SY0601 CompTIA Security+ 2021 Free Practice Test — 30 Questions

Question 1

A cybersecurity analyst working on a critical infrastructure project is informed of a significant shift in project requirements. The new mandate involves integrating a third-party IoT device with a previously air-gapped control system to enhance operational efficiency. However, the analyst\'s preliminary investigation suggests the chosen IoT device has known vulnerabilities and a limited patching schedule. The project manager is eager to implement the change immediately to meet a tight deadline. What is the MOST appropriate immediate course of action for the analyst?

Accepted Answer

Conduct a thorough risk assessment of the proposed IoT device integration, documenting potential vulnerabilities and recommending appropriate mitigation strategies.

Question 2

Following a successful ransomware attack that encrypted critical customer database files, a cybersecurity analyst has successfully initiated the restoration process from an immutable backup. The organization is a multinational entity subject to stringent data protection regulations. As the CISO, what is the MOST immediate and critical subsequent action to undertake after confirming the integrity of the restored data and ensuring the ransomware threat has been contained?

Accepted Answer

Commence the mandated notification process to regulatory authorities and affected individuals as per applicable data protection laws.

Question 3

A cybersecurity incident response team is consistently struggling to contain emerging threats that exploit previously unknown vulnerabilities. Their established playbook, meticulously crafted for common attack patterns, is proving increasingly ineffective against these novel, zero-day exploits. The team lead observes that while technical skills are present, the team\'s rigid adherence to the existing framework hinders their ability to innovate and react effectively to the unpredictable nature of these advanced persistent threats. Which of the following behavioral competencies is most critical for the team to cultivate to overcome this challenge?

Accepted Answer

Adaptability and Flexibility

Question 4

A cybersecurity incident response team is actively managing a sophisticated phishing campaign that has successfully exploited a zero-day vulnerability in a critical web application, leading to unauthorized access and potential exfiltration of customer personally identifiable information (PII). The attackers are exhibiting advanced persistent threat (APT) behaviors, suggesting they are actively probing for further vulnerabilities and attempting to maintain access. The team has confirmed that the exploit allows for lateral movement within the network. Considering the immediate need to prevent further data loss and maintain operational integrity while adhering to incident response best practices, what is the MOST critical immediate action the team should undertake?

Accepted Answer

Implementing network segmentation and access control list (ACL) modifications to isolate affected systems and limit lateral movement

Question 5

A cybersecurity operations team is divided on the optimal configuration for a newly acquired next-generation firewall. One faction advocates for a strict, deny-by-default posture with extensive custom rule sets, citing the principle of least privilege and a desire to minimize the attack surface. The opposing faction prefers a more permissive approach, relying heavily on the firewall\'s built-in threat intelligence feeds and automated anomaly detection, arguing that this will reduce administrative overhead and allow for quicker adaptation to emerging threats. The team lead, Anya, observes escalating tension and a slowdown in the deployment process. Which of Anya\'s behavioral competencies is most critical to address this situation effectively?

Accepted Answer

Conflict resolution skills

Question 6

A cybersecurity analyst is investigating a data compromise at a multinational corporation that stores customer data from both the United States and several European Union member states. The breach has potentially exposed sensitive Personally Identifiable Information (PII) and financial transaction details. The company\'s primary operations are based in the US, but a significant portion of its customer base resides in the EU. Considering the immediate regulatory obligations following the discovery of such a breach, which action represents the most time-sensitive mandatory reporting requirement?

Accepted Answer

Notify the relevant EU supervisory authority within 72 hours of becoming aware of the breach, as stipulated by GDPR.

Question 7

Anya, a cybersecurity analyst, observes an unusual pattern: a server that has been dormant for months suddenly initiates multiple outbound connections to an unknown external IP address using non-standard ports. Initial analysis suggests the traffic is not legitimate business communication. Anya needs to act swiftly to mitigate potential damage without causing unnecessary operational downtime. Which of the following actions represents the most effective immediate containment strategy in this scenario?

Accepted Answer

Creating a firewall rule to block all traffic to and from the suspicious IP address

Question 8

A multinational corporation operating in the EU experiences a data breach impacting the personal information of thousands of its customers. Following the incident, several affected customers invoke their \"right to erasure\" under the General Data Protection Regulation (GDPR). The company\'s security team is tasked with ensuring full compliance with these requests. Which of the following actions would most effectively satisfy the comprehensive requirements of the GDPR\'s right to erasure in this context?

Accepted Answer

Erase all personal data associated with the affected customers from primary production systems and ensure it is marked for deletion in the next scheduled backup rotation.

Question 9

A financial services firm has discovered a critical vulnerability in its cloud-hosted customer relationship management (CRM) system. The vulnerability allows an attacker to bypass the standard login procedures, granting unauthorized access to sensitive customer Personally Identifiable Information (PII). The IT security team needs to implement an immediate control to mitigate this exposure while a permanent code fix is developed. Which of the following actions would provide the most effective immediate mitigation?

Accepted Answer

Implement a Web Application Firewall (WAF) with stringent input validation rules configured to detect and block exploit patterns.

Question 10

During a high-stakes cybersecurity incident, a security analyst, Anya, is leading the response to a sophisticated, multi-vector attack that has compromised several critical servers and is actively exfiltrating sensitive customer data. The incident response team has identified numerous indicators of compromise, but the full scope and origin of the attack are still being determined. Anya needs to make an immediate strategic decision on the team\'s next course of action to mitigate the damage and comply with organizational policies and relevant data privacy laws, such as GDPR. Which of the following approaches best balances the immediate operational needs with the long-term investigative and compliance requirements?

Accepted Answer

Prioritize containment and evidence preservation, then initiate eradication and recovery, while adhering to regulatory reporting timelines

Question 11

Anya, a cybersecurity analyst, is tasked with revamping her organization\'s incident response (IR) strategy to better combat a persistent surge of sophisticated, multi-vector phishing campaigns. The current IR plan, developed years ago, is proving increasingly inadequate, characterized by its rigid, predefined workflows that struggle to accommodate the nuanced and rapidly changing tactics employed by threat actors. Anya recognizes the need to move beyond simply updating playbooks and instead foster an environment where the IR team can dynamically adjust its approach based on real-time threat intelligence and the specific characteristics of each incident. She needs to ensure the team can effectively navigate the inherent ambiguity of evolving attack vectors and maintain operational effectiveness even when established procedures need to be rapidly re-evaluated and potentially abandoned in favor of novel solutions.

Which of the following CompTIA Security+ behavioral competencies is Anya primarily demonstrating by leading this initiative to overhaul the IR strategy in response to a dynamic threat landscape?

Accepted Answer

Adaptability and Flexibility

Question 12

Following a critical security incident involving a previously undocumented ransomware variant that bypassed initial signature-based detection, a cybersecurity team discovered their containment and eradication efforts were largely ineffective. The malware exhibited polymorphic behavior, altering its code with each infection. The team leadership immediately directed a pivot in strategy, shifting from reliance on known indicators to a broader analysis of network traffic for anomalous communication patterns and behavioral anomalies. They also initiated a rapid segmentation of potentially compromised network segments, even without definitive proof of infection in all cases, to limit lateral movement. Subsequently, they began reverse-engineering the new malware to develop custom detection rules and targeted removal scripts.

Which phase of the incident response process does this adaptive pivot most accurately represent?

Accepted Answer

Adaptive Containment and Eradication

Question 13

A cybersecurity operations center (SOC) is investigating a significant increase in successful phishing attacks targeting sensitive client data. Analysis of compromised systems reveals the presence of polymorphic malware that dynamically alters its code, rendering signature-based antivirus solutions largely ineffective. The existing incident response plan, while robust for known threats, lacks the agility to counter this evolving attack vector. The team lead, recognizing the need for a paradigm shift in detection capabilities, is advocating for a technology that focuses on observing and analyzing the *behavior* of suspicious processes on endpoints. Which of the following technologies would most effectively address this specific detection and response gap?

Accepted Answer

Endpoint Detection and Response (EDR) solution

Question 14

A cybersecurity operations center (SOC) is struggling to keep pace with a surge of sophisticated, zero-day exploits targeting its organization\'s critical infrastructure. The existing incident response playbooks, designed for known attack signatures, are proving ineffective against these novel threats, leading to increased dwell times and potential data exfiltration. The SOC manager, Anya, observes that her team is becoming overwhelmed by the sheer volume of unique indicators and the lack of clear, predefined steps for remediation. Anya needs to implement a strategic change that will enhance the team\'s agility and responsiveness to these evolving threats.

Which of the following technological solutions would most effectively enable the SOC to adapt its response strategies and improve its handling of ambiguous, rapidly changing threat scenarios?

Accepted Answer

Deploy a Security Orchestration, Automation, and Response (SOAR) platform integrated with advanced AI-driven threat intelligence feeds.

Question 15

A cybersecurity department is experiencing significant operational friction. The threat intelligence division, focused on proactive identification of emerging threats and attribution, frequently clashes with the incident response team, whose primary objective is the rapid containment and eradication of active security breaches. This discord stems from differing interpretations of threat severity and a perceived lack of actionable intelligence being provided in a timely manner by the intelligence unit, leading to delayed responses from the IR team. The department head, observing a decline in overall security posture effectiveness and an increase in inter-team disputes, needs to implement a strategy to enhance collaboration and operational synergy. Which of the following leadership actions would most effectively address this systemic issue?

Accepted Answer

Establish a joint working group with representatives from both threat intelligence and incident response to define shared operational metrics, refine intelligence-sharing protocols, and conduct regular cross-training sessions.

Question 16

A cybersecurity operations center (SOC) has observed a significant increase in sophisticated, multi-stage reconnaissance activities targeting their organization\'s critical infrastructure. These activities employ novel techniques that bypass previously effective network intrusion detection system (NIDS) signatures and behavioral anomaly detection models. The SOC lead must quickly realign the team\'s incident response posture and toolset to counter these emerging threats effectively. Which of the following behavioral competencies is most critical for the SOC lead and their team to demonstrate in this situation?

Accepted Answer

Adaptability and Flexibility

Question 17

Anya, a cybersecurity operations lead, is alerted to a sophisticated, zero-day exploit targeting a critical infrastructure component. Initial analysis is incomplete, and the threat actor\'s motives and full capabilities are unclear. Anya must immediately re-prioritize her team\'s tasks, reallocate resources to investigate and contain the potential breach, and communicate the evolving situation to stakeholders with limited, potentially ambiguous information. Which of the following competency clusters best describes Anya\'s required skillset in this dynamic and high-pressure scenario?

Accepted Answer

Adaptability and Flexibility, Initiative and Self-Motivation, Leadership Potential, and Communication Skills

Question 18

Anya, a junior cybersecurity analyst, is assigned to investigate a suspected data exfiltration event. The initial network logs are fragmented, and the threat actor\'s techniques are not immediately identifiable. Anya begins by analyzing traffic patterns but soon realizes that the observed anomalies deviate significantly from known attack vectors. Despite the lack of clear indicators of compromise and the pressure to provide an immediate assessment, Anya adjusts her analysis, incorporating behavioral analytics and threat intelligence feeds that were not part of her initial plan. She systematically re-evaluates her hypotheses as new, albeit ambiguous, data emerges. Which behavioral competency is Anya primarily demonstrating in this scenario?

Accepted Answer

Adaptability and Flexibility

Question 19

Anya, a cybersecurity analyst at a large manufacturing plant, detects a sophisticated zero-day exploit targeting the facility\'s proprietary industrial control system (ICS). The exploit appears to be designed to subtly alter operational parameters, posing a significant risk to both production output and worker safety. Standard patching is not immediately feasible due to the proprietary nature of the ICS and the critical need for continuous operation. Anya must devise an immediate response plan. Which of the following actions best balances immediate containment, operational continuity, and regulatory compliance in this high-stakes scenario?

Accepted Answer

Immediately isolate the affected ICS network segment from all external and internal connections, then proceed with a full system rollback to a known good state, documenting all actions for regulatory reporting.

Question 20

Anya, a senior cybersecurity analyst, is alerted to a sophisticated, previously unknown exploit targeting the company\'s customer relationship management (CRM) system. Initial reports indicate unauthorized data exfiltration and potential system instability. The CRM is critical for daily operations and customer interactions. Anya must devise an immediate response strategy that prioritizes minimizing business impact and safeguarding sensitive client information, while also ensuring a thorough understanding of the vulnerability for future defense. Which strategic approach best addresses these multifaceted requirements in the context of a zero-day attack?

Accepted Answer

Implement aggressive containment measures, including system isolation and service deactivation, followed by a comprehensive post-incident analysis to identify and remediate the root cause, incorporating findings into proactive threat hunting and policy updates.

Question 21

A cybersecurity operations center (SOC) is engaged in a protracted incident response against a nation-state-sponsored advanced persistent threat (APT) that has successfully infiltrated the organization\'s network. Initial containment efforts, focused on isolating compromised endpoints and blocking known malicious IP addresses, have been partially effective but the APT has demonstrated a remarkable ability to pivot its attack vectors and establish new persistence mechanisms through previously unobserved methods. The SOC lead is considering the next strategic phase of the response. Which of the following actions would best demonstrate adaptability and flexibility in adjusting to the evolving threat landscape and the limitations of the initial response?

Accepted Answer

Immediately re-imaging all potentially affected workstations and servers to ensure a clean state, then reverting to a pre-incident baseline configuration.

Question 22

Anya, a seasoned cybersecurity operations lead, is overseeing her team\'s response to a rapidly spreading zero-day exploit targeting a core banking platform. Initial intelligence is fragmented, and the full impact is still unfolding. The established incident response plan, designed for known vulnerabilities, is proving insufficient. Anya must immediately reorient her team\'s efforts, prioritizing containment and forensic analysis over scheduled system upgrades. Which two behavioral competencies are most critical for Anya to effectively manage this evolving crisis and ensure her team\'s continued productivity and morale?

Accepted Answer

Adaptability and Flexibility; Leadership Potential

Question 23

A cloud-based financial services firm, \"QuantumLeap Analytics,\" experiences a sophisticated ransomware attack that encrypts a significant portion of its customer database. Preliminary analysis indicates that personally identifiable information (PII) and sensitive financial details of European Union citizens were accessed. The attack vector appears to be a zero-day vulnerability in a third-party analytics tool integrated into their platform. The Chief Information Security Officer (CISO) must decide on the immediate course of action to comply with relevant data protection regulations and manage the incident effectively. Which of the following actions should be prioritized immediately after initial containment and assessment?

Accepted Answer

Initiate mandatory notification procedures to the relevant EU supervisory authority and affected data subjects as per GDPR Article 33 and Article 34.

Question 24

A cybersecurity team is actively responding to a widespread phishing campaign that has resulted in a confirmed data breach affecting customer personal information. During the containment phase, new threat intelligence indicates that the attackers may be leveraging a previously unknown zero-day exploit against a specific legacy application that is still in use. Furthermore, the organization operates under the General Data Protection Regulation (GDPR), which imposes strict notification timelines for personal data breaches. Given these developments, what is the MOST CRITICAL immediate action the incident response team should take to effectively manage the situation?

Accepted Answer

Immediately escalate the incident to senior management and legal counsel to inform them of the evolving threat landscape, potential GDPR implications, and to seek guidance on strategic response adjustments and resource allocation.

Question 25

A cybersecurity analyst discovers a critical zero-day vulnerability in an aging, proprietary industrial control system (ICS) that is integral to a manufacturing plant\'s operations. Due to the system\'s unique architecture and vendor support limitations, an immediate patch is not feasible. The risk assessment indicates a high likelihood of exploitation, which could lead to significant operational disruption and potential safety hazards. Which of the following actions should be prioritized as an immediate compensating control to mitigate the risk of compromise?

Accepted Answer

Deploying an Intrusion Prevention System (IPS) with custom signatures tailored to detect and block exploit attempts against the identified vulnerability.

Question 26

Anya, a cybersecurity analyst at a financial institution, detects anomalous behavior originating from an internal user account accessing a production database containing customer Personally Identifiable Information (PII). Log analysis reveals multiple failed login attempts followed by a successful access session that exhibits unusual data retrieval patterns, suggesting potential exfiltration. The institution is subject to stringent regulations like the Gramm-Leach-Bliley Act (GLBA). Anya needs to take immediate action to mitigate the risk. Which of the following actions should Anya prioritize to address the immediate threat while preserving evidence for subsequent investigation?

Accepted Answer

Immediately disable the internal user account exhibiting suspicious activity to prevent further unauthorized access and data exfiltration.

Question 27

A healthcare organization is implementing a new data loss prevention (DLP) solution to enhance compliance with HIPAA regulations concerning the protection of Protected Health Information (PHI). The initial rollout has encountered significant user resistance due to perceived workflow disruptions. The security team is tasked with ensuring both effective DLP implementation and continued operational efficiency. Which of the following strategies best addresses the need for adaptability and flexibility while maintaining regulatory adherence?

Accepted Answer

Conduct workshops with key user groups to understand their workflows, gather feedback on the DLP policies, and collaboratively refine rules to minimize disruption while maximizing PHI protection.

Question 28

Anya, a seasoned cybersecurity analyst, observes that a well-established data loss prevention (DLP) solution, designed to block outbound transfers of sensitive customer information via USB drives, is being consistently circumvented by an advanced persistent threat (APT) group. The APT appears to be exploiting a zero-day vulnerability in the DLP agent\'s driver, allowing them to bypass its monitoring and control mechanisms without triggering alerts. The organization\'s incident response plan mandates a thorough reassessment of defensive strategies when a critical control is demonstrably ineffective against a persistent adversary. Anya needs to recommend the most effective next steps to re-establish a robust security posture against this specific threat vector.

Accepted Answer

Implement enhanced endpoint detection and response (EDR) capabilities focused on behavioral anomaly detection and memory analysis to identify the exploit's execution patterns.

Question 29

A cybersecurity team is alerted to a novel, high-severity exploit targeting a recently launched customer portal. Initial analysis indicates the exploit leverages an unknown vulnerability in the application\'s authentication module, leading to unauthorized data access for several user accounts. The team\'s immediate actions include segmenting the affected network, deploying a temporary mitigation that blocks the malicious traffic pattern, and initiating forensic analysis to pinpoint the exact exploit mechanism and its origin. Concurrently, they are developing a permanent code fix and preparing for system restoration. Which of the following frameworks most directly guides the comprehensive management of this ongoing security event?

Accepted Answer

Incident Response Plan (IRP)

Question 30

A healthcare organization experiences a sophisticated ransomware attack that encrypts a significant portion of its electronic health record (EHR) system, rendering patient data inaccessible. The attack vector is currently unknown, and the full extent of data exfiltration is yet to be determined. The organization\'s incident response plan prioritizes the restoration of critical services and data integrity. Which of the following actions should be the *immediate* primary focus to mitigate the impact and resume operations effectively, considering regulatory compliance for protected health information (PHI)?

Accepted Answer

Initiate restoration of the EHR system from verified, clean, and isolated backups.

SY0601 CompTIA Security+ 2021 Free Practice Test — 30 Questions

A lot more is already mapped out

About the SY0601 CompTIA Security+ 2021 Certification