SY0-601 Free Practice Test

- (Exam Topic 4)
A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account Which of the following does this action describe?

1. A. Insider threat
2. B. Social engineering
3. C. Third-party risk
4. D. Data breach

Correct Answer: A
An insider threat is a threat to an organization that comes from negligent or malicious insiders, such as employees, former employees, contractors, third-party vendors, or business partners, who have inside
information about cybersecurity practices, sensitive data, and computer systems. The action described in the question is an example of a malicious insider threat, where an employee intentionally misused their authorized access to harm the organization by stealing customer records and diverting funds to their personal bank account. References: What Is an Insider Threat? Definition, Types, and Prevention - Fortinet; What are ins threats? | IBM; What Is an Insider Threat? Definition, Examples, and Mitigations; Insider Threat Mitigation | Cybersecurity and Infrastructure … - CISA

- (Exam Topic 3)
A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

1. A. Clear the log files of all evidence
2. B. Move laterally to another machine.
3. C. Establish persistence for future use.
4. D. Exploit a zero-day vulnerability.

Correct Answer: C
Establishing persistence for future use is the next step that a network penetration tester should do after gaining access to a target machine. Persistence means creating a backdoor or a covert channel that allows the penetration tester to maintain access to the target machine even if the initial exploit is patched or the connection is lost. Persistence can be achieved by installing malware, creating hidden user accounts, modifying registry keys, or setting up remote access tools. Establishing persistence can help the penetration tester to perform further reconnaissance, move laterally to other machines, or exfiltrate data from the target network.

- (Exam Topic 3)
A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

1. A. Implement S/MIME to encrypt the emails at rest.
2. B. Enable full disk encryption on the mail servers.
3. C. Use digital certificates when accessing email via the web.
4. D. Configure web traffic to only use TLS-enabled channels.

Correct Answer: A
S/MIME stands for Secure/Multipurpose Internet Mail Extensions, which is a standard for encrypting and digitally signing email messages. S/MIME can provide confidentiality, integrity, authentication and
non-repudiation for email communications. S/MIME can encrypt the emails at rest, which means that the
email contents are protected even if they are stored on the mail servers or the user inboxes. S/MIME can prevent email contents from being released should another breach occur, as the attacker would not be able to decrypt or read the encrypted emails without the proper keys or certificates. Verified References:
Cryptography Concepts – SY0-601 CompTIA Security+ : 2.8 https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/cryptography-concepts-2/ (See S/MIME)
Mail Encryption - CompTIA Security+ All-in-One Exam Guide (Exam SY0-301) https://www.oreilly.com/library/view/comptia-security-all-in-one/9780071771474/sec5_chap14.html (See S/MIME)
Symmetric and Asymmetric Encryption – CompTIA Security+ SY0-501 – 6.1 https://www.professormesser.com/security-plus/sy0-501/symmetric-and-asymmetric-encryption/ (See S/MIME)

- (Exam Topic 1)
Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

1. A. Whaling
2. B. Spam
3. C. Invoice scam
4. D. Pharming

Correct Answer: A
A social engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested is known as whaling. Whaling is a type of phishing attack that targets high-profile individuals, such as executives, to steal sensitive information or gain access to their accounts.

- (Exam Topic 1)
The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

1. A. SAML
2. B. TACACS+
3. C. Password vaults
4. D. OAuth

Correct Answer: B
TACACS+ is a protocol used for remote authentication, authorization, and accounting (AAA) that can be used to replace shared passwords on routers and switches. It provides a more secure method of authentication that allows for centralized management of access control policies. References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6