ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 281

Report
Export
Collapse

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

A.
nmap
A.
nmap
Answers
B.
tracert
B.
tracert
Answers
C.
ping
C.
ping
Answers
D.
ssh
D.
ssh
Answers
Suggested answer: A

Explanation:

Tracert is a command-line tool that shows the route that packets take to reach a destination on a network1. It also displays the time it takes for each hop along the way1. By using tracert, you can see if there is a router or firewall that is blocking or slowing down the traffic between the internal workstation and the specific server1.

Question 282

Report
Export
Collapse

Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

A.
Containment
A.
Containment
Answers
B.
Identification
B.
Identification
Answers
C.
Preparation
C.
Preparation
Answers
D.
Recovery
D.
Recovery
Answers
Suggested answer: A

Explanation:

Containment is the phase where the incident response team tries to isolate and stop the spread of the incident12. Before containing the incident, the team should collect and preserve any evidence that may be useful for analysis and investigation12. This includes documenting the incident details, such as date, time, location, source, and impact12. It also includes establishing a chain of custody, which is a record of who handled the evidence, when, where, how, and why3. A chain of custody ensures the integrity and admissibility of the evidence in court or other legal proceedings3.

Question 283

Report
Export
Collapse

Which of the following measures the average time that equipment will operate before it breaks?

A.
SLE
A.
SLE
Answers
B.
MTBF
B.
MTBF
Answers
C.
RTO
C.
RTO
Answers
D.
ARO
D.
ARO
Answers
Suggested answer: C

Explanation:

the measure that calculates the average time that equipment will operate before it breaks is MTBF12. MTBF stands for Mean Time Between Failures and it is a metric that represents the average time between two failures occurring in a given period12. MTBF is used to measure the reliability and availability of a product or system12. The higher the MTBF, the more reliable and available the product or system is12.

Question 284

Report
Export
Collapse

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

A.
IP address allow list
A.
IP address allow list
Answers
B.
user-agent spoofing
B.
user-agent spoofing
Answers
C.
WAF bypass
C.
WAF bypass
Answers
D.
Referrer manipulation
D.
Referrer manipulation
Answers
Suggested answer: B

Explanation:

User-agent spoofing is a technique that allows an attacker to modify the user-agent header of an HTTP request to impersonate another browser or device12. User-agent spoofing can be used to bypass security controls that rely on user-agent filtering or validation12. In this case, the attacker spoofed the user-agent header to match the company’s mobile application, which was allowed to access the back-end server’s API2.

Question 285

Report
Export
Collapse

A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data. Which of the following additional controls should be put in place first?

A.
GPS tagging
A.
GPS tagging
Answers
B.
Remote wipe
B.
Remote wipe
Answers
C.
Screen lock timer
C.
Screen lock timer
Answers
D.
SEAndroid
D.
SEAndroid
Answers
Suggested answer: C

Explanation:

According to NIST Special Publication 1800-4B1, some of the security controls that can be used to protect mobile devices include:

Root and jailbreak detection: ensures that the security architecture for a mobile device has not been compromised.

Encryption: protects the data stored on the device and in transit from unauthorized access. Authentication: verifies the identity of the user and the device before granting access to enterprise resources.

Remote wipe: allows the organization to erase the data on the device in case of loss or theft. Screen lock timer: sets a time limit for the device to lock itself after a period of inactivity.

Question 286

Report
Export
Collapse

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

A.
Deny cleartext web traffic
A.
Deny cleartext web traffic
Answers
B.
Ensure secure management protocols are used.
B.
Ensure secure management protocols are used.
Answers
C.
Resolve issues at the DR site.The ruleset order cannot be modified due to outside constraints.Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.
C.
Resolve issues at the DR site.The ruleset order cannot be modified due to outside constraints.Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.
Answers
Suggested answer: A, C

Explanation:

Explanation:

In Firewall 1, HTTP inbound Action should be DENY. As shown below

In Firewall 2, Management Service should be DNS, As shown below.

In Firewall 3, HTTP Inbound Action should be DENY, as shown below

Question 287

Report
Export
Collapse

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

A.
Unsecure root accounts
A.
Unsecure root accounts
Answers
B.
Lack of vendor support
B.
Lack of vendor support
Answers
C.
Password complexity
C.
Password complexity
Answers
D.
Default settings
D.
Default settings
Answers
Suggested answer: A

Question 288

Report
Export
Collapse

An organization wants to quickly assess how effectively the IT team hardened new laptops Which of the following would be the best solution to perform this assessment?

A.
Install a SIEM tool and properly configure it to read the OS configuration files.
A.
Install a SIEM tool and properly configure it to read the OS configuration files.
Answers
B.
Load current baselines into the existing vulnerability scanner.
B.
Load current baselines into the existing vulnerability scanner.
Answers
C.
Maintain a risk register with each security control marked as compliant or non-compliant.
C.
Maintain a risk register with each security control marked as compliant or non-compliant.
Answers
D.
Manually review the secure configuration guide checklists.
D.
Manually review the secure configuration guide checklists.
Answers
Suggested answer: B

Explanation:

A vulnerability scanner is a tool that can scan devices and systems for known vulnerabilities, misconfigurations, and compliance issues. By loading the current baselines into the scanner, the organization can compare the actual state of the new laptops with the desired state and identify any deviations or weaknesses. This is a quick and automated way to assess the hardening of the new laptops.

Question 289

Report
Export
Collapse

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

Which of the following best describes the attack that is currently in progress?

A.
MAC flooding
A.
MAC flooding
Answers
B.
Evil twin
B.
Evil twin
Answers
C.
ARP poisoning
C.
ARP poisoning
Answers
D.
DHCP spoofing
D.
DHCP spoofing
Answers
Suggested answer: C

Explanation:

This is an attempt to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router. The attacker tricks the victim into believing that it is the legitimate router by sending a spoofed ARP reply with its own MAC address. This causes the victim to send all its traffic to the attacker instead of the router. The attacker can then intercept, modify, or drop the packets as they please.

Question 290

Report
Export
Collapse

Which of the following can be used to detect a hacker who is stealing company data over port 80?

A.
Web application scan
A.
Web application scan
Answers
B.
Threat intelligence
B.
Threat intelligence
Answers
C.
Log aggregation
C.
Log aggregation
Answers
D.
Packet capture
D.
Packet capture
Answers
Suggested answer: D

Explanation:

Using a SIEM tool to monitor network traffic in real-time and detect any anomalies or malicious activities

Monitoring all network protocols and ports to detect suspicious volumes of traffic or connections to uncommon IP addresses

Monitoring for outbound traffic patterns that indicate malware communication with command and control servers, such as beaconing or DNS tunneling

Using a CASB tool to control access to cloud resources and prevent data leaks or downloads Encrypting data at rest and in transit and enforcing strong authentication and authorization policies

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms