ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 301

Report
Export
Collapse

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

A.
Privilege creep
A.
Privilege creep
Answers
B.
Unmodified default
B.
Unmodified default
Answers
C.
TLS
C.
TLS
Answers
D.
Improper patch management
D.
Improper patch management
Answers
Suggested answer: A

Explanation:

Privilege creep is the gradual accumulation of access rights beyond what an individual needs to do his or her job. In information technology, a privilege is an identified right that a particular end user has to a particular system resource, such as a file folder or virtual machine. Privilege creep often occurs when an employee changes job responsibilities within an organization and is granted new privileges. While employees may need to retain their former privileges during a period of transition, those privileges are rarely revoked and result in an unnecessary accumulation of access privileges. Privilege creep creates a security risk by increasing the attack surface and exposing sensitive data or systems to unauthorized or malicious users.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.techtarget.com/searchsecurity/definition/privilege-creep

Question 302

Report
Export
Collapse

A security administrator needs to block a TCP connection using the corporate firewall, Because this connection is potentially a threat. the administrator not want to back an RST Which of the following actions in rule would work best?

A.
Drop
A.
Drop
Answers
B.
Reject
B.
Reject
Answers
C.
Log alert
C.
Log alert
Answers
D.
Permit
D.
Permit
Answers
Suggested answer: A

Explanation:

the difference between drop and reject in firewall is that the drop target sends nothing to the source, while the reject target sends a reject response to the source. This can affect how the source handles the connection attempt and how fast the port scanning is. In this context, a human might say that the best action to block a TCP connection using the corporate firewall is A. Drop, because it does not send back an RST packet and it may slow down the port scanning and protect against DoS attacks.

Question 303

Report
Export
Collapse

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

A.
Jamming
A.
Jamming
Answers
B.
BluJacking
B.
BluJacking
Answers
C.
Disassoaatm
C.
Disassoaatm
Answers
D.
Evil twin
D.
Evil twin
Answers
Suggested answer: B

Explanation:

bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers. Bluejacking does not involve device hijacking, despite what the name implies. In this context, a human might say that the best answer to the question is B. BluJacking, because it is a method that can insert contacts without having physical access to the device.

Question 304

Report
Export
Collapse

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

A.
The order of volatility
A.
The order of volatility
Answers
B.
A forensics NDA
B.
A forensics NDA
Answers
C.
The provenance of the artifacts
C.
The provenance of the artifacts
Answers
D.
The vendor's name
D.
The vendor's name
Answers
E.
The date and time
E.
The date and time
Answers
F.
A warning banner
F.
A warning banner
Answers
Suggested answer: C, E

Explanation:

A digital forensics chain-of-custody form is a document that records the chronological and logical sequence of custody, control, transfer, analysis, and disposition of digital evidence. A digital forensics chain-of-custody form should include the following information:

The provenance of the artifacts: The provenance of the artifacts refers to the origin and history of the digital evidence, such as where, when, how, and by whom it was collected, handled, analyzed, or otherwise controlled.

The date and time: The date and time refer to the specific moments when the digital evidence was collected, handled, analyzed, transferred, or disposed of by each person involved in the chain of custody.

Other information that may be included in a digital forensics chain-of-custody form are:

The identification of the artifacts: The identification of the artifacts refers to the unique identifiers or labels assigned to the digital evidence, such as serial numbers, barcodes, hashes, or descriptions. The signatures of the custodians: The signatures of the custodians refer to the names and signatures of each person who had custody or control of the digital evidence at any point in the chain of custody.

The location of the artifacts: The location of the artifacts refers to the physical or logical places where the digital evidence was stored or processed, such as a lab, a server, a cloud service, or a device.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://resources.infosecinstitute.com/topic/chain-of-custody-in-digital-forensics/

Question 305

Report
Export
Collapse

Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

A.
IaaS
A.
IaaS
Answers
B.
SaaS
B.
SaaS
Answers
C.
PaaS
C.
PaaS
Answers
D.
XaaS
D.
XaaS
Answers
Suggested answer: B

Explanation:

SaaS stands for software as a service, which is a cloud computing model that provides ready-to-use applications over the internet. SaaS applications are hosted and managed by a cloud provider who also handles software updates, maintenance, security, and scalability. SaaS users can access the applications through a web browser or a mobile app without installing any software on their devices. SaaS applications are typically offered on a subscription or pay-per-use basis. Examples of SaaS applications include email services, online office suites, customer relationship management (CRM) systems, and video conferencing platforms.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.ibm.com/cloud/learn/software-as-a-service

Question 306

Report
Export
Collapse

A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

A.
WAF
A.
WAF
Answers
B.
CASB
B.
CASB
Answers
C.
VPN
C.
VPN
Answers
D.
TLS
D.
TLS
Answers
Suggested answer: B

Explanation:

CASB stands for cloud access security broker, which is a software tool or service that acts as an intermediary between users and cloud service providers. CASB can help protect data stored in cloud services by enforcing security policies and controls such as encryption, tokenization, authentication, authorization, logging, auditing, and threat detection. Tokenization is a process that replaces sensitive data with non-sensitive substitutes called tokens that have no intrinsic value. Tokenization can help prevent data leakage by ensuring that only authorized users can access the original data using a tokenization system.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/products/security/what

Question 307

Report
Export
Collapse

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

A.
NAC
A.
NAC
Answers
B.
DLP
B.
DLP
Answers
C.
IDS
C.
IDS
Answers
D.
MFA
D.
MFA
Answers
Suggested answer: A

Explanation:

NAC stands for network access control, which is a security solution that enforces policies and controls on devices that attempt to access a network. NAC can help prevent unauthorized devices from accessing the internal network by verifying their identity, compliance, and security posture before granting them access. NAC can also monitor and restrict the activities of authorized devices based on predefined rules and roles.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/products/security/what-is-network-access-control-nac.html

Question 308

Report
Export
Collapse

A junior human resources administrator was gathering data about employees to submit to a new company awards program The employee data included job title business phone number location first initial with last name and race Which of the following best describes this type of information?

A.
Sensitive
A.
Sensitive
Answers
B.
Non-Pll
B.
Non-Pll
Answers
C.
Private
C.
Private
Answers
D.
Confidential
D.
Confidential
Answers
Suggested answer: B

Explanation:

Non-PII stands for non-personally identifiable information, which is any data that does not directly identify a specific individual. Non-PII can include information such as job title, business phone number, location, first initial with last name, and race. Non-PII can be used for various purposes, such as statistical analysis, marketing, or research. However, non-PII may still pose some privacy risks if it is combined or linked with other data that can reveal an individual’s identity.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.investopedia.com/terms/n/non-personally-identifiable-information-npii.asp

Question 309

Report
Export
Collapse

A systems engineer thinks a business system has been compromised and is being used to exfiltrated data to a competitor The engineer contacts the CSIRT The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else Which of the following is the most likely reason for this request?

A.
The CSIRT thinks an insider threat is attacking the network
A.
The CSIRT thinks an insider threat is attacking the network
Answers
B.
Outages of business-critical systems cost too much money
B.
Outages of business-critical systems cost too much money
Answers
C.
The CSIRT does not consider the systems engineer to be trustworthy
C.
The CSIRT does not consider the systems engineer to be trustworthy
Answers
D.
Memory contents including fileles malware are lost when the power is turned off
D.
Memory contents including fileles malware are lost when the power is turned off
Answers
Suggested answer: D

Explanation:

Memory contents including files and malware are lost when the power is turned off. This is because memory is a volatile storage device that requires constant power to retain data. If a system has been compromised and is being used to exfiltrate data to a competitor, the CSIRT may want to preserve the memory contents for forensic analysis and evidence collection. Therefore, the CSIRT may tell the engineer to immediately disconnect the network cable and not do anything else to prevent further data loss or tampering.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://resources.infosecinstitute.com/topic/memory-acquisition-and-analysis/

Question 310

Report
Export
Collapse

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

A.
OWASP
A.
OWASP
Answers
B.
Obfuscation/camouflage
B.
Obfuscation/camouflage
Answers
C.
Test environment
C.
Test environment
Answers
D.
Prevent of information exposure
D.
Prevent of information exposure
Answers
Suggested answer: D

Explanation:

Preventing information exposure is a secure application development concept that aims to block verbose error messages from being shown in a user’s interface. Verbose error messages are detailed messages that provide information about errors or exceptions that occur in an application. Verbose error messages may reveal sensitive information about the application’s structure, configuration, logic, or data that could be exploited by attackers. Therefore, preventing information exposure involves implementing proper error handling mechanisms that display generic or user-friendly messages instead of verbose error messages.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms