ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
DRAG DROP A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?

Question 11

Report
Export
Collapse

During an incident a company CIRT determine it is necessary to observe the continued network- based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

A.
Physical move the PC to a separate internet pint of presence
A.
Physical move the PC to a separate internet pint of presence
Answers
B.
Create and apply micro segmentation rules.
B.
Create and apply micro segmentation rules.
Answers
C.
Emulate the malware in a heavily monitored DM Z segment.
C.
Emulate the malware in a heavily monitored DM Z segment.
Answers
D.
Apply network blacklisting rules for the adversary domain
D.
Apply network blacklisting rules for the adversary domain
Answers
Suggested answer: C

Explanation:

To observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC while reducing the risk of lateral spread and the risk that the adversary would notice any changes, the best technique to use is to emulate the malware in a heavily monitored DMZ segment. This is a secure environment that is isolated from the rest of the network and can be heavily monitored to detect any suspicious activity. By emulating the malware in this environment, the activity can be observed without the risk of lateral spread or detection by the adversary. Reference: https://www.sans.org/blog/incident-response-fundamentals-why-is-the-dmz- so-important/

Question 12

Report
Export
Collapse

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

A.
Production
A.
Production
Answers
B.
Test
B.
Test
Answers
C.
Staging
C.
Staging
Answers
D.
Development
D.
Development
Answers
Suggested answer: D

Explanation:

The environment that utilizes dummy data and is most likely to be installed locally on a system that allows it to be assessed directly and modified easily with each build is the development environment. The development environment is used for developing and testing software and applications. It is typically installed on a local system, rather than on a remote server, to allow for easy access and modification. Dummy data can be used in the development environment to simulate real-world scenarios and test the software's functionality. Reference:

https://www.techopedia.com/definition/27561/development-environment

Question 13

Report
Export
Collapse

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

A.
A new firewall rule is needed to access the application.
A.
A new firewall rule is needed to access the application.
Answers
B.
The system was quarantined for missing software updates.
B.
The system was quarantined for missing software updates.
Answers
C.
The software was not added to the application whitelist.
C.
The software was not added to the application whitelist.
Answers
D.
The system was isolated from the network due to infected software
D.
The system was isolated from the network due to infected software
Answers
Suggested answer: C

Explanation:

The most likely cause of the document-scanning software program not responding when launched by the end user is that the software was not added to the application whitelist. An application whitelist is a list of approved software applications that are allowed to run on a system. If the software is not on the whitelist, it may be blocked from running by the system's security policies. Adding the software to the whitelist should resolve the issue and allow the program to run.

Reference: https://www.techopedia.com/definition/31541/application-whitelisting

Question 14

Report
Export
Collapse

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the company implement to prevent this type of attack from occurring In the future?

A.
IPsec
A.
IPsec
Answers
B.
SSL/TLS
B.
SSL/TLS
Answers
C.
ONSSEC
C.
ONSSEC
Answers
D.
SMIME
D.
SMIME
Answers
Suggested answer: B

Explanation:

To prevent attacks where the main website is directed to the attacker's web server and allowing the attacker to harvest credentials from unsuspecting customers, the company should implement SSL/TLS (Secure Sockets Layer/Transport Layer Security) to encrypt the communication between the web server and the clients. This will prevent attackers from intercepting and tampering with the communication, and will also help to verify the identity of the web server to the clients.

Question 15

Report
Export
Collapse

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

A.
A reverse proxy
A.
A reverse proxy
Answers
B.
A decryption certificate
B.
A decryption certificate
Answers
C.
A split-tunnel VPN
C.
A split-tunnel VPN
Answers
D.
Load-balanced servers
D.
Load-balanced servers
Answers
Suggested answer: B

Explanation:

A Web Application Firewall (WAF) is a security solution that protects web applications from various types of attacks such as SQL injection, cross-site scripting (XSS), and others. It is typically deployed in front of web servers to inspect incoming traffic and filter out malicious requests. To protect the company’s website from malicious web requests over SSL, a decryption certificate is needed to decrypt the SSL traffic before it reaches the WAF. This allows the WAF to inspect the traffic and filter out malicious requests.

Question 16

Report
Export
Collapse

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

A.
MAC flooding
A.
MAC flooding
Answers
B.
URL redirection
B.
URL redirection
Answers
C.
ARP poisoning
C.
ARP poisoning
Answers
D.
DNS hijacking
D.
DNS hijacking
Answers
Suggested answer: C

Explanation:

The output of the “netstat -ano” command shows that there are two connections to the same IP address and port number. This indicates that there are two active sessions between the client and server.

The issue of users having to provide their credentials twice to log in is known as a double login prompt issue. This issue can occur due to various reasons such as incorrect configuration of authentication settings, incorrect configuration of web server settings, or issues with the client’s browser.

Based on the output of the “netstat -ano” command, it is difficult to determine the exact cause of the issue. However, it is possible that an attacker is intercepting traffic between the client and server and stealing user credentials. This type of attack is known as C. ARP poisoning. ARP poisoning is a type of attack where an attacker sends fake ARP messages to associate their MAC address with the IP address of another device on the network. This allows them to intercept traffic between the two devices and steal sensitive information such as user credentials.

Question 17

Report
Export
Collapse

A company recently experienced an attack during which 5 main website was directed to the atack- er’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?

A.
IPSec
A.
IPSec
Answers
B.
SSL/TLS
B.
SSL/TLS
Answers
C.
DNSSEC
C.
DNSSEC
Answers
D.
S/MIME
D.
S/MIME
Answers
Suggested answer: C

Explanation:

The attack described in the question is known as a DNS hijacking attack. In this type of attack, an attacker modifies the DNS records of a domain name to redirect traffic to their own server. This allows them to intercept traffic and steal sensitive information such as user credentials. To prevent this type of attack from occurring in the future, the company should implement C. DNSSEC.

DNSSEC (Domain Name System Security Extensions) is a security protocol that adds digital signatures to DNS records. This ensures that DNS records are not modified during transit and prevents DNS hijacking attacks.

Question 18

Report
Export
Collapse

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

A.
A reverse proxy
A.
A reverse proxy
Answers
B.
A decryption certificate
B.
A decryption certificate
Answers
C.
A spill-tunnel VPN
C.
A spill-tunnel VPN
Answers
D.
Load-balanced servers
D.
Load-balanced servers
Answers
Suggested answer: B

Explanation:

A Web Application Firewall (WAF) is a security solution that protects web applications from various types of attacks such as SQL injection, cross-site scripting (XSS), and others. It is typically deployed in front of web servers to inspect incoming traffic and filter out malicious requests. To protect the company’s website from malicious web requests over SSL, a decryption certificate is needed to decrypt the SSL traffic before it reaches the WAF. This allows the WAF to inspect the traffic and filter out malicious requests.

Question 19

Report
Export
Collapse

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

A.
Whaling
A.
Whaling
Answers
B.
Spam
B.
Spam
Answers
C.
Invoice scam
C.
Invoice scam
Answers
D.
Pharming
D.
Pharming
Answers
Suggested answer: A

Explanation:

A social engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested is known as whaling. Whaling is a type of phishing attack that targets high-profile individuals, such as executives, to steal sensitive information or gain access to their accounts.

Question 20

Report
Export
Collapse

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

A.
Perfect forward secrecy
A.
Perfect forward secrecy
Answers
B.
Elliptic-curve cryptography
B.
Elliptic-curve cryptography
Answers
C.
Key stretching
C.
Key stretching
Answers
D.
Homomorphic encryption
D.
Homomorphic encryption
Answers
Suggested answer: B

Explanation:


Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms