Comptia Security + SY0-601 2023/ 2024
Exam| Questions and Verified Answers with
Rationales| 100% Correct| Graded A
QUESTION
To tightly control
... [Show More] the anti-malware settings on your computer, you elect to update the signature
file manually. Even though you vigilantly update the signature file, the machine becomes
infected with a new type of malware.
Which of the following actions would best prevent this scenario from occurring again?
A. Create a scheduled task to run sfc.exe daily
B. Switch to a more reliable anti-virus software
C. Carefully review open firewall ports and close any unnecessary ports
D. Configure the software to automatically download the virus definition files as soon as they
become available
Answer:
D. Configure the software to automatically download the virus definition files as soon as they
become available
Anti-malware software is most effective against new viruses if it has the latest virus definition
files installed. Instead of manually updating the signature files, you should configure the
software to automatically download updated virus definition files as soon as they become
available.
Use sfc.exe to repair infected files after malware has caused the damage. Using a different antivirus
software
might
help,
but will
not
resolve
the
problem
if you don't get the
latest
definition
files.
QUESTION
You recently discovered that several key files of your antivirus program have been deleted. You
suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files?
A. Stealth
B. Polymorphic
C. Retro
D. Slow
Answer:
C. Retro
A retro virus tries to destroy virus countermeasures by deleting key files that antivirus programs
use.
A stealth virus resides in low-level system service functions, where they intercept system
requests and alter service outputs to conceal their presence. A polymorphic virus mutates while
keeping the original algorithm intact. A slow virus counters antivirus programs' ability to detect
changes in infected files by making gradual modifications.
QUESTION
Which type of virus conceals its presence by intercepting system requests and altering service
outputs?
A. Stealth
B. Retro
C. Slow
D. Polymorphic
Answer:
A. Stealth
Stealth viruses reside in low-level system service functions where they intercept system requests
and alter service outputs to conceal their presence. The term rootkit is often used to describe a
malicious program that can hide itself and prevent its removal from the system.
A polymorphic virus mutates while keeping the original algorithm intact. A slow virus counters
the ability of antivirus programs to detect changes in infected files. A retro virus tries to destroy
virus countermeasures by deleting key files that antivirus programs use.
QUESTION
Which of the following is an example of an internal threat?
A. A user accidentally deletes the new product designs.
B. A delivery man is able to walk into a controlled area and steal a laptop.
C. A server back door allows an attacker on the internet to gain access to the intranet site.
D. A water pipe in the server room breaks.
Answer:
A. A user accidentally deletes the new product designs.
Internal threats are intentional or accidental acts by employees, including:
• Malicious acts such as theft, fraud, or sabotage
• Intentional or unintentional actions that destroy or alter data
• Disclosing sensitive information by snooping or espionage
External threats are events that originate outside of the organization. They typically focus on
compromising the organization's information assets. Examples of external threats include
hackers, fraud perpetrators, and viruses. Natural events are events that may reasonably be
expected to occur over time, such as a fire or a broken water pipe.
QUESTION
What is the greatest threat to the confidentiality of data in most secure organizations?
A. USB devices
B. Hacker intrusion
C. Malware
D. Operator error
Answer:
A. USB devices
The greatest threat to data confidentiality in most secure organizations is portable devices
(including USB devices). There are so many devices that can support file storage that stealing
data has become easy, and preventing data theft is difficult.
QUESTION
Which of the following is an example of privilege escalation?
A. Creeping privileges
B. Separation of duties
C. Principle of least privilege
D. Mandatory vacations
Answer:
A. Creeping privileges
Creeping privileges occur when a user's job position changes and they are granted a new set of
access privileges for their new work tasks, but their previous access privileges are not removed.
As a result, the user accumulates privileges over time that are not necessary for their current
work tasks. This is a form of privilege escalation.
Principle of least privilege and separation of duties are countermeasures against privilege
escalation. Mandatory vacations are used to perform peer reviews, which requires cross-trained
personnel and help detect mistakes and fraud.
QUESTION
Which of the following attacks tricks victims into providing confidential information (such as
identity information or login credentials) through emails or websites that impersonate an online
entity that the victim trusts?
A. Adware
B. Session hijacking
C. Phishing
D. Man-in-the-middle
Answer:
C. Phishing
Phishing tricks victims into providing confidential information, such as identity information or
logon credentials, through emails or websites that impersonate an online entity that the victim
trusts, such as a financial institution or well-known e-commerce site. Phishing is a specific form
of social engineering.
Session hijacking takes over a login session from a legitimate client, impersonating the user and
taking advantage of their established communication link. A man-in-the-middle attack is where
an attacker intercepts a data stream, slightly modifies it, then forwards that data stream to the
destination. Adware is a type of malware that sends you advertisements that you do not request.
QUESTION
Match the social engineering description (number) with the appropriate attack type (letter).
(1)Phishing | (2)Whaling | (3)Spear phishing | (4)Dumpster diving | (5)Piggybacking | (6)Vishing
A. An attacker gathers personal information about the target individual in an organization.
B. An attacker searches through an organization's trash looking for sensitive information.
C. An attacker pretending to be from a trusted organization sends an email asking users to access [Show Less]