ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 91

Report
Export
Collapse

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

A.
Implementation of preventive controls
A.
Implementation of preventive controls
Answers
B.
Implementation of detective controls
B.
Implementation of detective controls
Answers
C.
Implementation of deterrent controls
C.
Implementation of deterrent controls
Answers
D.
Implementation of corrective controls
D.
Implementation of corrective controls
Answers
Suggested answer: B

Explanation:

A Security Information and Event Management (SIEM) system is a tool that collects and analyzes security-related data from various sources to detect and respond to security incidents. Reference:

CompTIA Security+ Study Guide 601, Chapter 5

Question 92

Report
Export
Collapse

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

A.
Page files
A.
Page files
Answers
B.
Event logs
B.
Event logs
Answers
C.
RAM
C.
RAM
Answers
D.
Cache
D.
Cache
Answers
E.
Stored files
E.
Stored files
Answers
F.
HDD
F.
HDD
Answers
Suggested answer: C, D

Explanation:

In a forensic investigation, volatile data should be collected first, based on the order of volatility. RAM and Cache are examples of volatile data. Reference: CompTIA Security+ Study Guide 601, Chapter 11

Question 93

Report
Export
Collapse

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

A.
Requiring all new, on-site visitors to configure their devices to use WPS
A.
Requiring all new, on-site visitors to configure their devices to use WPS
Answers
B.
Implementing a new SSID for every event hosted by the college that has visitors
B.
Implementing a new SSID for every event hosted by the college that has visitors
Answers
C.
Creating a unique PSK for every visitor when they arrive at the reception area
C.
Creating a unique PSK for every visitor when they arrive at the reception area
Answers
D.
Deploying a captive portal to capture visitors' MAC addresses and names
D.
Deploying a captive portal to capture visitors' MAC addresses and names
Answers
Suggested answer: D

Explanation:

A captive portal is a web page that requires visitors to authenticate or agree to an acceptable use policy before allowing access to the network. By capturing visitors' MAC addresses and names, potential malicious activity can be traced back to a specific person.

Question 94

Report
Export
Collapse

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

Which of the following should the analyst recommend to disable?

A.
21/tcp
A.
21/tcp
Answers
B.
22/tcp
B.
22/tcp
Answers
C.
23/tcp
C.
23/tcp
Answers
D.
443/tcp
D.
443/tcp
Answers
Suggested answer: A

Question 95

Report
Export
Collapse

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

A.
TAXII
A.
TAXII
Answers
B.
TLP
B.
TLP
Answers
C.
TTP
C.
TTP
Answers
D.
STIX
D.
STIX
Answers
Suggested answer: A

Explanation:

Trusted Automated Exchange of Intelligence Information (TAXII) is a standard protocol that enables the sharing of cyber threat intelligence between organizations. It allows organizations to automate the exchange of information in a secure and timely manner. Reference: CompTIA Security+ Certification Exam Objectives - 3.6 Given a scenario, implement secure network architecture concepts. Study Guide: Chapter 4, page 167.

Question 96

Report
Export
Collapse

A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

A.
It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
A.
It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
Answers
B.
It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
B.
It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
Answers
C.
It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
C.
It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
Answers
D.
It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach
D.
It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach
Answers
Suggested answer: A

Explanation:

The final phase of an incident response plan is the post-incident activity, which involves examining and documenting how well the team responded, discovering what caused the incident, and determining how the incident can be avoided in the future. Reference: CompTIA Security+ Certification Exam Objectives - 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 225.

Question 97

Report
Export
Collapse

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

A.
RTO
A.
RTO
Answers
B.
MTBF
B.
MTBF
Answers
C.
MTTR
C.
MTTR
Answers
D.
RPO
D.
RPO
Answers
Suggested answer: C

Explanation:

Mean Time To Repair (MTTR) is a maintenance metric that measures the average time required to troubleshoot and restore failed equipment. Reference: CompTIA Security+ Certification Exam Objectives - 4.6 Explain the importance of secure coding practices. Study Guide: Chapter 7, page 323.

Question 98

Report
Export
Collapse

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

A.
The key length of the encryption algorithm
A.
The key length of the encryption algorithm
Answers
B.
The encryption algorithm's longevity
B.
The encryption algorithm's longevity
Answers
C.
A method of introducing entropy into key calculations
C.
A method of introducing entropy into key calculations
Answers
D.
The computational overhead of calculating the encryption key
D.
The computational overhead of calculating the encryption key
Answers
Suggested answer: B

Explanation:

When selecting an encryption method for data that needs to remain confidential for a specific length of time, the longevity of the encryption algorithm should be considered to ensure that the data remains secure for the required period. Reference: CompTIA Security+ Certification Exam Objectives - 3.2 Given a scenario, use appropriate cryptographic methods. Study Guide: Chapter 4, page 131.

Question 99

Report
Export
Collapse

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

A.
Denial of service
A.
Denial of service
Answers
B.
ARP poisoning
B.
ARP poisoning
Answers
C.
Command injection
C.
Command injection
Answers
D.
MAC flooding
D.
MAC flooding
Answers
Suggested answer: B

Explanation:

ARP poisoning (also known as ARP spoofing) is a type of attack where an attacker sends falsified ARP messages over a local area network to link the attacker's MAC address with the IP address of another host on the network. Reference: CompTIA Security+ Certification Exam Objectives - 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 6, page 271.

Question 100

Report
Export
Collapse

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

A.
Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
A.
Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
Answers
B.
Install a sandbox to run the malicious payload in a safe environment
B.
Install a sandbox to run the malicious payload in a safe environment
Answers
C.
Perform a traceroute to identify the communication path
C.
Perform a traceroute to identify the communication path
Answers
D.
Use netstat to check whether communication has been made with a remote host
D.
Use netstat to check whether communication has been made with a remote host
Answers
Suggested answer: B

Explanation:

To understand the threat and retrieve possible Indicators of Compromise (IoCs) from a phishing email containing a malicious document, a security analyst should install a sandbox to run the malicious payload in a safe environment. Reference: CompTIA Security+ Certification Exam Objectives - 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 209.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms