SY0-601 Free Practice Test

- (Exam Topic 4)
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?

1. A. On-path attack
2. B. Protocol poisoning
3. C. Domain hijacking
4. D. Bluejacking

Correct Answer: A
An on-path attack is an attack that took place when an attacker was eavesdropping on a user who was shopping online and was able to spoof the IP address associated with the shopping site. An on-path attack is a type of network attack that involves intercepting or modifying traffic between two parties by placing oneself in the communication path. An on-path attack can also be called a man-in-the-middle attack or a session hijacking attack. An on-path attacker can steal sensitive information, such as credit card details, or redirect the user to a malicious website. References: https://www.comptia.org/blog/what-is-a-man-in-the-middle-attack
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pd

- (Exam Topic 4)
A systems administrator is auditing all company servers to ensure they meet the minimum security baseline While auditing a Linux server the systems administrator observes the /etc/ahadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

1. A. chmod
2. B. grep
3. C. dd
4. D. passwd

Correct Answer: A
chmod is a Linux command that can be used to change or modify the permissions of files and directories. The /etc/shadow file is a system file that stores the encrypted passwords of user accounts in Linux. The
/etc/shadow file should have restricted permissions to prevent unauthorized access or modification of the passwords. The recommended permissions for the /etc/shadow file are read/write for root user only (600). If the systems administrator observes that the /etc/shadow file has permissions beyond the baseline recommendation, they can use the chmod command to resolve this issue by setting the appropriate permissions for the file. For example, chmod 600 /etc/shadow would set the permissions of the /etc/shadow file to read/write for root user only. 181920 References: CompTIA Security+ SY0-601 Certification Study Guide Chapter 9: Implementing Identity and Access Management Controls, page 404; chmod - Wikipedia; Linux /etc/shadow file - nixCraft; How to Change File Permissions in Linux - Linuxize

- (Exam Topic 1)
A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:
•Must be able to differentiate between users connected to WiFi
•The encryption keys need to change routinely without interrupting the users or forcing reauthentication
•Must be able to integrate with RADIUS
•Must not have any open SSIDs
Which of the following options BEST accommodates these requirements?

1. A. WPA2-Enterprise
2. B. WPA3-PSK
3. C. 802.11n
4. D. WPS

Correct Answer: A
Detailed explanation
WPA2-Enterprise can accommodate all of the requirements listed. WPA2-Enterprise uses 802.1X authentication to differentiate between users, supports the use of RADIUS for authentication, and allows for the use of dynamic encryption keys that can be changed without disrupting the users or requiring reauthentication. Additionally, WPA2-Enterprise does not allow for open SSIDs.
References: CompTIA Security+ Study Guide: Exam SY0-601, Chapter 7: Securing Networks, p. 317

- (Exam Topic 3)
A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

1. A. The last incremental backup that was conducted 72 hours ago
2. B. The last known-good configuration stored by the operating system
3. C. The last full backup that was conducted seven days ago
4. D. The baseline OS configuration

Correct Answer: A
The last incremental backup that was conducted 72 hours ago would be the best option to restore the services to a secure state, as it would contain the most recent data before the ransomware infection. Incremental backups only store the changes made since the last backup, so they are faster and use less storage space than full backups. Restoring from an incremental backup would also minimize the data loss and downtime caused by the ransomware attack. References:
https://www.comptia.org/blog/mature-cybersecurity-response-to-ransomware
https://www.youtube.com/watch?v=HszU4nEAlFc

- (Exam Topic 2)
A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?

1. A. Public
2. B. Hybrid
3. C. Community
4. D. Private

Correct Answer: D
A private cloud model would best suit the company's priorities of control and security over cost and ease of management. In a private cloud, the infrastructure is dedicated to a single organization, providing greater control over the environment and the ability to implement strict security measures. This is in contrast to public, community, or hybrid cloud models, where resources are shared among multiple organizations, potentially compromising control and security. While private clouds can be more expensive and more difficult to manage, they the highest level of control and security for the company.
Reference:
- CompTIA Security+ Certification Exam Objectives (SY0-601), Section 3.2: "Explain the importance of secure staging deployment concepts."
- Cisco: Private Cloud - https://www.cisco.com/c/en/us/solutions/cloud/private-cloud.html