ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 101

Report
Export
Collapse

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

A.
Invalid trust chain
A.
Invalid trust chain
Answers
B.
Domain hijacking
B.
Domain hijacking
Answers
C.
DNS poisoning
C.
DNS poisoning
Answers
D.
URL redirection
D.
URL redirection
Answers
Suggested answer: C

Explanation:

The log entry shows the IP address for "www.example.com" being changed to a different IP address, which is likely the result of DNS poisoning. DNS poisoning occurs when an attacker is able to change the IP address associated with a domain name in a DNS server's cache, causing clients to connect to the attacker's server instead of the legitimate server. Reference: CompTIA Security+ SY0-601 Exam Objectives: 3.2 Given a scenario, implement secure network architecture concepts.

Question 102

Report
Export
Collapse

Which of the following would produce the closet experience of responding to an actual incident response scenario?

A.
Lessons learned
A.
Lessons learned
Answers
B.
Simulation
B.
Simulation
Answers
C.
Walk-through
C.
Walk-through
Answers
D.
Tabletop
D.
Tabletop
Answers
Suggested answer: B

Explanation:

A simulation exercise is designed to create an experience that is as close as possible to a real-world incident response scenario. It involves simulating an attack or other security incident and then having security personnel respond to the situation as they would in a real incident. Reference: CompTIA Security+ SY0-601 Exam Objectives: 1.1 Explain the importance of implementing security concepts, methodologies, and practices.

Question 103

Report
Export
Collapse

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?

A.
DLL injection to hijack administrator services
A.
DLL injection to hijack administrator services
Answers
B.
SQLi on the field to bypass authentication
B.
SQLi on the field to bypass authentication
Answers
C.
Execution of a stored XSS on the website
C.
Execution of a stored XSS on the website
Answers
D.
Code to execute a race condition on the server
D.
Code to execute a race condition on the server
Answers
Suggested answer: B

Explanation:

The input "admin' or 1=1--" in the username field is an example of SQL injection (SQLi) attack. In this case, the attacker is attempting to bypass authentication by injecting SQL code into the username field that will cause the authentication check to always return true. Reference: CompTIA Security+ SY0-601 Exam Objectives: 3.1 Given a scenario, use appropriate software tools to assess the security posture of an organization.

Question 104

Report
Export
Collapse

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access Which of the following is the BEST security solution to reduce this risk?

A.
CASB
A.
CASB
Answers
B.
VPN concentrator
B.
VPN concentrator
Answers
C.
MFA
C.
MFA
Answers
D.
VPC endpoint
D.
VPC endpoint
Answers
Suggested answer: A

Explanation:

A Cloud Access Security Broker (CASB) can be used to monitor and control access to cloud-based applications, including unsanctioned SaaS applications. It can help enforce policies that prevent access to high-risk SaaS applications and provide visibility into the use of such applications by employees. Reference: CompTIA Security+ SY0-601 Exam Objectives: 3.3 Given a scenario, implement secure mobile solutions.

Question 105

Report
Export
Collapse

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

A.
loT sensor
A.
loT sensor
Answers
B.
Evil twin
B.
Evil twin
Answers
C.
Rogue access point
C.
Rogue access point
Answers
D.
On-path attack
D.
On-path attack
Answers
Suggested answer: C

Explanation:

A Raspberry Pi device connected to an Ethernet port could be configured as a rogue access point, allowing an attacker to intercept and analyze network traffic or perform other malicious activities.

Reference: CompTIA Security+ SY0-601 Exam Objectives: 3.2 Given a scenario, implement secure network architecture concepts.

Question 106

Report
Export
Collapse

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

A.
FDE
A.
FDE
Answers
B.
TPM
B.
TPM
Answers
C.
HIDS
C.
HIDS
Answers
D.
VPN
D.
VPN
Answers
Suggested answer: A

Explanation:

Based on these definitions, the best security solution to mitigate the risk of future data disclosures from a laptop would be FDE123. FDE would prevent unauthorized access to the data stored on the laptop even if it is stolen or lost. FDE can also use TPM to store the encryption key and ensure that only trusted software can decrypt the data3. HIDS and VPN are not directly related to data encryption, but they can provide additional security benefits by detecting intrusions and protecting network traffic respectively.

Question 107

Report
Export
Collapse

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A.
An incident response plan
A.
An incident response plan
Answers
B.
A communications plan
B.
A communications plan
Answers
C.
A business continuity plan
C.
A business continuity plan
Answers
D.
A disaster recovery plan
D.
A disaster recovery plan
Answers
Suggested answer: B

Explanation:

A communications plan should be used to inform the affected parties about the sale of sensitive user data on a website. The communications plan should detail how the organization will handle media inquiries, how to communicate with customers, and how to respond to other interested parties.

Question 108

Report
Export
Collapse

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

A.
Data protection officer
A.
Data protection officer
Answers
B.
Data owner
B.
Data owner
Answers
C.
Backup administrator
C.
Backup administrator
Answers
D.
Data custodian
D.
Data custodian
Answers
E.
Internal auditor
E.
Internal auditor
Answers
Suggested answer: D

Explanation:

The responsibilities of ensuring backups are properly maintained and implementing technical controls to protect data are the responsibilities of the data custodian role. Reference: CompTIA Security+ Study Guide by Emmett Dulaney, Chapter 7: Securing Hosts and Data, Data Custodian

Question 109

Report
Export
Collapse

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

A.
Vulnerabilities with a CVSS score greater than 6.9.
A.
Vulnerabilities with a CVSS score greater than 6.9.
Answers
B.
Critical infrastructure vulnerabilities on non-IP protocols.
B.
Critical infrastructure vulnerabilities on non-IP protocols.
Answers
C.
CVEs related to non-Microsoft systems such as printers and switches.
C.
CVEs related to non-Microsoft systems such as printers and switches.
Answers
D.
Missing patches for third-party software on Windows workstations and servers.
D.
Missing patches for third-party software on Windows workstations and servers.
Answers
Suggested answer: D

Explanation:

An uncredentialed scan would miss missing patches for third-party software on Windows workstations and servers. A credentialed scan, however, can scan the registry and file system to determine the patch level of third-party applications. Reference: CompTIA Security+ Study Guide by Emmett Dulaney, Chapter 4: Identity and Access Management, The Importance of Credentialing Scans

Question 110

Report
Export
Collapse

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

A.
Unsecure protocols
A.
Unsecure protocols
Answers
B.
Use of penetration-testing utilities
B.
Use of penetration-testing utilities
Answers
C.
Weak passwords
C.
Weak passwords
Answers
D.
Included third-party libraries
D.
Included third-party libraries
Answers
E.
Vendors/supply chain
E.
Vendors/supply chain
Answers
F.
Outdated anti-malware software
F.
Outdated anti-malware software
Answers
Suggested answer: D, E

Explanation:

The most likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases are included third-party libraries and vendors/supply chain. Reference:

CompTIA Security+ Study Guide by Emmett Dulaney, Chapter 8: Application, Data, and Host Security, Supply Chain and Software Development Life Cycle

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms