CompTIA security+ certification practice exams fourth edition
CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601), 4th Edition By Daniel
Lachance, Glen E. Clarke
CompTIA Security+™ Certification Practice Exams, Fourth Edition (Exam SY0-601) is filled with more than
1000 realistic practice questions—including new performance-based questions—to prepare you for this
challenging exam.
To help you understand the material, in-depth explanations of both the correct and incorrect answers are
included for every question.
This practical guide covers all official objectives for Exam SY0-601 and is the perfect companion to CompTIA
Security+ Certification Study Guide, Fourth Edition.
Covers all exam topics, including:
1. Networking Basics and Terminology
2. Introduction to Security Terminology
3. Security Policies and Standards
4. Types of Attacks
5. Vulnerabilities and Threats
6. Mitigating Security Threats
7. Implementing Host-Based Security
8. Securing the Network Infrastructure
9. Wireless Networking and Security
10. Authentication
11. Authorization and Access Control
12. Introduction to Cryptography
13. Managing a Public Key Infrastructure
14. Physical Security
15. Risk Analysis
16. Disaster Recovery and Business Continuity
17. Understanding Monitoring and Auditing
18. Security Assessments and Audits
19. Incident Response and Computer Forensics
Online content includes:
• Test engine that provides full-length practice exams and customized quizzes by chapter or by exam
domain
Interactive performance-based question sample
P a g e 1 | 168
,CompTIA security+ certification practice exams fourth edition
Chapter 1 Networking Basics and Terminology
CERTIFICATION OBJECTIVES
1.01 Configuring Load Balancers
1.02 Managing IPv4
1.03 Managing IPv6
QUESTIONS Disruption of connectivity to applications presents a risk for both on-premises and cloud-based
apps. App performance can influence the effectiveness of IT solutions used to address business needs.
Load balancing addresses both application reachability and performance needs. A load balancer accepts
client app requests and routes them to a pool of backend servers, where the least busy server services the
request. Because there are multiple servers serving up the app, a backend server failure does not disrupt
user connections to apps; instead, the load balancer does not route client requests to the unresponsive host.
Internet Protocol version 4 (IPv4) and the newer IPv6 are the protocol foundations on which network services
are available. IPv6 uses a 128-bit hexadecimal addressing scheme as well as device discovery and
communication techniques that differ from IPv4.
1. Which of the following benefits are realized from implementing a load balancer? (Choose two.)
A. Improved app performance
B. Increased app security
C. Increased app regulatory compliance
D. Increased app availability
A and D. Load balancers improve app performance because a pool of backend servers is available to handle client
requests instead of a single server, which means that these servers can handle the additional request load that may
occur. App availability is increased because a pool of backend servers is available to service client requests. A backend
server failure means client requests will be serviced by backend servers that remain up and running.
2. A busy web site has not been responding well because of the large volume of HTTP requests sent to the web
server. Which solution would be the most optimal to improve current and future web server performance?
A. Add more RAM to the web server.
B. Use two web servers hosting the same content. Configure a load balancer to distribute incoming HTTP
connections between the two web servers.
C. Place a router between the web server and the Internet to throttle incoming HTTP connections.
D. Enable SSL on the web server.
P a g e 2 | 168
,CompTIA security+ certification practice exams fourth edition
Explanation → Option B is the most optimal solution to improve current and future web server performance. By
using two web servers and setting up a load balancer, the incoming HTTP requests can be evenly distributed between
the two servers. This load balancing helps to prevent overload on a single server and allows the website to handle a
larger volume of requests more efficiently. It also provides redundancy, ensuring that if one server fails, the other can
continue to handle the traffic, thus improving overall reliability and performance of the web site.
3. You would like to prevent client requests from being serviced by busy backend servers hosting user sessions.
Which load balancer scheduling algorithm should you configure?
A. Round robin
B. Weighted round robin
C. Random
D. Least connections
The least connections algorithm ensures that traffic is sent to the backend server with the smallest amount of active
connections.
4. During an IT meeting, your colleague Trinity suggests that there is a single point of failure in the single load
balancer in place for the company web site ordering system. She suggests having two load balancers configured, with
only one in service at a given time. What type of load balancing configuration has Trinity described?
A. Round robin
B. Active-active
C. Active-passive
D. Least connections
C. Active-passive configurations consist of two load balancers, one of which is active. When the active load balancer
is unresponsive, the second load balancer takes over.
A, B, and D are incorrect. Round robin and least connections are load balancer scheduling algorithms and are not
related to fault tolerance with multiple load balancers. Active-active means that both load balancers function at the
same time and work together to distribute incoming traffic to backend nodes
5. An active-passive load balancer solution is configured on your network. When the standby load balancer
determines that the primary load balancer is down, what attribute does it take control of?
A. Load balancer MAC address
B. Load balancer IP address
C. First backend server MAC address
D. First backend server IP address
B. A virtual IP address (load balancer IP address) is assigned to the active load balancer. This is the externally exposed
address that the DNS names must resolve to.
P a g e 3 | 168
, CompTIA security+ certification practice exams fourth edition
A, C, and D are incorrect. MAC addresses are not exchanged in an active-passive load balancer configuration;
neither is the first backend server IP address.
6. Your public cloud–based load balancer uses Linux backend servers to host a web application. Each backend Linux
host is configured with only a single private IPv4 address. You need to be able to manage each Linux backend host
remotely from your on-premises network without exposing each backend server directly to the Internet. Which
options should you consider? (Choose two.)
A. Assign a public IP address to each backend Linux instance.
B. Assign an IPv6 address to each backend Linux instance.
C. Configure inbound NAT rules on the load balancer.
D. Configure a jump box solution.
C and D. Load balancer inbound NAT rules allow incoming traffic to the load balancer on a given port, such as SSH
for Linux management, to be mapped to internal hosts configured with only private IP addresses. A jump box is a
physical or virtual server with at least two network interfaces with routing between the interfaces disabled. One
jump box interface has a connection to a public network and the second interface has a connection to an internal
network. Once authenticated to the jump box, administrators can use it as a launch pad to connect to internal hosts.
A and B are incorrect. For security reasons, each backend Linux instance should not be directly exposed to the
Internet with a public IPv4 or IPv6 address.
7. To improve application performance for a public-facing web application, you want to reduce the amount of
processing for each backend Windows server configured in a load balancer backend server pool. HTTPS is currently
configured on each server. HTTPS is required to protect traffic web application traffic. What should you do?
A. Enable SSL/TLS pass-through on the load balancer.
B. Configure IPSec on the load balancer.
C. Configure SSL/TLS termination at the load balancer.
D. Generate a new certificate for the load balancer DNS name.
C. Configuring SSL/TLS termination at the load balancer offloads this computationally expensive operation from each
backend server. This means network connections to and from the load balancer are protected using HTTPS. Traffic
between the load balancer and backend servers is not protected with HTTPS
A, B, and D are incorrect. SSL/TLS pass-through uses HTTPS configurations on each backend server; this needs to be
disabled in this scenario to reduce the workload on each backend server. IPSec is not as well suited for protecting
public-facing web applications as HTTPS, so IPSec should not be configured on the load balancer for this purpose.
Load balancers can be configured with custom DNS names to match existing DNS names in PKI certificates. DNS
records would need to be changed to resolve the DNS name to the IP address of the load balancer.
8. How does an OSI layer 7 load balancer differ from a layer 4 load balancer?
A. Layer 7 load balancers can inspect IP addresses to make load balancing decisions.
B. Layer 7 load balancers can inspect URLs to make load balancing decisions.
C. Layer 7 load balancers can examine MAC addresses to make load balancing decisions.
P a g e 4 | 168
CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601), 4th Edition By Daniel
Lachance, Glen E. Clarke
CompTIA Security+™ Certification Practice Exams, Fourth Edition (Exam SY0-601) is filled with more than
1000 realistic practice questions—including new performance-based questions—to prepare you for this
challenging exam.
To help you understand the material, in-depth explanations of both the correct and incorrect answers are
included for every question.
This practical guide covers all official objectives for Exam SY0-601 and is the perfect companion to CompTIA
Security+ Certification Study Guide, Fourth Edition.
Covers all exam topics, including:
1. Networking Basics and Terminology
2. Introduction to Security Terminology
3. Security Policies and Standards
4. Types of Attacks
5. Vulnerabilities and Threats
6. Mitigating Security Threats
7. Implementing Host-Based Security
8. Securing the Network Infrastructure
9. Wireless Networking and Security
10. Authentication
11. Authorization and Access Control
12. Introduction to Cryptography
13. Managing a Public Key Infrastructure
14. Physical Security
15. Risk Analysis
16. Disaster Recovery and Business Continuity
17. Understanding Monitoring and Auditing
18. Security Assessments and Audits
19. Incident Response and Computer Forensics
Online content includes:
• Test engine that provides full-length practice exams and customized quizzes by chapter or by exam
domain
Interactive performance-based question sample
P a g e 1 | 168
,CompTIA security+ certification practice exams fourth edition
Chapter 1 Networking Basics and Terminology
CERTIFICATION OBJECTIVES
1.01 Configuring Load Balancers
1.02 Managing IPv4
1.03 Managing IPv6
QUESTIONS Disruption of connectivity to applications presents a risk for both on-premises and cloud-based
apps. App performance can influence the effectiveness of IT solutions used to address business needs.
Load balancing addresses both application reachability and performance needs. A load balancer accepts
client app requests and routes them to a pool of backend servers, where the least busy server services the
request. Because there are multiple servers serving up the app, a backend server failure does not disrupt
user connections to apps; instead, the load balancer does not route client requests to the unresponsive host.
Internet Protocol version 4 (IPv4) and the newer IPv6 are the protocol foundations on which network services
are available. IPv6 uses a 128-bit hexadecimal addressing scheme as well as device discovery and
communication techniques that differ from IPv4.
1. Which of the following benefits are realized from implementing a load balancer? (Choose two.)
A. Improved app performance
B. Increased app security
C. Increased app regulatory compliance
D. Increased app availability
A and D. Load balancers improve app performance because a pool of backend servers is available to handle client
requests instead of a single server, which means that these servers can handle the additional request load that may
occur. App availability is increased because a pool of backend servers is available to service client requests. A backend
server failure means client requests will be serviced by backend servers that remain up and running.
2. A busy web site has not been responding well because of the large volume of HTTP requests sent to the web
server. Which solution would be the most optimal to improve current and future web server performance?
A. Add more RAM to the web server.
B. Use two web servers hosting the same content. Configure a load balancer to distribute incoming HTTP
connections between the two web servers.
C. Place a router between the web server and the Internet to throttle incoming HTTP connections.
D. Enable SSL on the web server.
P a g e 2 | 168
,CompTIA security+ certification practice exams fourth edition
Explanation → Option B is the most optimal solution to improve current and future web server performance. By
using two web servers and setting up a load balancer, the incoming HTTP requests can be evenly distributed between
the two servers. This load balancing helps to prevent overload on a single server and allows the website to handle a
larger volume of requests more efficiently. It also provides redundancy, ensuring that if one server fails, the other can
continue to handle the traffic, thus improving overall reliability and performance of the web site.
3. You would like to prevent client requests from being serviced by busy backend servers hosting user sessions.
Which load balancer scheduling algorithm should you configure?
A. Round robin
B. Weighted round robin
C. Random
D. Least connections
The least connections algorithm ensures that traffic is sent to the backend server with the smallest amount of active
connections.
4. During an IT meeting, your colleague Trinity suggests that there is a single point of failure in the single load
balancer in place for the company web site ordering system. She suggests having two load balancers configured, with
only one in service at a given time. What type of load balancing configuration has Trinity described?
A. Round robin
B. Active-active
C. Active-passive
D. Least connections
C. Active-passive configurations consist of two load balancers, one of which is active. When the active load balancer
is unresponsive, the second load balancer takes over.
A, B, and D are incorrect. Round robin and least connections are load balancer scheduling algorithms and are not
related to fault tolerance with multiple load balancers. Active-active means that both load balancers function at the
same time and work together to distribute incoming traffic to backend nodes
5. An active-passive load balancer solution is configured on your network. When the standby load balancer
determines that the primary load balancer is down, what attribute does it take control of?
A. Load balancer MAC address
B. Load balancer IP address
C. First backend server MAC address
D. First backend server IP address
B. A virtual IP address (load balancer IP address) is assigned to the active load balancer. This is the externally exposed
address that the DNS names must resolve to.
P a g e 3 | 168
, CompTIA security+ certification practice exams fourth edition
A, C, and D are incorrect. MAC addresses are not exchanged in an active-passive load balancer configuration;
neither is the first backend server IP address.
6. Your public cloud–based load balancer uses Linux backend servers to host a web application. Each backend Linux
host is configured with only a single private IPv4 address. You need to be able to manage each Linux backend host
remotely from your on-premises network without exposing each backend server directly to the Internet. Which
options should you consider? (Choose two.)
A. Assign a public IP address to each backend Linux instance.
B. Assign an IPv6 address to each backend Linux instance.
C. Configure inbound NAT rules on the load balancer.
D. Configure a jump box solution.
C and D. Load balancer inbound NAT rules allow incoming traffic to the load balancer on a given port, such as SSH
for Linux management, to be mapped to internal hosts configured with only private IP addresses. A jump box is a
physical or virtual server with at least two network interfaces with routing between the interfaces disabled. One
jump box interface has a connection to a public network and the second interface has a connection to an internal
network. Once authenticated to the jump box, administrators can use it as a launch pad to connect to internal hosts.
A and B are incorrect. For security reasons, each backend Linux instance should not be directly exposed to the
Internet with a public IPv4 or IPv6 address.
7. To improve application performance for a public-facing web application, you want to reduce the amount of
processing for each backend Windows server configured in a load balancer backend server pool. HTTPS is currently
configured on each server. HTTPS is required to protect traffic web application traffic. What should you do?
A. Enable SSL/TLS pass-through on the load balancer.
B. Configure IPSec on the load balancer.
C. Configure SSL/TLS termination at the load balancer.
D. Generate a new certificate for the load balancer DNS name.
C. Configuring SSL/TLS termination at the load balancer offloads this computationally expensive operation from each
backend server. This means network connections to and from the load balancer are protected using HTTPS. Traffic
between the load balancer and backend servers is not protected with HTTPS
A, B, and D are incorrect. SSL/TLS pass-through uses HTTPS configurations on each backend server; this needs to be
disabled in this scenario to reduce the workload on each backend server. IPSec is not as well suited for protecting
public-facing web applications as HTTPS, so IPSec should not be configured on the load balancer for this purpose.
Load balancers can be configured with custom DNS names to match existing DNS names in PKI certificates. DNS
records would need to be changed to resolve the DNS name to the IP address of the load balancer.
8. How does an OSI layer 7 load balancer differ from a layer 4 load balancer?
A. Layer 7 load balancers can inspect IP addresses to make load balancing decisions.
B. Layer 7 load balancers can inspect URLs to make load balancing decisions.
C. Layer 7 load balancers can examine MAC addresses to make load balancing decisions.
P a g e 4 | 168
