ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 121

Report
Export
Collapse

As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

A.
Creating a playbook within the SOAR
A.
Creating a playbook within the SOAR
Answers
B.
Implementing rules in the NGFW
B.
Implementing rules in the NGFW
Answers
C.
Updating the DLP hash database
C.
Updating the DLP hash database
Answers
D.
Publishing a new CRL with revoked certificates
D.
Publishing a new CRL with revoked certificates
Answers
Suggested answer: A

Explanation:

Creating a playbook within the Security Orchestration, Automation and Response (SOAR) tool would allow the security analyst to detect if an event is reoccurring by triggering automated actions based on the previous incident's characteristics. This can help the SOC to respond quickly and effectively to the incident. Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 7:

Incident Response, pp. 352-354

Question 122

Report
Export
Collapse

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A.
Change the default settings on the PC.
A.
Change the default settings on the PC.
Answers
B.
Define the PC firewall rules to limit access.
B.
Define the PC firewall rules to limit access.
Answers
C.
Encrypt the disk on the storage device.
C.
Encrypt the disk on the storage device.
Answers
D.
Plug the storage device in to the UPS
D.
Plug the storage device in to the UPS
Answers
Suggested answer: A

Explanation:

The best option that will help to protect the PC from malicious files on the storage device would be

A. Change the default settings on the PC. Changing the default settings on the PC can include disabling the autorun or autoplay feature, which can prevent malicious files from executing automatically when the storage device is plugged in. Changing the default settings can also include enabling antivirus software, updating the operating system and applications, and configuring user account control and permissions.

Question 123

Report
Export
Collapse

A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?

A.
Use fuzzing testing
A.
Use fuzzing testing
Answers
B.
Use a web vulnerability scanner
B.
Use a web vulnerability scanner
Answers
C.
Use static code analysis
C.
Use static code analysis
Answers
D.
Use a penetration-testing OS
D.
Use a penetration-testing OS
Answers
Suggested answer: C

Explanation:

Using static code analysis would be the best approach to scan the source code looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. This method involves analyzing the source code without actually running the software, which can identify security vulnerabilities that may not be detected by other testing methods. Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6: Risk Management, pp. 292-295

Question 124

Report
Export
Collapse

Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

A.
Identify theft
A.
Identify theft
Answers
B.
Data loss
B.
Data loss
Answers
C.
Data exfiltration
C.
Data exfiltration
Answers
D.
Reputation
D.
Reputation
Answers
Suggested answer: D

Explanation:

The best option that describes what is impacted the most by the hackers’ attack and threat would be

D. Reputation. Reputation is the perception or opinion that others have about a person or an organization. Reputation can affect the trust, credibility, and success of a person or an organization. In this scenario, if the hackers send the unfavorable pictures to the press, it can damage the reputation of the Chief Executive Officer and the company, and cause negative consequences such as loss of customers, partners, investors, or employees.

Question 125

Report
Export
Collapse

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

A.
Hashing
A.
Hashing
Answers
B.
Salting
B.
Salting
Answers
C.
Integrity
C.
Integrity
Answers
D.
Digital signature
D.
Digital signature
Answers
Suggested answer: A

Explanation:

Hashing is a cryptographic function that produces a unique fixed-size output (i.e., hash value) from an input (i.e., data). The hash value is a digital fingerprint of the data, which means that if the data changes, so too does the hash value. By comparing the hash value of the downloaded file with the hash value provided by the security website, the security analyst can verify that the file has not been altered in transit or corrupted.

Question 126

Report
Export
Collapse

Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

A.
TOTP
A.
TOTP
Answers
B.
Biometrics
B.
Biometrics
Answers
C.
Kerberos
C.
Kerberos
Answers
D.
LDAP
D.
LDAP
Answers
Suggested answer: A

Explanation:

Time-based One-Time Password (TOTP) is a type of authentication method that sends out a unique password to be used within a specific number of seconds. It uses a combination of a shared secret key and the current time to generate a one-time password. TOTP is commonly used for two-factor authentication (2FA) to provide an additional layer of security beyond just a username and password.

Question 127

Report
Export
Collapse

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security contral standards. Which of the following is the MOST likely source of the breach?

A.
Side channel
A.
Side channel
Answers
B.
Supply chain
B.
Supply chain
Answers
C.
Cryptographic downgrade
C.
Cryptographic downgrade
Answers
D.
Malware
D.
Malware
Answers
Suggested answer: B

Explanation:

A supply chain attack occurs when a third-party supplier or business partner is compromised, leading to an attacker gaining unauthorized access to the targeted organization's network. In this scenario, the dedicated business partner connection to a vendor was used to exfiltrate customer credit card data, indicating that the vendor's network was breached and used as a supply chain attack vector.

Question 128

Report
Export
Collapse

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

A.
Disable unneeded services.
A.
Disable unneeded services.
Answers
B.
Install the latest security patches.
B.
Install the latest security patches.
Answers
C.
Run a vulnerability scan.
C.
Run a vulnerability scan.
Answers
D.
Encrypt all disks.
D.
Encrypt all disks.
Answers
Suggested answer: C

Explanation:

Running a vulnerability scan is the final step to be performed prior to promoting a system to production. This allows any remaining security issues to be identified and resolved before the system is put into production. Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 3

Question 129

Report
Export
Collapse

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

• Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

• Internal users in question were changing their passwords frequently during that time period.

• A jump box that several domain administrator users use to connect to remote devices was recently compromised.

• The authentication method used in the environment is NTLM. Which of the following types of attacks is MOST likely being used to gain unauthorized access?

A.
Pass-the-hash
A.
Pass-the-hash
Answers
B.
Brute-force
B.
Brute-force
Answers
C.
Directory traversal
C.
Directory traversal
Answers
D.
Replay
D.
Replay
Answers
Suggested answer: A

Explanation:

The suspicious activity reported by the application owner, combined with the recent compromise of the jump box and the use of NTLM authentication, suggests that an attacker is likely using a pass-the- hash attack to gain unauthorized access to the financial application. This type of attack involves stealing hashed passwords from memory and then using them to authenticate as the compromised user without needing to know the user's plaintext password. Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 5

Question 130

Report
Export
Collapse

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

A.
SAML
A.
SAML
Answers
B.
TACACS+
B.
TACACS+
Answers
C.
Password vaults
C.
Password vaults
Answers
D.
OAuth
D.
OAuth
Answers
Suggested answer: B

Explanation:

TACACS+ is a protocol used for remote authentication, authorization, and accounting (AAA) that can be used to replace shared passwords on routers and switches. It provides a more secure method of authentication that allows for centralized management of access control policies. Reference:

CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms