Comptia Security+ Practice Tests : exam sy0-601, 2nd Edition (2021)
Build your confidence with Comptia Security+ Practice Tests : exam sy0-601, 2nd Edition (2021), a must-have for certification seekers.
Sebastian Lopez
Contributor
4.7
144
4 months ago
Preview (31 of 339)
Sign in to access the full document!
CompTIA®
Security+® Practice Tests
Exam SY0-601
Second Edition
Security+® Practice Tests
Exam SY0-601
Second Edition
Loading page 6...
Loading page 7...
CompTIA®
Security+® Practice Tests
Exam SY0-601
Second Edition
David Seidl
Security+® Practice Tests
Exam SY0-601
Second Edition
David Seidl
Loading page 8...
Copyright © 2021 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-73546-5
ISBN: 978-1-119-73545-8 (ebk.)
ISBN: 978-1-119-73544-1 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections
107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or
authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood
Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should
be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201)
748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties
with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties,
including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended
by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation.
This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other
professional services. If professional assistance is required, the services of a competent professional person should
be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an
organization or Web site is referred to in this work as a citation and/or a potential source of further information
does not mean that the author or the publisher endorses the information the organization or Web site may provide
or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may
have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our
Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317)
572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with
standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to
media such as a CD or DVD that is not included in the version you purchased, you may download this material at
booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2020950198
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley
& Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written
permission. CompTIA and Security+ are registered trademarks of CompTIA Properties, LLC. All other trademarks
are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor
mentioned in this book.
Published simultaneously in Canada
ISBN: 978-1-119-73546-5
ISBN: 978-1-119-73545-8 (ebk.)
ISBN: 978-1-119-73544-1 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections
107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or
authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood
Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should
be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201)
748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties
with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties,
including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended
by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation.
This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other
professional services. If professional assistance is required, the services of a competent professional person should
be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an
organization or Web site is referred to in this work as a citation and/or a potential source of further information
does not mean that the author or the publisher endorses the information the organization or Web site may provide
or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may
have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our
Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317)
572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with
standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to
media such as a CD or DVD that is not included in the version you purchased, you may download this material at
booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2020950198
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley
& Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written
permission. CompTIA and Security+ are registered trademarks of CompTIA Properties, LLC. All other trademarks
are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor
mentioned in this book.
Loading page 9...
This book is dedicated to Mike Chapple, who helped me get my start in the writing field.
After most of a decade writing together, this is my first entirely solo project. Mike, thank you
for helping me get my start almost a decade ago, for encouraging me along the way, and for
continuing to challenge me to do more each time we take on another book.
—David
After most of a decade writing together, this is my first entirely solo project. Mike, thank you
for helping me get my start almost a decade ago, for encouraging me along the way, and for
continuing to challenge me to do more each time we take on another book.
—David
Loading page 10...
Loading page 11...
Acknowledgments
Books like this involve work from many people who put countless hours of time and effort
into producing them from concept to final printed and electronic copies. The hard work and
dedication of the team at Wiley always shows. I especially want to acknowledge and thank
senior acquisitions editor Kenyon Brown, who continues to be a wonderful person to work
with on book after book.
I also greatly appreciated the editing and production team for the book, including Tom
Dinse, the project editor, who brought years of experience and great talent to the project;
Chris Crayton, the technical editor, who provided insightful advice and gave wonderful
feedback throughout the book; and Saravanan Dakshinamurthy, the production editor, who
guided me through layouts, formatting, and final cleanup to produce a great book. I would
also like to thank the many behind-the-scenes contributors, including the graphics, produc-
tion, and technical teams who make the book and companion materials into a finished
product.
My agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful
opportunities, advice, and assistance throughout our writing careers.
Finally, I want to thank my friends and family, who have supported me through the late
evenings, busy weekends, and long hours that a book like this requires to write, edit, and get
to press.
Books like this involve work from many people who put countless hours of time and effort
into producing them from concept to final printed and electronic copies. The hard work and
dedication of the team at Wiley always shows. I especially want to acknowledge and thank
senior acquisitions editor Kenyon Brown, who continues to be a wonderful person to work
with on book after book.
I also greatly appreciated the editing and production team for the book, including Tom
Dinse, the project editor, who brought years of experience and great talent to the project;
Chris Crayton, the technical editor, who provided insightful advice and gave wonderful
feedback throughout the book; and Saravanan Dakshinamurthy, the production editor, who
guided me through layouts, formatting, and final cleanup to produce a great book. I would
also like to thank the many behind-the-scenes contributors, including the graphics, produc-
tion, and technical teams who make the book and companion materials into a finished
product.
My agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful
opportunities, advice, and assistance throughout our writing careers.
Finally, I want to thank my friends and family, who have supported me through the late
evenings, busy weekends, and long hours that a book like this requires to write, edit, and get
to press.
Loading page 12...
Loading page 13...
About the Author
David Seidl is vice president for information technology and CIO at Miami University,
where he is responsible for IT for Miami University. During his IT career, he has served
in a variety of technical and information security roles, including serving as the senior
director for Campus Technology Services at the University of Notre Dame, where he co-led
Notre Dame’s move to the cloud and oversaw cloud operations, ERP, databases, identity
management, and a broad range of other technologies and service. Prior to his senior
leadership roles at Notre Dame, he served as Notre Dame’s director of information security
and led Notre Dame’s information security program. He taught information security and
networking undergraduate courses as an instructor for Notre Dame’s Mendoza College of
Business and has written books on security certification and cyberwarfare, including coau-
thoring CISSP (ISC)2 Official Practice Tests (Sybex, 2018) as well as the current and previous
editions of the CompTIA CySA+ Study Guide: Exam CS0-002 (Wiley, 2020, Chapple/Seidl)
and CompTIA CySA+ Practice Tests: Exam CS0-002 (Wiley, 2020, Chapple/Seidl).
David holds a bachelor’s degree in communication technology and a master’s degree in
information security from Eastern Michigan University, as well as CISSP, CySA+, Pentest+,
GPEN, and GCIH certifications.
David Seidl is vice president for information technology and CIO at Miami University,
where he is responsible for IT for Miami University. During his IT career, he has served
in a variety of technical and information security roles, including serving as the senior
director for Campus Technology Services at the University of Notre Dame, where he co-led
Notre Dame’s move to the cloud and oversaw cloud operations, ERP, databases, identity
management, and a broad range of other technologies and service. Prior to his senior
leadership roles at Notre Dame, he served as Notre Dame’s director of information security
and led Notre Dame’s information security program. He taught information security and
networking undergraduate courses as an instructor for Notre Dame’s Mendoza College of
Business and has written books on security certification and cyberwarfare, including coau-
thoring CISSP (ISC)2 Official Practice Tests (Sybex, 2018) as well as the current and previous
editions of the CompTIA CySA+ Study Guide: Exam CS0-002 (Wiley, 2020, Chapple/Seidl)
and CompTIA CySA+ Practice Tests: Exam CS0-002 (Wiley, 2020, Chapple/Seidl).
David holds a bachelor’s degree in communication technology and a master’s degree in
information security from Eastern Michigan University, as well as CISSP, CySA+, Pentest+,
GPEN, and GCIH certifications.
Loading page 14...
Loading page 15...
About the Technical Editor
Chris Crayton, MSCE, CISSP, CySA+, A+, N+, S+, is a technical consultant, trainer, author,
and industry-leading technical editor. He has worked as a computer technology and net-
working instructor, information security director, network administrator, network engineer,
and PC specialist. Chris has served as technical editor and content contributor on numerous
technical titles for several of the leading publishing companies. He has also been recognized
with many professional and teaching awards.
Chris Crayton, MSCE, CISSP, CySA+, A+, N+, S+, is a technical consultant, trainer, author,
and industry-leading technical editor. He has worked as a computer technology and net-
working instructor, information security director, network administrator, network engineer,
and PC specialist. Chris has served as technical editor and content contributor on numerous
technical titles for several of the leading publishing companies. He has also been recognized
with many professional and teaching awards.
Loading page 16...
Loading page 17...
Contents at a Glance
Introduction xix
Chapter 1 Threats, Attacks, and Vulnerabilities 1
Chapter 2 Architecture and Design 45
Chapter 3 Implementation 81
Chapter 4 Operations and Incident Response 129
Chapter 5 Governance, Risk, and Compliance 159
Appendix Answers and Ex185
Index 299
Introduction xix
Chapter 1 Threats, Attacks, and Vulnerabilities 1
Chapter 2 Architecture and Design 45
Chapter 3 Implementation 81
Chapter 4 Operations and Incident Response 129
Chapter 5 Governance, Risk, and Compliance 159
Appendix Answers and Ex185
Index 299
Loading page 18...
Loading page 19...
Contents
Introduction xix
Chapter 1 Threats, Attacks, and Vulnerabilities 1
Chapter 2 Architecture and Design 45
Chapter 3 Implementation 81
Chapter 4 Operations and Incident Response 129
Chapter 5 Governance, Risk, and Compliance 159
Appendix Answers and Explanations 185
Index 299
Introduction xix
Chapter 1 Threats, Attacks, and Vulnerabilities 1
Chapter 2 Architecture and Design 45
Chapter 3 Implementation 81
Chapter 4 Operations and Incident Response 129
Chapter 5 Governance, Risk, and Compliance 159
Appendix Answers and Explanations 185
Index 299
Loading page 20...
Loading page 21...
Introduction
CompTIA Security+ Practice Tests: Exam SY0-601, Second Edition is the perfect companion
volume to the CompTIA Security+ Study Guide: Exam SY0-601, Eighth Edition (Wiley,
2020, Chapple/Seidl). If you’re looking to test your knowledge before you take the Security+
exam, this book will help you by providing a combination of 1,100 questions that cover the
Security+ domains and easy-to-understand explanations of both right and wrong answers.
If you’re just starting to prepare for the Security+ exam, we highly recommend that you
use the CompTIA Security+ Study Guide, Eighth Edition to help you learn about each of
the domains covered by the Security+ exam. Once you’re ready to test your knowledge,
use this book to help find places where you may need to study more or to practice for the
exam itself.
Since this is a companion to the Security+ Study Guide, this book is designed to be sim-
ilar to taking the Security+ exam. The book itself is broken up into seven chapters: five
domain-centric chapters with questions about each domain, and two chapters that contain
100-question practice tests to simulate taking the Security+ exam itself.
If you can answer 90 percent or more of the questions for a domain correctly, you can
feel safe moving on to the next chapter. If you’re unable to answer that many correctly,
reread the chapter and try the questions again. Your score should improve.
Don’t just study the questions and answers! The questions on the actual exam
will be different from the practice questions included in this book. The exam is
designed to test your knowledge of a concept or objective, so use this book to
learn the objectives behind the questions.
The Security+ Exam
The Security+ exam is designed to be a vendor-neutral certification for cybersecurity pro-
fessionals and those seeking to enter the field. CompTIA recommends this certification for
those currently working, or aspiring to work, in roles, including:
■■ Systems administrator
■■ Security administrator
■■ Security specialist
■■ Security engineer
■■ Network administrator
■■ Junior IT auditor/penetration tester
■■ Security consultant
CompTIA Security+ Practice Tests: Exam SY0-601, Second Edition is the perfect companion
volume to the CompTIA Security+ Study Guide: Exam SY0-601, Eighth Edition (Wiley,
2020, Chapple/Seidl). If you’re looking to test your knowledge before you take the Security+
exam, this book will help you by providing a combination of 1,100 questions that cover the
Security+ domains and easy-to-understand explanations of both right and wrong answers.
If you’re just starting to prepare for the Security+ exam, we highly recommend that you
use the CompTIA Security+ Study Guide, Eighth Edition to help you learn about each of
the domains covered by the Security+ exam. Once you’re ready to test your knowledge,
use this book to help find places where you may need to study more or to practice for the
exam itself.
Since this is a companion to the Security+ Study Guide, this book is designed to be sim-
ilar to taking the Security+ exam. The book itself is broken up into seven chapters: five
domain-centric chapters with questions about each domain, and two chapters that contain
100-question practice tests to simulate taking the Security+ exam itself.
If you can answer 90 percent or more of the questions for a domain correctly, you can
feel safe moving on to the next chapter. If you’re unable to answer that many correctly,
reread the chapter and try the questions again. Your score should improve.
Don’t just study the questions and answers! The questions on the actual exam
will be different from the practice questions included in this book. The exam is
designed to test your knowledge of a concept or objective, so use this book to
learn the objectives behind the questions.
The Security+ Exam
The Security+ exam is designed to be a vendor-neutral certification for cybersecurity pro-
fessionals and those seeking to enter the field. CompTIA recommends this certification for
those currently working, or aspiring to work, in roles, including:
■■ Systems administrator
■■ Security administrator
■■ Security specialist
■■ Security engineer
■■ Network administrator
■■ Junior IT auditor/penetration tester
■■ Security consultant
Loading page 22...
xx Introduction
The exam covers five major domains:
1. Threats, Attacks, and Vulnerabilities
2. Architecture and Design
3. Implementation
4. Operations and Incident Response
5. Governance, Risk, and Compliance
These five areas include a range of topics, from firewall design to incident response and
forensics, while focusing heavily on scenario-based learning. That’s why CompTIA recom-
mends that those attempting the exam have at least two years of hands-on work experience,
although many individuals pass the exam before moving into their first cybersecurity role.
The Security+ exam is conducted in a format that CompTIA calls “performance-based
assessment.” This means that the exam combines standard multiple-choice questions with
other, interactive question formats. Your exam may include multiple types of questions,
such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-
based problems.
CompTIA recommends that test takers have two years of information security–related
experience before taking this exam. The exam costs $349 in the United States, with roughly
equivalent prices in other locations around the globe. More details about the Security+ exam
and how to take it can be found here:
www.comptia.org/certifications/security
This book includes a discount code for the Security+ exam—make sure you
use it!
You’ll have 90 minutes to take the exam and will be asked to answer up to 90 questions
during that time period. Your exam will be scored on a scale ranging from 100 to 900, with
a passing score of 750.
You should also know that CompTIA is notorious for including vague questions on all of
its exams. You might see a question for which two of the possible four answers are correct—
but you can choose only one. Use your knowledge, logic, and intuition to choose the best
answer and then move on. Sometimes, the questions are worded in ways that would make
English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you;
answer the question and move on to the next one.
CompTIA frequently does what is called item seeding, which is the practice
of including unscored questions on exams. It does so to gather psychometric
data, which is then used when developing new versions of the exam. Before
you take the exam, you will be told that your exam may include these unscored
questions. So, if you come across a question that does not appear to map to
any of the exam objectives—or for that matter, does not appear to belong in the
exam—it is likely a seeded question. You never know whether or not a question
is seeded, however, so always make your best effort to answer every question.
The exam covers five major domains:
1. Threats, Attacks, and Vulnerabilities
2. Architecture and Design
3. Implementation
4. Operations and Incident Response
5. Governance, Risk, and Compliance
These five areas include a range of topics, from firewall design to incident response and
forensics, while focusing heavily on scenario-based learning. That’s why CompTIA recom-
mends that those attempting the exam have at least two years of hands-on work experience,
although many individuals pass the exam before moving into their first cybersecurity role.
The Security+ exam is conducted in a format that CompTIA calls “performance-based
assessment.” This means that the exam combines standard multiple-choice questions with
other, interactive question formats. Your exam may include multiple types of questions,
such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-
based problems.
CompTIA recommends that test takers have two years of information security–related
experience before taking this exam. The exam costs $349 in the United States, with roughly
equivalent prices in other locations around the globe. More details about the Security+ exam
and how to take it can be found here:
www.comptia.org/certifications/security
This book includes a discount code for the Security+ exam—make sure you
use it!
You’ll have 90 minutes to take the exam and will be asked to answer up to 90 questions
during that time period. Your exam will be scored on a scale ranging from 100 to 900, with
a passing score of 750.
You should also know that CompTIA is notorious for including vague questions on all of
its exams. You might see a question for which two of the possible four answers are correct—
but you can choose only one. Use your knowledge, logic, and intuition to choose the best
answer and then move on. Sometimes, the questions are worded in ways that would make
English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you;
answer the question and move on to the next one.
CompTIA frequently does what is called item seeding, which is the practice
of including unscored questions on exams. It does so to gather psychometric
data, which is then used when developing new versions of the exam. Before
you take the exam, you will be told that your exam may include these unscored
questions. So, if you come across a question that does not appear to map to
any of the exam objectives—or for that matter, does not appear to belong in the
exam—it is likely a seeded question. You never know whether or not a question
is seeded, however, so always make your best effort to answer every question.
Loading page 23...
Introduction xxi
Taking the Exam
Once you are fully prepared to take the exam, you can visit the CompTIA website to pur-
chase your exam voucher:
www.comptiastore.com/Articles.asp?ID=265&category=vouchers
CompTIA partners with Pearson VUE’s testing centers, so your next step will be to locate
a testing center near you. In the United States, you can do this based on your address or your
ZIP code, whereas non-U.S. test takers may find it easier to enter their city and country. You
can search for a test center near you at the Pearson Vue website, where you will need to nav-
igate to “Find a test center.”
www.pearsonvue.com/comptia
Now that you know where you’d like to take the exam, simply set up a Pearson VUE test-
ing account and schedule an exam:
home.pearsonvue.com/comptia/onvue
On the day of the test, take two forms of identification, and make sure to show up with
plenty of time before the exam starts. Remember that you will not be able to take your
notes, electronic devices (including smartphones and watches), or other materials in with
you, and that other requirements may exist for the test. Make sure you review those require-
ments before the day of your test so you’re fully prepared for both the test itself as well as
the testing process and facility rules.
After the Security+ Exam
Once you have taken the exam, you will be notified of your score immediately, so you’ll
know if you passed the test right away. You should keep track of your score report with your
exam registration records and the email address you used to register for the exam.
Maintaining Your Certification
CompTIA certifications must be renewed on a periodic basis. To renew your certification,
you can pass the most current version of the exam, earn a qualifying higher-level Comp-
TIA or industry certification, or complete sufficient continuing education activities to earn
enough continuing education units (CEUs) to renew it.
CompTIA provides information on renewals via their website at:
www.comptia.org/continuing-education
When you sign up to renew your certification, you will be asked to agree to the CE pro-
gram’s Code of Ethics, to pay a renewal fee, and to submit the materials required for your
chosen renewal method.
A full list of the industry certifications you can use to acquire CEUs toward renewing the
Security+ can be found at:
www.comptia.org/continuing-education/choose/
renew-with-a-single-activity/earn-a-higher-level-comptia-certification
Taking the Exam
Once you are fully prepared to take the exam, you can visit the CompTIA website to pur-
chase your exam voucher:
www.comptiastore.com/Articles.asp?ID=265&category=vouchers
CompTIA partners with Pearson VUE’s testing centers, so your next step will be to locate
a testing center near you. In the United States, you can do this based on your address or your
ZIP code, whereas non-U.S. test takers may find it easier to enter their city and country. You
can search for a test center near you at the Pearson Vue website, where you will need to nav-
igate to “Find a test center.”
www.pearsonvue.com/comptia
Now that you know where you’d like to take the exam, simply set up a Pearson VUE test-
ing account and schedule an exam:
home.pearsonvue.com/comptia/onvue
On the day of the test, take two forms of identification, and make sure to show up with
plenty of time before the exam starts. Remember that you will not be able to take your
notes, electronic devices (including smartphones and watches), or other materials in with
you, and that other requirements may exist for the test. Make sure you review those require-
ments before the day of your test so you’re fully prepared for both the test itself as well as
the testing process and facility rules.
After the Security+ Exam
Once you have taken the exam, you will be notified of your score immediately, so you’ll
know if you passed the test right away. You should keep track of your score report with your
exam registration records and the email address you used to register for the exam.
Maintaining Your Certification
CompTIA certifications must be renewed on a periodic basis. To renew your certification,
you can pass the most current version of the exam, earn a qualifying higher-level Comp-
TIA or industry certification, or complete sufficient continuing education activities to earn
enough continuing education units (CEUs) to renew it.
CompTIA provides information on renewals via their website at:
www.comptia.org/continuing-education
When you sign up to renew your certification, you will be asked to agree to the CE pro-
gram’s Code of Ethics, to pay a renewal fee, and to submit the materials required for your
chosen renewal method.
A full list of the industry certifications you can use to acquire CEUs toward renewing the
Security+ can be found at:
www.comptia.org/continuing-education/choose/
renew-with-a-single-activity/earn-a-higher-level-comptia-certification
Loading page 24...
xxii Introduction
Using This Book to Practice
This book is composed of seven chapters with over 1,000 practice test questions. Each of the
first five chapters covers a domain, with a variety of questions that can help you test your
knowledge of real-world, scenario, and best practices–based security knowledge. The final
two chapters are complete practice exams that can serve as timed practice tests to help deter-
mine whether you’re ready for the Security+ exam.
We recommend taking the first practice exam to help identify where you may need to
spend more study time and then using the domain-specific chapters to test your domain
knowledge where it is weak. Once you’re ready, take the second practice exam to make sure
you’ve covered all the material and are ready to attempt the Security+ exam.
As you work through questions in this book, you will encounter tools and technology
that you may not be familiar with. If you find that you are facing a consistent gap or that
a domain is particularly challenging, we recommend spending some time with books and
materials that tackle that domain in depth. This approach can help you fill in gaps and help
you be more prepared for the exam.
To access our interactive test bank and online learning environment, simply visit
www.wiley.com/go/sybextestprep, register to receive your unique PIN,
and instantly gain one year of FREE access after activation to the interactive
test bank with 2 practice exams and hundreds of domain-by-domain questions.
Over 1,000 questions total!
Exam SY0-601 Exam Objectives
CompTIA goes to great lengths to ensure that its certification programs accurately reflect
the IT industry’s best practices. They do this by establishing committees for each of its exam
programs. Each committee consists of a small group of IT professionals, training providers,
and publishers who are responsible for establishing the exam’s baseline competency level and
who determine the appropriate target-audience level.
Once these factors are determined, CompTIA shares this information with a group of
hand-selected subject matter experts (SMEs). These folks are the true brainpower behind
the certification program. The SMEs review the committee’s findings, refine them, and shape
them into the objectives that follow this section. CompTIA calls this process a job-task anal-
ysis (JTA).
Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly
reflect job requirements. Only then can the SMEs go to work writing the hundreds of ques-
tions needed for the exam. Even so, they have to go back to the drawing board for further
refinements in many cases before the exam is ready to go live in its final state. Rest assured
that the content you’re about to learn will serve you long after you take the exam.
Using This Book to Practice
This book is composed of seven chapters with over 1,000 practice test questions. Each of the
first five chapters covers a domain, with a variety of questions that can help you test your
knowledge of real-world, scenario, and best practices–based security knowledge. The final
two chapters are complete practice exams that can serve as timed practice tests to help deter-
mine whether you’re ready for the Security+ exam.
We recommend taking the first practice exam to help identify where you may need to
spend more study time and then using the domain-specific chapters to test your domain
knowledge where it is weak. Once you’re ready, take the second practice exam to make sure
you’ve covered all the material and are ready to attempt the Security+ exam.
As you work through questions in this book, you will encounter tools and technology
that you may not be familiar with. If you find that you are facing a consistent gap or that
a domain is particularly challenging, we recommend spending some time with books and
materials that tackle that domain in depth. This approach can help you fill in gaps and help
you be more prepared for the exam.
To access our interactive test bank and online learning environment, simply visit
www.wiley.com/go/sybextestprep, register to receive your unique PIN,
and instantly gain one year of FREE access after activation to the interactive
test bank with 2 practice exams and hundreds of domain-by-domain questions.
Over 1,000 questions total!
Exam SY0-601 Exam Objectives
CompTIA goes to great lengths to ensure that its certification programs accurately reflect
the IT industry’s best practices. They do this by establishing committees for each of its exam
programs. Each committee consists of a small group of IT professionals, training providers,
and publishers who are responsible for establishing the exam’s baseline competency level and
who determine the appropriate target-audience level.
Once these factors are determined, CompTIA shares this information with a group of
hand-selected subject matter experts (SMEs). These folks are the true brainpower behind
the certification program. The SMEs review the committee’s findings, refine them, and shape
them into the objectives that follow this section. CompTIA calls this process a job-task anal-
ysis (JTA).
Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly
reflect job requirements. Only then can the SMEs go to work writing the hundreds of ques-
tions needed for the exam. Even so, they have to go back to the drawing board for further
refinements in many cases before the exam is ready to go live in its final state. Rest assured
that the content you’re about to learn will serve you long after you take the exam.
Loading page 25...
Introduction xxiii
CompTIA also publishes relative weightings for each of the exam’s objectives. The
following table lists the five Security+ objective domains and the extent to which they are
represented on the exam.
Domain % of Exam
1.0 Threats, Attacks, and Vulnerabilities 24%
2.0 Architecture and Design 21%
3.0 Implementation 25%
4.0 Operations and Incident Response 16%
5.0 Governance, Risk, and Compliance 14%
SY0-601 Certification Exam Objective Map
Objective Chapter
1.0 Threats, Attacks and Vulnerabilities
1.1 Compare and contrast different types of social engineering techniques Chapter 1
1.2 Given a scenario, analyze potential indicators to determine the
type of attack
Chapter 1
1.3 Given a scenario, analyze potential indicators associated with applica-
tion attacks
Chapter 1
1.4 Given a scenario, analyze potential indicators associated with net-
work attacks
Chapter 1
1.5 Explain different threat actors, vectors, and intelligence sources Chapter 1
1.6 Explain the security concerns associated with various types of vul-
nerabilities
Chapter 1
1.7 Summarize the techniques used in security assessments Chapter 1
1.8 Explain the techniques used in penetration testing Chapter 1
2.0 Architecture and Design
2.1 Explain the importance of security concepts in an enterprise environment Chapter 2
2.2 Summarize virtualization and cloud computing concepts Chapter 2
2.3 Summarize secure application development, deployment, and automa-
tion concepts
Chapter 2
2.4 Summarize authentication and authorization design concepts Chapter 2
2.5 Given a scenario, implement cybersecurity resilience Chapter 2
2.6 Explain the security implications of embedded and specialized systems Chapter 2
CompTIA also publishes relative weightings for each of the exam’s objectives. The
following table lists the five Security+ objective domains and the extent to which they are
represented on the exam.
Domain % of Exam
1.0 Threats, Attacks, and Vulnerabilities 24%
2.0 Architecture and Design 21%
3.0 Implementation 25%
4.0 Operations and Incident Response 16%
5.0 Governance, Risk, and Compliance 14%
SY0-601 Certification Exam Objective Map
Objective Chapter
1.0 Threats, Attacks and Vulnerabilities
1.1 Compare and contrast different types of social engineering techniques Chapter 1
1.2 Given a scenario, analyze potential indicators to determine the
type of attack
Chapter 1
1.3 Given a scenario, analyze potential indicators associated with applica-
tion attacks
Chapter 1
1.4 Given a scenario, analyze potential indicators associated with net-
work attacks
Chapter 1
1.5 Explain different threat actors, vectors, and intelligence sources Chapter 1
1.6 Explain the security concerns associated with various types of vul-
nerabilities
Chapter 1
1.7 Summarize the techniques used in security assessments Chapter 1
1.8 Explain the techniques used in penetration testing Chapter 1
2.0 Architecture and Design
2.1 Explain the importance of security concepts in an enterprise environment Chapter 2
2.2 Summarize virtualization and cloud computing concepts Chapter 2
2.3 Summarize secure application development, deployment, and automa-
tion concepts
Chapter 2
2.4 Summarize authentication and authorization design concepts Chapter 2
2.5 Given a scenario, implement cybersecurity resilience Chapter 2
2.6 Explain the security implications of embedded and specialized systems Chapter 2
Loading page 26...
xxiv Introduction
Objective Chapter
2.7 Explain the importance of physical security controls Chapter 2
2.8 Summarize the basics of cryptographic concepts Chapter 2
3.0 Implementation
3.1 Given a scenario, implement secure protocols Chapter 3
3.2 Given a scenario, implement host or application security solutions Chapter 3
3.3 Given a scenario, implement secure network designs Chapter 3
3.4 Given a scenario, install and configure wireless security settings Chapter 3
3.5 Given a scenario, implement secure mobile solutions Chapter 3
3.6 Given a scenario, apply cybersecurity solutions to the cloud Chapter 3
3.7 Given a scenario, implement identity and account management controls Chapter 3
3.8 Given a scenario, implement authentication and authorization solutions Chapter 3
3.9 Given a scenario, implement public key infrastructure Chapter 3
4.0 Operations and Incident Response
4.1 Given a scenario use the appropriate tool to assess organizational security Chapter 4
4.2 Summarize the importance of policies, processes, and procedures for
incident response
Chapter 4
4.3 Given an incident, utilize appropriate data sources to support an
investigation
Chapter 4
4.4 Given an incident, apply mitigation techniques or controls to secure an
environment
Chapter 4
4.5 Explain the key aspects of digital forensics Chapter 4
5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls Chapter 5
5.2 Explain the importance of applicable regulations, standards, or frame-
works that impact organizational security posture
Chapter 5
5.3 Explain the importance of policies to organizational security Chapter 5
5.4 Summarize risk management processes and concepts Chapter 5
5.5 Explain privacy and sensitive data concepts in relation to security Chapter 5
Exam objectives are subject to change at any time without prior notice and at
CompTIA’s discretion. Please visit CompTIA’s website (www.comptia.org)
for the most current listing of exam objectives.
Objective Chapter
2.7 Explain the importance of physical security controls Chapter 2
2.8 Summarize the basics of cryptographic concepts Chapter 2
3.0 Implementation
3.1 Given a scenario, implement secure protocols Chapter 3
3.2 Given a scenario, implement host or application security solutions Chapter 3
3.3 Given a scenario, implement secure network designs Chapter 3
3.4 Given a scenario, install and configure wireless security settings Chapter 3
3.5 Given a scenario, implement secure mobile solutions Chapter 3
3.6 Given a scenario, apply cybersecurity solutions to the cloud Chapter 3
3.7 Given a scenario, implement identity and account management controls Chapter 3
3.8 Given a scenario, implement authentication and authorization solutions Chapter 3
3.9 Given a scenario, implement public key infrastructure Chapter 3
4.0 Operations and Incident Response
4.1 Given a scenario use the appropriate tool to assess organizational security Chapter 4
4.2 Summarize the importance of policies, processes, and procedures for
incident response
Chapter 4
4.3 Given an incident, utilize appropriate data sources to support an
investigation
Chapter 4
4.4 Given an incident, apply mitigation techniques or controls to secure an
environment
Chapter 4
4.5 Explain the key aspects of digital forensics Chapter 4
5.0 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls Chapter 5
5.2 Explain the importance of applicable regulations, standards, or frame-
works that impact organizational security posture
Chapter 5
5.3 Explain the importance of policies to organizational security Chapter 5
5.4 Summarize risk management processes and concepts Chapter 5
5.5 Explain privacy and sensitive data concepts in relation to security Chapter 5
Exam objectives are subject to change at any time without prior notice and at
CompTIA’s discretion. Please visit CompTIA’s website (www.comptia.org)
for the most current listing of exam objectives.
Loading page 27...
Threats, Attacks,
and Vulnerabilities
THE COMPTIA SECURITY+ EXAM SY0-601
TOPICS COVERED IN THIS CHAPTER
INCLUDE THE FOLLOWING:
✓✓ 1.1 Compare and contrast different types of social engi-
neering techniques
✓✓ 1.2 Given a scenario, analyze potential indicators to deter-
mine the type of attack
✓✓ 1.3 Given a scenario, analyze potential indicators associ-
ated with application attacks
✓✓ 1.4 Given a scenario, analyze potential indicators associ-
ated with network attacks
✓✓ 1.5 Explain different threat actors, vectors, and intelli-
gence sources
✓✓ 1.6 Explain the security concerns associated with various
types of vulnerabilities
✓✓ 1.7 Summarize the techniques used in security
assessments
✓✓ 1.8 Explain the techniques used in penetration testing
Chapter
1
and Vulnerabilities
THE COMPTIA SECURITY+ EXAM SY0-601
TOPICS COVERED IN THIS CHAPTER
INCLUDE THE FOLLOWING:
✓✓ 1.1 Compare and contrast different types of social engi-
neering techniques
✓✓ 1.2 Given a scenario, analyze potential indicators to deter-
mine the type of attack
✓✓ 1.3 Given a scenario, analyze potential indicators associ-
ated with application attacks
✓✓ 1.4 Given a scenario, analyze potential indicators associ-
ated with network attacks
✓✓ 1.5 Explain different threat actors, vectors, and intelli-
gence sources
✓✓ 1.6 Explain the security concerns associated with various
types of vulnerabilities
✓✓ 1.7 Summarize the techniques used in security
assessments
✓✓ 1.8 Explain the techniques used in penetration testing
Chapter
1
Loading page 28...
2 Chapter 1 ■ Threats, Attacks, and Vulnerabilities
1. Ahmed is a sales manager with a major insurance company. He has received an email that is
encouraging him to click on a link and fill out a survey. He is suspicious of the email, but it
does mention a major insurance association, and that makes him think it might be legitimate.
Which of the following best describes this attack?
A. Phishing
B. Social engineering
C. Spear phishing
D. Trojan horse
2. You are a security administrator for a medium-sized bank. You have discovered a piece of
software on your bank’s database server that is not supposed to be there. It appears that the
software will begin deleting database files if a specific employee is terminated. What best
describes this?
A. Worm
B. Logic bomb
C. Trojan horse
D. Rootkit
3. You are responsible for incident response at Acme Bank. The Acme Bank website has been
attacked. The attacker used the login screen, but rather than enter login credentials, they
entered some odd text: ' or '1' = '1. What is the best description for this attack?
A. Cross-site scripting
B. Cross-site request forgery
C. SQL injection
D. ARP poisoning
4. Users are complaining that they cannot connect to the wireless network. You discover that
the WAPs are being subjected to a wireless attack designed to block their Wi-Fi signals.
Which of the following is the best label for this attack?
A. IV attack
B. Jamming
C. WPS attack
D. Botnet
5. Frank is deeply concerned about attacks to his company’s e-commerce server. He is particu-
larly worried about cross-site scripting and SQL injection. Which of the following would best
defend against these two specific attacks?
A. Encrypted web traffic
B. Input validation
C. A firewall
D. An IDS
1. Ahmed is a sales manager with a major insurance company. He has received an email that is
encouraging him to click on a link and fill out a survey. He is suspicious of the email, but it
does mention a major insurance association, and that makes him think it might be legitimate.
Which of the following best describes this attack?
A. Phishing
B. Social engineering
C. Spear phishing
D. Trojan horse
2. You are a security administrator for a medium-sized bank. You have discovered a piece of
software on your bank’s database server that is not supposed to be there. It appears that the
software will begin deleting database files if a specific employee is terminated. What best
describes this?
A. Worm
B. Logic bomb
C. Trojan horse
D. Rootkit
3. You are responsible for incident response at Acme Bank. The Acme Bank website has been
attacked. The attacker used the login screen, but rather than enter login credentials, they
entered some odd text: ' or '1' = '1. What is the best description for this attack?
A. Cross-site scripting
B. Cross-site request forgery
C. SQL injection
D. ARP poisoning
4. Users are complaining that they cannot connect to the wireless network. You discover that
the WAPs are being subjected to a wireless attack designed to block their Wi-Fi signals.
Which of the following is the best label for this attack?
A. IV attack
B. Jamming
C. WPS attack
D. Botnet
5. Frank is deeply concerned about attacks to his company’s e-commerce server. He is particu-
larly worried about cross-site scripting and SQL injection. Which of the following would best
defend against these two specific attacks?
A. Encrypted web traffic
B. Input validation
C. A firewall
D. An IDS
Loading page 29...
Threats, Attacks, and Vulnerabilities 3
6. You are responsible for network security at Acme Company. Users have been reporting that
personal data is being stolen when using the wireless network. They all insist they only con-
nect to the corporate wireless access point (AP). However, logs for the AP show that these
users have not connected to it. Which of the following could best explain this situation?
A. Session hijacking
B. Clickjacking
C. Rogue access point
D. Bluejacking
7. What type of attack depends on the attacker entering JavaScript into a text area that is
intended for users to enter text that will be viewed by other users?
A. SQL injection
B. Clickjacking
C. Cross-site scripting
D. Bluejacking
8. Rick wants to make offline brute-force attacks against his password file very difficult
for attackers. Which of the following is not a common technique to make passwords
harder to crack?
A. Use of a salt
B. Use of a pepper
C. Use of a purpose-built password hashing algorithm
D. Encrypting password plain text using symmetric encryption
9. What term is used to describe spam over Internet messaging services?
A. SPIM
B. SMSPAM
C. IMSPAM
D. TwoFaceTiming
10. Susan is analyzing the source code for an application and discovers a pointer de-reference
and returns NULL. This causes the program to attempt to read from the NULL pointer and
results in a segmentation fault. What impact could this have for the application?
A. A data breach
B. A denial-of-service condition
C. Permissions creep
D. Privilege escalation
6. You are responsible for network security at Acme Company. Users have been reporting that
personal data is being stolen when using the wireless network. They all insist they only con-
nect to the corporate wireless access point (AP). However, logs for the AP show that these
users have not connected to it. Which of the following could best explain this situation?
A. Session hijacking
B. Clickjacking
C. Rogue access point
D. Bluejacking
7. What type of attack depends on the attacker entering JavaScript into a text area that is
intended for users to enter text that will be viewed by other users?
A. SQL injection
B. Clickjacking
C. Cross-site scripting
D. Bluejacking
8. Rick wants to make offline brute-force attacks against his password file very difficult
for attackers. Which of the following is not a common technique to make passwords
harder to crack?
A. Use of a salt
B. Use of a pepper
C. Use of a purpose-built password hashing algorithm
D. Encrypting password plain text using symmetric encryption
9. What term is used to describe spam over Internet messaging services?
A. SPIM
B. SMSPAM
C. IMSPAM
D. TwoFaceTiming
10. Susan is analyzing the source code for an application and discovers a pointer de-reference
and returns NULL. This causes the program to attempt to read from the NULL pointer and
results in a segmentation fault. What impact could this have for the application?
A. A data breach
B. A denial-of-service condition
C. Permissions creep
D. Privilege escalation
Loading page 30...
4 Chapter 1 ■ Threats, Attacks, and Vulnerabilities
11. Teresa is the security manager for a mid-sized insurance company. She receives a call from
law enforcement, telling her that some computers on her network participated in a massive
denial-of-service (DoS) attack. Teresa is certain that none of the employees at her company
would be involved in a cybercrime. What would best explain this scenario?
A. It is a result of social engineering.
B. The machines all have backdoors.
C. The machines are bots.
D. The machines are infected with crypto-viruses.
12. Unusual outbound network traffic, geographical irregularities, and increases in database read
volumes are all examples of what key element of threat intelligence?
A. Predictive analysis
B. OSINT
C. Indicators of compromise
D. Threat maps
13. Chris needs visibility into connection attempts through a firewall because he believes that a
TCP handshake is not properly occurring. What security information and event management
(SIEM) capability is best suited to troubleshooting this issue?
A. Reviewing reports
B. Packet capture
C. Sentiment analysis
D. Log collection and analysis
14. Chris wants to detect a potential insider threat using his security information and event
management (SIEM) system. What capability best matches his needs?
A. Sentiment analysis
B. Log aggregation
C. Security monitoring
D. User behavior analysis
15. Chris has hundreds of systems spread across multiple locations and wants to better handle
the amount of data that they create. What two technologies can help with this?
A. Log aggregation and log collectors
B. Packet capture and log aggregation
C. Security monitoring and log collectors
D. Sentiment analysis and user behavior analysis
16. What type of security team establishes the rules of engagement for a cybersecurity exercise?
A. Blue team
B. White team
11. Teresa is the security manager for a mid-sized insurance company. She receives a call from
law enforcement, telling her that some computers on her network participated in a massive
denial-of-service (DoS) attack. Teresa is certain that none of the employees at her company
would be involved in a cybercrime. What would best explain this scenario?
A. It is a result of social engineering.
B. The machines all have backdoors.
C. The machines are bots.
D. The machines are infected with crypto-viruses.
12. Unusual outbound network traffic, geographical irregularities, and increases in database read
volumes are all examples of what key element of threat intelligence?
A. Predictive analysis
B. OSINT
C. Indicators of compromise
D. Threat maps
13. Chris needs visibility into connection attempts through a firewall because he believes that a
TCP handshake is not properly occurring. What security information and event management
(SIEM) capability is best suited to troubleshooting this issue?
A. Reviewing reports
B. Packet capture
C. Sentiment analysis
D. Log collection and analysis
14. Chris wants to detect a potential insider threat using his security information and event
management (SIEM) system. What capability best matches his needs?
A. Sentiment analysis
B. Log aggregation
C. Security monitoring
D. User behavior analysis
15. Chris has hundreds of systems spread across multiple locations and wants to better handle
the amount of data that they create. What two technologies can help with this?
A. Log aggregation and log collectors
B. Packet capture and log aggregation
C. Security monitoring and log collectors
D. Sentiment analysis and user behavior analysis
16. What type of security team establishes the rules of engagement for a cybersecurity exercise?
A. Blue team
B. White team
Loading page 31...
28 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat
Document Details
Subject
CompTIA Certifications