ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 311

Report
Export
Collapse

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

A.
Plaintext
A.
Plaintext
Answers
B.
Birthdat
B.
Birthdat
Answers
C.
Brute-force
C.
Brute-force
Answers
D.
Rainbow table
D.
Rainbow table
Answers
Suggested answer: D

Explanation:

Rainbow table is a type of attack that should concern a security administrator when reviewing the /etc/shadow file. The /etc/shadow file is a file that stores encrypted passwords of users in a Linux system. A rainbow table is a precomputed table of hashes and their corresponding plaintext values that can be used to crack hashed passwords. If an attacker obtains a copy of the /etc/shadow file, they can use a rainbow table to find the plaintext passwords of users.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.geeksforgeeks.org/rainbow-table-in-cryptography/

Question 312

Report
Export
Collapse

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

A.
Log enrichment
A.
Log enrichment
Answers
B.
Log queue
B.
Log queue
Answers
C.
Log parser
C.
Log parser
Answers
D.
Log collector
D.
Log collector
Answers
Suggested answer: D

Explanation:

A log collector is a component that forwards the logs from all security devices to a central source. A log collector can be a software tool or a hardware appliance that collects logs from various sources, such as firewalls, routers, servers, applications, or endpoints. A log collector can also perform functions such as log filtering, parsing, aggregation, normalization, and enrichment. A log collector can help centralize logging by sending the collected logs to a central log server or a security information and event management (SIEM) system for further analysis and correlation.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://geekflare.com/open-source-centralized-logging/

Question 313

Report
Export
Collapse

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

A.
Lessons learned
A.
Lessons learned
Answers
B.
Identification
B.
Identification
Answers
C.
Simulation
C.
Simulation
Answers
D.
Containment
D.
Containment
Answers
Suggested answer: A

Explanation:

Lessons learned is a process that would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges. Lessons learned is a process that involves reviewing and evaluating the incident response exercise to identify what went well, what went wrong, and what can be improved. Lessons learned can help an organization enhance its incident response capabilities, address any gaps or weaknesses, and update its incident response plan accordingly.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

Question 314

Report
Export
Collapse

Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur Which of the following Plans would fulfill this requirement?

A.
Communication plan
A.
Communication plan
Answers
B.
Disaster recovery plan
B.
Disaster recovery plan
Answers
C.
Business continuity plan
C.
Business continuity plan
Answers
D.
Risk plan
D.
Risk plan
Answers
Suggested answer: A

Explanation:

A communication plan is a plan that would fulfill the requirement of keeping stakeholders at an organization aware of any incidents and receiving updates on status changes as they occur. A communication plan is a document that outlines the communication objectives, strategies, methods, channels, frequency, and audience for an incident response process. A communication plan can help an organization communicate effectively and efficiently with internal and external stakeholders during an incident and keep them informed of the incident’s impact, progress, resolution, and recovery.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.ready.gov/business-continuity-plan

Question 315

Report
Export
Collapse

A security analyst receives an alert that indicates a user's device is displaying anomalous behavior The analyst suspects the device might be compromised Which of the following should the analyst to first?

A.
Reboot the device
A.
Reboot the device
Answers
B.
Set the host-based firewall to deny an incoming connection
B.
Set the host-based firewall to deny an incoming connection
Answers
C.
Update the antivirus definitions on the device
C.
Update the antivirus definitions on the device
Answers
D.
Isolate the device
D.
Isolate the device
Answers
Suggested answer: D

Explanation:

Isolating the device is the first thing that a security analyst should do if they suspect that a user’s device might be compromised. Isolating the device means disconnecting it from the network or placing it in a separate network segment to prevent further communication with potential attackers or malicious hosts. Isolating the device can help contain the incident, limit the damage or data loss, preserve the evidence, and facilitate the investigation and remediation.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://resources.infosecinstitute.com/topic/incident-response-process/

Question 316

Report
Export
Collapse

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

A.
Load balancing
A.
Load balancing
Answers
B.
Incremental backups
B.
Incremental backups
Answers
C.
UPS
C.
UPS
Answers
D.
RAID
D.
RAID
Answers
E.
Dual power supply
E.
Dual power supply
Answers
F.
VLAN
F.
VLAN
Answers
Suggested answer: A, D

Explanation:

Load balancing and RAID are the best options to accomplish the objective of improving both server- data fault tolerance and site availability under high consumer load. Load balancing is a method of distributing network traffic across multiple servers to optimize performance, reliability, and scalability. Load balancing can help improve site availability by preventing server overload, ensuring high uptime, and providing redundancy and failover. RAID stands for redundant array of independent disks, which is a technology that combines multiple physical disks into a logical unit to improve data storage performance, reliability, and capacity. RAID can help improve server-data fault tolerance by providing data redundancy, backup, and recovery.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.nginx.com/resources/glossary/load-balancing/ https://www.ibm.com/cloud/learn/raid

Question 317

Report
Export
Collapse

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

A.
IP schema
A.
IP schema
Answers
B.
Application baseline configuration
B.
Application baseline configuration
Answers
C.
Standard naming convention policy
C.
Standard naming convention policy
Answers
D.
Wireless LAN and network perimeter diagram
D.
Wireless LAN and network perimeter diagram
Answers
Suggested answer: C

Explanation:

A standard naming convention policy would provide guidelines on how to label new network devices as part of the initial configuration. A standard naming convention policy is a document that defines the rules and formats for naming network devices, such as routers, switches, firewalls, servers, or printers. A standard naming convention policy can help an organization achieve consistency, clarity, and efficiency in network management and administration.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/PathIsolation DesignGuide/PathIsolationDesignGuide.pdf

Question 318

Report
Export
Collapse

A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

A.
Dump file
A.
Dump file
Answers
B.
System log
B.
System log
Answers
C.
Web application log
C.
Web application log
Answers
D.
Security too
D.
Security too
Answers
Suggested answer: A

Explanation:

A dump file is the first thing that a security analyst should review to determine more information about a compromised device that displayed an error screen and shut down. A dump file is a file that contains a snapshot of the memory contents of a device at the time of a system crash or error. A dump file can help a security analyst analyze the cause and source of the crash or error, as well as identify any malicious code or activity that may have triggered it.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/introduction-to-crash- dump-files

Question 319

Report
Export
Collapse

A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability Which of the following would be the most cost-effective solution for the data center 10 implement''

A.
Uninterruptible power supplies with battery backup
A.
Uninterruptible power supplies with battery backup
Answers
B.
Managed power distribution units lo track these events
B.
Managed power distribution units lo track these events
Answers
C.
A generator to ensure consistent, normalized power delivery
C.
A generator to ensure consistent, normalized power delivery
Answers
D.
Dual power supplies to distribute the load more evenly
D.
Dual power supplies to distribute the load more evenly
Answers
Suggested answer: A

Explanation:

Uninterruptible power supplies with battery backup would be the most cost-effective solution for the data center to implement to prevent under-voltage events following electrical grid maintenance outside the facility. An uninterruptible power supply (UPS) is a device that provides emergency power to a load when the main power source fails or drops below an acceptable level. A UPS with battery backup can help prevent under-voltage events by switching to battery power when it detects a voltage drop or outage in the main power source. A UPS with battery backup can also protect the data center equipment from power surges or spikes.

Reference: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.apc.com/us/en/faqs/FA158852/

Question 320

Report
Export
Collapse

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

A.
Crossover error rate
A.
Crossover error rate
Answers
B.
False match raw
B.
False match raw
Answers
C.
False rejection
C.
False rejection
Answers
D.
False positive
D.
False positive
Answers
Suggested answer: C

Explanation:

False rejection Short A false rejection occurs when a biometric system fails to recognize an authorized user and denies access. This can happen due to poor quality of the biometric sample, environmental factors, or system errors. Reference: https://www.comptia.org/blog/what-is- biometrics

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms