CompTIA SY0-601 Practice Test – Member Shared Questions, Page 10

Question 91

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Show Answer Comment (0)

Suggested answer: B

Explanation:

A Security Information and Event Management (SIEM) system is a tool that collects and analyzes security-related data from various sources to detect and respond to security incidents. Reference:

CompTIA Security+ Study Guide 601, Chapter 5

asked 02/10/2024

Sumit Sengupta

46 questions

Question 92

Question 93

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Show Answer Comment (0)

Question 94

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

CompTIA SY0-601 image Question 85 98175 10022024175359000000

Which of the following should the analyst recommend to disable?

A.

21/tcp

B.

22/tcp

C.

23/tcp

D.

443/tcp

Show Answer Comment (0)

Question 95

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Show Answer Comment (0)

Question 96

A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

A.

It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future

B.

It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed

C.

It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point

D.

It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

Show Answer Comment (0)

Question 97

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

A.

RTO

B.

MTBF

C.

MTTR

D.

RPO

Show Answer Comment (0)

Question 98

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

A.

The key length of the encryption algorithm

B.

The encryption algorithm's longevity

C.

A method of introducing entropy into key calculations

D.

The computational overhead of calculating the encryption key

Show Answer Comment (0)

Suggested answer: B

Explanation:

When selecting an encryption method for data that needs to remain confidential for a specific length of time, the longevity of the encryption algorithm should be considered to ensure that the data remains secure for the required period. Reference: CompTIA Security+ Certification Exam Objectives - 3.2 Given a scenario, use appropriate cryptographic methods. Study Guide: Chapter 4, page 131.

asked 02/10/2024

om Kumar

46 questions

Question 99

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

CompTIA SY0-601 image Question 90 98180 10022024175359000000

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

A.

Denial of service

B.

ARP poisoning

C.

Command injection

D.

MAC flooding

Show Answer Comment (0)

Suggested answer: B

Explanation:

ARP poisoning (also known as ARP spoofing) is a type of attack where an attacker sends falsified ARP messages over a local area network to link the attacker's MAC address with the IP address of another host on the network. Reference: CompTIA Security+ Certification Exam Objectives - 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 6, page 271.

asked 02/10/2024

Frederico DionÃsio

46 questions

Question 100

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Show Answer Comment (0)

Suggested answer: B

Explanation:

To understand the threat and retrieve possible Indicators of Compromise (IoCs) from a phishing email containing a malicious document, a security analyst should install a sandbox to run the malicious payload in a safe environment. Reference: CompTIA Security+ Certification Exam Objectives - 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 209.

asked 02/10/2024

Muhammad Imran Khan

38 questions