that can execute remote backdoor commands, such as the ability to upload files and
install software to a victim PC. What type of Trojan malware is this?
Password spraying attack - correct answer A hacker is trying to gain remote access to
a company computer by trying brute force password attacks using a few common
passwords in conjunction with multiple usernames. What specific type of password
attack is the hacker most likely performing?
-A rainbow table
-A dictionary word - correct answer An attacker can exploit a weakness in a password
protocol to calculate the hash of a password. Which of the following can the attacker
match the hash to, as a means to obtain the password? (Select all that apply.)
A rainbow table attack - correct answer Which of the following attacks do security
professionals expose themselves to, if they do not salt passwords with a random value?
Clone it. - correct answer How can an attacker make unauthorized use of acquired
user and account details from a user's smart card?
Skimming - correct answer What type of attack is occurring when a counterfeit card
reader is in use?
Cross-site scripting (XSS) - correct answer An attacker discovered an input validation
vulnerability on a website, crafted a URL with additional HTML code, and emailed the
link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking
on the malicious URL. No other malicious operations occurred outside of the web
application's root directory. This scenario is describing which type of attack?
DLL injection - correct answer An attacker escalated privileges to a local administrator
and used code refactoring to evade antivirus detection. The attacker then allowed one
process to attach to another and forced the operating system to load a malicious binary
package. What did the attacker successfully perform?
LDAP injection - correct answer Using an open connection to a small company's
network, an attacker submitted arbitrary queries on port 389 to the domain controllers.
The attacker initiated the query from a client computer. What type of injection attack did
the attacker perform?
, A malicious process can alter the execution environment to create a null pointer, and
crash the program. - correct answer How can the lack of logic statement tests on
memory location variables be detrimental to software in development?
A buffer overflow - correct answer An attacker gained remote access to a user's
computer by exploiting a vulnerability in a piece of software on the device. The attacker
sent data that was able to manipulate the memory size that the application reserved to
store expected data. Which vulnerability exploit resulted from the attacker's actions?
Race condition - correct answer Developers found a "time of check to time of use"
(TOCTTOU) vulnerability in their application. The vulnerability made it possible to
change temporary data created within the app before the app uses the data later. This
vulnerability is taking advantage of what process in the application?
Revealing database server configuration - correct answer A web application's code
prevents the output of any type of information when an error occurs during a request.
The development team cited security reasons as to why they developed the application
in this way. What sort of security issues did the team have concerns about in this case?
Replay attack - correct answer An intruder monitors an admin's unsecure connection
to a server and finds some required data, like a cookie file, that legitimately establishes
a session with a web server. Knowing the admin's logon credentials, what type of attack
can the intruder perform with the cookie file?
Server-side request forgery - correct answer An attacker submitted a modified uniform
resource locator (URL) link to a website that eventually established connections to
back-end databases and exposed internal service configurations. The attacker did not
hijack a user to perform this attack. This describes which of the following types of
attacks?
Cross-site Request Forgery (XSRF) - correct answer An attacker modified the HTML
code of a legitimate password-change web form, then hosted the .html file on the
attacker's web server. The attacker then emailed a URL link of the hosted file to a real
user of the web page. Once the user clicked the link, it changed the user's password to
a value the attacker set. Based on this information, what type of attack is the website
vulnerable to?
-Key discovery
-Improper error handling - correct answer The latest web application, using default
settings, is currently accepting application programming interface (API) calls over
HyperText Transfer Protocol (HTTP). The environment has a moderate key
management system. Even with basic server security, the API connection is vulnerable
to which of the following? (Select all that apply.)
-Resource exhaustion
-Denial of service (DoS)
