The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Document this as a false positive.

Ensure the scan engine is configured correctly.

Apply a patch to the domain controller.

Document this as a false positive.

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

tail -500 /logfiles/messages I grep www.cornptia.com

head -500 www. compt ia.com | grep /logfiles/messages

cat /logfiles/messages I tail -500 www.comptia.com

tail -500 /logfiles/messages I grep www.cornptia.com

grep -500 /logfiles/messages I cat www.comptia.cctn

A software company adopted the following processes before releasing software to production• Peer review• Static code scanning• SigningA considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

File integrity monitoring for the source code

Endpoint detection and response solution

Which of the following is an example of risk avoidance?

Not installing new software to prevent compatibility errors

Installing security updates directly in production to expedite vulnerability fixes

Buying insurance to prepare for financial loss associated with exploits

Not installing new software to prevent compatibility errors

Not taking preventive measures to stop the theft of equipment

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Document the collection and require a sign-off when possession changes.

Lock the device in a safe or other secure location to prevent theft or alteration.

Place the device in a Faraday cage to prevent corruption of the data.

Record the collection in a block chain-protected public ledger.

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

An external security assessment

Which of the following is the correct order of volatility from most to least volatile?

Cache, memory, temporary filesystems. disk, archival media

Memory, temporary filesystems. routing tables, disk, network storage

Cache, memory, temporary filesystems. disk, archival media

Memory, disk, temporary filesystems. cache, archival media

Cache, disk, temporary filesystems. network storage, archival media

A security analyst it investigating an incident to determine what an attacker was able to do on a compromised Laptop. The analyst reviews the following SIEM log: Which of the following describes the method that was used to compromise the laptop?

An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.

An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach

An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.

An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook

An attacker was able to phish user credentials successfully from an Outlook user profile

CompTIA SY0-601 Practice Test 14 - Free Online Exam Prep & Questions

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Become a Premium Member for full access

Unlock Premium Member

CompTIA SY0-601 Practice Test 14

Question

CompTIA SY0-601 Practice Tests

Practice Tests