ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 26

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 251

Report
Export
Collapse

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor most likely be required to review and sign?

A.
SLA
A.
SLA
Answers
B.
NDA
B.
NDA
Answers
C.
MOU
C.
MOU
Answers
D.
AUP
D.
AUP
Answers
Suggested answer: B

Explanation:

NDA stands for Non-Disclosure Agreement, which is a legal contract that binds the parties to keep confidential information secret and not to disclose it to unauthorized parties. A third-party vendor who is doing a penetration test of a new proprietary application would most likely be required to review and sign an NDA to protect the intellectual property and trade secrets of the security team.

Question 252

Report
Export
Collapse

A security practitioner is performing due diligence on a vendor that is being considered for cloud services. Which of the following should the practitioner consult for the best insight into the current security posture of the vendor?

A.
PCI DSS standards
A.
PCI DSS standards
Answers
B.
SLA contract
B.
SLA contract
Answers
C.
CSF framework
C.
CSF framework
Answers
D.
SOC 2 report
D.
SOC 2 report
Answers
Suggested answer: D

Explanation:

A SOC 2 report is a document that provides an independent assessment of a service organization’s controls related to the Trust Services Criteria of Security, Availability, Processing Integrity, Confidentiality, or Privacy. A SOC 2 report can help a security practitioner evaluate the current security posture of a vendor that provides cloud services1.

Question 253

Report
Export
Collapse

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

A.
MDM
A.
MDM
Answers
B.
RFID
B.
RFID
Answers
C.
DLR
C.
DLR
Answers
D.
SIEM
D.
SIEM
Answers
Suggested answer: A

Explanation:

MDM stands for Mobile Device Management, which is a solution that can be used to manage and secure personal devices that access company data. MDM can enforce policies and rules, such as password protection, encryption, remote wipe, device lock, application control, and more. MDM can help a company enable BYOD (Bring Your Own Device) while protecting sensitive organizational information.

Question 254

Report
Export
Collapse

A security analyst reviews web server logs and finds the following string gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

A.
Directory traversal
A.
Directory traversal
Answers
B.
CSRF
B.
CSRF
Answers
C.
Pass the hash
C.
Pass the hash
Answers
D.
SQL injection
D.
SQL injection
Answers
Suggested answer: A

Explanation:

Directory traversal is an attack that exploits a vulnerability in a web application or a file system to access files or directories that are outside the intended scope. The attacker can use special characters, such as …/ or …\ , to navigate through the directory structure and access restricted files or directories.

Question 255

Report
Export
Collapse

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

A.
NIDS
A.
NIDS
Answers
B.
MAC filtering
B.
MAC filtering
Answers
C.
Jump server
C.
Jump server
Answers
D.
IPSec
D.
IPSec
Answers
E.
NAT gateway
E.
NAT gateway
Answers
Suggested answer: C

Explanation:

A jump server is a device that acts as an intermediary between users and other devices on a network. A jump server can provide a secure and controlled access point to the legacy devices without exposing them directly to the network. A jump server can also enforce authentication, authorization, logging, and auditing policies.

Question 256

Report
Export
Collapse

Which of the following can reduce vulnerabilities by avoiding code reuse?

A.
Memory management
A.
Memory management
Answers
B.
Stored procedures
B.
Stored procedures
Answers
C.
Normalization
C.
Normalization
Answers
D.
Code obfuscation
D.
Code obfuscation
Answers
Suggested answer: A

Explanation:

Memory management is a technique that can allocate and deallocate memory for applications and processes. Memory management can reduce vulnerabilities by avoiding code reuse, which is a technique that exploits a memory corruption vulnerability to execute malicious code that already exists in memory. Memory management can prevent code reuse by implementing features such as address space layout randomization (ASLR), data execution prevention (DEP), or stack canaries.

Question 257

Report
Export
Collapse

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the company implement?

A.
PEAP
A.
PEAP
Answers
B.
PSK
B.
PSK
Answers
C.
WPA3
C.
WPA3
Answers
D.
WPS
D.
WPS
Answers
Suggested answer: A

Explanation:

PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that can provide secure authentication for wireless networks. PEAP can use certificates to authenticate the server and the client, or only the server. PEAP can also use other methods, such as passwords or tokens, to authenticate the client. PEAP can ensure only employees with a valid certificate can authenticate to the network.

Question 258

Report
Export
Collapse

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

A.
Install DLP software to prevent data loss.
A.
Install DLP software to prevent data loss.
Answers
B.
Use the latest version of software.
B.
Use the latest version of software.
Answers
C.
Install a SIEM device.
C.
Install a SIEM device.
Answers
D.
Implement MDM.
D.
Implement MDM.
Answers
E.
Implement a screened subnet for the web server.
E.
Implement a screened subnet for the web server.
Answers
F.
Install an endpoint security solution.
F.
Install an endpoint security solution.
Answers
G.
Update the website certificate and revoke the existing ones.
G.
Update the website certificate and revoke the existing ones.
Answers
H.
Deploy additional network sensors.
H.
Deploy additional network sensors.
Answers
Suggested answer: B, E, F

Question 259

Report
Export
Collapse

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

A.
Continuous deployment
A.
Continuous deployment
Answers
B.
Continuous integration
B.
Continuous integration
Answers
C.
Continuous validation
C.
Continuous validation
Answers
D.
Continuous monitoring
D.
Continuous monitoring
Answers
Suggested answer: C

Explanation:

Continuous validation is a process that involves performing regular and automated tests to verify the security and functionality of a system or an application. Continuous validation can help identify and remediate vulnerabilities, bugs, or misconfigurations before they cause any damage or disruption. The security administrator’s activities of performing weekly vulnerability scans on all cloud assets and providing a detailed report are examples of continuous validation.

Question 260

Report
Export
Collapse

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet this objective?

A.
SIEM
A.
SIEM
Answers
B.
HIDS
B.
HIDS
Answers
C.
CASB
C.
CASB
Answers
D.
EDR
D.
EDR
Answers
Suggested answer: A

Explanation:

SIEM stands for Security Information and Event Management, which is a solution that can collect, correlate, and analyze security logs and events from various devices on a network. SIEM can provide better visibility into user activities by generating reports, alerts, dashboards, and metrics. SIEM can also help detect and respond to security incidents, comply with regulations, and improve security posture.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms