ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 23

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 221

Report
Export
Collapse

Which of Ihe following control types is patch management classified under?

A.
Deterrent
A.
Deterrent
Answers
B.
Physical
B.
Physical
Answers
C.
Corrective
C.
Corrective
Answers
D.
Detective
D.
Detective
Answers
Suggested answer: C

Explanation:

Patch management is classified as a corrective control because it is used to correct vulnerabilities or weaknesses in systems and applications after they have been identified. It is a reactive approach that aims to fix problems that have already occurred rather than prevent them from happening in the first place.

Reference: CompTIA Security+ SY0-601 Official Textbook, page 109.

Question 222

Report
Export
Collapse

A new security engineer has started hardening systems. One o( the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability lo use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

A.
TFTP was disabled on the local hosts.
A.
TFTP was disabled on the local hosts.
Answers
B.
SSH was turned off instead of modifying the configuration file.
B.
SSH was turned off instead of modifying the configuration file.
Answers
C.
Remote login was disabled in the networkd.conf instead of using the sshd. conf.
C.
Remote login was disabled in the networkd.conf instead of using the sshd. conf.
Answers
D.
Network services are no longer running on the NAS
D.
Network services are no longer running on the NAS
Answers
Suggested answer: B

Explanation:


Question 223

Report
Export
Collapse

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

A.
The Diamond Model of Intrusion Analysis
A.
The Diamond Model of Intrusion Analysis
Answers
B.
CIS Critical Security Controls
B.
CIS Critical Security Controls
Answers
C.
NIST Risk Management Framework
C.
NIST Risk Management Framework
Answers
D.
ISO 27002
D.
ISO 27002
Answers
Suggested answer: C

Explanation:

The NIST Risk Management Framework (RMF) is a process for evaluating the security of a system and implementing controls to reduce potential risks associated with it. The RMF process involves categorizing the system, selecting the controls that apply to the system, implementing the controls, and then assessing the success of the controls before authorizing the system. For more information on the NIST Risk Management Framework and other security processes, refer to the CompTIA Security+ SY0-601 Official Text Book and Resources.

Question 224

Report
Export
Collapse

The findings in a consultant's report indicate the most critical risk to the security posture from an incident response perspective is a lack of workstation and server investigation capabilities. Which of the following should be implemented to remediate this risk?

A.
HIDS
A.
HIDS
Answers
B.
FDE
B.
FDE
Answers
C.
NGFW
C.
NGFW
Answers
D.
EDR
D.
EDR
Answers
Suggested answer: D

Explanation:

EDR solutions are designed to detect and respond to malicious activity on workstations and servers, and they provide a detailed analysis of the incident, allowing organizations to quickly remediate the threat. According to the CompTIA Security+ SY0-601 Official Text Book, EDR solutions can be used to detect malicious activity on endpoints, investigate the incident, and contain the threat. EDR solutions can also provide real-time monitoring and alerting for potential security events, as well as detailed forensic analysis for security incidents. Additionally, the text book recommends that organizations also implement a host-based intrusion detection system (HIDS) to alert them to malicious activity on their workstations and servers.

Question 225

Report
Export
Collapse

The management team has requested that the security team implement 802.1X into the existing wireless network setup. The following requirements must be met:

• Minimal interruption to the end user

• Mutual certificate validation

Which of the following authentication protocols would meet these requirements?

A.
EAP-FAST
A.
EAP-FAST
Answers
B.
PSK
B.
PSK
Answers
C.
EAP-TTLS
C.
EAP-TTLS
Answers
D.
EAP-TLS
D.
EAP-TLS
Answers
Suggested answer: D

Explanation:

EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) is an authentication protocol that uses certificates to provide mutual authentication between the client and the authentication server. It also allows for the encryption of user credentials, making EAP-TLS a secure and reliable authentication protocol. According to the CompTIA Security+ SY0-601 Official Text Book, EAP-TLS is well-suited for wireless networks due to its mutual authentication capabilities and its ability to securely store credentials. It is also the preferred authentication protocol for 802.1X wireless networks.

Question 226

Report
Export
Collapse

Which of the following describes where an attacker can purchase DDoS or ransomware services?

A.
Threat intelligence
A.
Threat intelligence
Answers
B.
Open-source intelligence
B.
Open-source intelligence
Answers
C.
Vulnerability database
C.
Vulnerability database
Answers
D.
Dark web
D.
Dark web
Answers
Suggested answer: D

Explanation:

The best option to describe where an attacker can purchase DDoS or ransomware services is the dark web. The dark web is an anonymous, untraceable part of the internet where a variety of illicit activities take place, including the purchase of DDoS and ransomware services. According to the CompTIA Security+ SY0-601 Official Text Book, attackers can purchase these services anonymously and without the risk of detection or attribution. Additionally, the text book recommends that organizations monitor the dark web to detect any possible threats or malicious activity.

Question 227

Report
Export
Collapse

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

A.
pcap reassembly
A.
pcap reassembly
Answers
B.
SSD snapshot
B.
SSD snapshot
Answers
C.
Image volatile memory
C.
Image volatile memory
Answers
D.
Extract from checksums
D.
Extract from checksums
Answers
Suggested answer: C

Explanation:

The best technique for the digital forensics team to use to obtain a sample of the malware binary is to image volatile memory. Volatile memory imaging is a process of collecting a snapshot of the contents of a computer's RAM, which can include active malware programs. According to the CompTIA Security+ SY0-601 Official Text Book, volatile memory imaging can be used to capture active malware programs that are running in memory, but have not yet been committed to disk. This technique is especially useful in cases where the malware is designed to self-destruct or erase itself from the disk after execution.

Question 228

Report
Export
Collapse

A security administrator is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used for administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

" Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements? (Give

Explanation and Reference from CompTIA Security+ SY0-601 Official Text Book and Resources)

A.
ABAC
A.
ABAC
Answers
B.
SAML
B.
SAML
Answers
C.
PAM
C.
PAM
Answers
D.
D.
Answers
Suggested answer: C

Explanation:

A. ABAC

B. SAML

C. PAM

D. CASB

Answer: C

Explanation:

PAM is a solution that enables organizations to securely manage users' accounts and access to sensitive systems. It allows administrators to create unique and complex passwords for each user, as well as assign each account to a single user for administrative duties. PAM also provides audit trails and logging capabilities, allowing administrators to monitor user activity and ensure that all systems are secure. According to the CompTIA Security+ SY0-601 Course Book, “PAM is the most comprehensive way to control and monitor privileged accounts”.

Question 229

Report
Export
Collapse

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

A.
Compensating
A.
Compensating
Answers
B.
Deterrent
B.
Deterrent
Answers
C.
Preventive
C.
Preventive
Answers
D.
Detective
D.
Detective
Answers
Suggested answer: C

Explanation:

The scenario describes preventive controls, which are designed to stop malicious actors from gaining access to the organization's servers. This includes using multiple access points, such as a lobby, an access control vestibule, and multiple doors leading to the server floor, as well as caging the organization's hardware. According to the CompTIA Security+ SY0-601 document, preventive controls are "designed to stop malicious actors from performing a malicious activity or gaining access to an asset." These controls can include technical solutions, such as authentication and access control systems, physical security solutions, such as locks and barriers, and administrative solutions such as policy enforcement.

Question 230

Report
Export
Collapse

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

A.
Walk-throughs
A.
Walk-throughs
Answers
B.
Lessons learned
B.
Lessons learned
Answers
C.
Attack framework alignment
C.
Attack framework alignment
Answers
D.
Containment
D.
Containment
Answers
Suggested answer: B

Explanation:

After the root cause of a security incident has been identified, it is important to take the time to analyze what went wrong and how it could have been prevented. This process is known as “lessons learned” and allows organizations to identify potential improvements to their security processes and protocols. Lessons learned typically involve a review of the incident and the steps taken to address it, a review of the security systems and procedures in place, and an analysis of any potential changes that can be made to prevent similar incidents from occurring in the future.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms