ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 33

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 321

Report
Export
Collapse

A company that provides an online streaming service made its customers' personal data including names and email addresses publicly available in a cloud storage service. As a result, the company experienced an increase m the number of requests to delete user accounts. Which of the following best describes the consequence of tins data disclosure?

A.
Regulatory tines
A.
Regulatory tines
Answers
B.
Reputation damage
B.
Reputation damage
Answers
C.
Increased insurance costs
C.
Increased insurance costs
Answers
D.
Financial loss
D.
Financial loss
Answers
Suggested answer: B

Explanation:

Reputation damage Short Reputation damage is the loss of trust or credibility that a company suffers when its customers’ personal data is exposed or breached. This can lead to customer dissatisfaction, loss of loyalty, and requests to delete user accounts. Reference:

https://www.comptia.org/content/guides/what-is-cybersecurity

Question 322

Report
Export
Collapse

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?

A.
Digital signatures
A.
Digital signatures
Answers
B.
Key exchange
B.
Key exchange
Answers
C.
Salting
C.
Salting
Answers
D.
PPTP
D.
PPTP
Answers
Suggested answer: B

Explanation:

Key exchange Short Key exchange is the process of securely sharing cryptographic keys between two parties over a public network. This allows them to establish a secure communication channel and encrypt their messages. There are different methods of key exchange, such as Diffie-Hellman or RSA.

Reference: https://www.comptia.org/content/guides/what-is-encryption

Question 323

Report
Export
Collapse

The new Chief Information Security Officer at a company has asked the security learn to implement stronger user account policies. The new policies require:

• Users to choose a password unique to their last ten passwords

• Users to not log in from certain high-risk countries

Which of the following should the security team implement? (Select two).

A.
Password complexity
A.
Password complexity
Answers
B.
Password history
B.
Password history
Answers
C.
Geolocation
C.
Geolocation
Answers
D.
Geospatial
D.
Geospatial
Answers
E.
Geotagging
E.
Geotagging
Answers
F.
Password reuse
F.
Password reuse
Answers
Suggested answer: B, C

Explanation:

Password history is a policy that prevents users from reusing their previous passwords. This can reduce the risk of password cracking or compromise. Geolocation is a policy that restricts users from logging in from certain locations based on their IP address. This can prevent unauthorized access from high-risk countries or regions. Reference: https://www.comptia.org/content/guides/what-is- identity-and-access-management

Question 324

Report
Export
Collapse

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away. Which of the following solutions should the CISO implement?

A.
VAF
A.
VAF
Answers
B.
SWG
B.
SWG
Answers
C.
VPN
C.
VPN
Answers
D.
WDS
D.
WDS
Answers
Suggested answer: B

Explanation:

A secure web gateway (SWG) is a solution that can filter and block malicious or inappropriate web traffic based on predefined policies. It can protect users from web-based threats, such as malware, phishing, or ransomware, whether they are in the office or away. An SWG can be deployed as a hardware appliance, a software application, or a cloud service. Reference:

https://www.comptia.org/content/guides/what-is-a-secure-web-gateway

Question 325

Report
Export
Collapse

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

A.
Devices with celular communication capabilities bypass traditional network security controls
A.
Devices with celular communication capabilities bypass traditional network security controls
Answers
B.
Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.
B.
Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.
Answers
C.
These devices often lade privacy controls and do not meet newer compliance regulations
C.
These devices often lade privacy controls and do not meet newer compliance regulations
Answers
D.
Unauthorized voice and audio recording can cause loss of intellectual property
D.
Unauthorized voice and audio recording can cause loss of intellectual property
Answers
Suggested answer: D

Explanation:

Industrial control systems (ICS) are devices that monitor and control physical processes, such as power generation, manufacturing, or transportation. Newer ICS devices may have voice and audio capabilities that can be exploited by attackers to eavesdrop on sensitive conversations or capture confidential information. This can result in the loss of intellectual property or trade secrets.

Reference: https://www.comptia.org/content/guides/what-is-industrial-control-system-security

Question 326

Report
Export
Collapse

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

A.
A spraying attack was used to determine which credentials to use
A.
A spraying attack was used to determine which credentials to use
Answers
B.
A packet capture tool was used to steal the password
B.
A packet capture tool was used to steal the password
Answers
C.
A remote-access Trojan was used to install the malware
C.
A remote-access Trojan was used to install the malware
Answers
D.
A directory attack was used to log in as the server administrator
D.
A directory attack was used to log in as the server administrator
Answers
Suggested answer: B

Explanation:

Telnet is an insecure protocol that transmits data in cleartext over the network. This means that anyone who can intercept the network traffic can read the data, including the username and password of the server administrator. A packet capture tool is a software or hardware device that can capture and analyze network packets. An attacker can use a packet capture tool to steal the password and use it to install malicious software on the server. Reference:

https://www.comptia.org/content/guides/what-is-network-security

Question 327

Report
Export
Collapse

A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?

A.
Kerberos
A.
Kerberos
Answers
B.
SSL/TLS
B.
SSL/TLS
Answers
C.
IPSec
C.
IPSec
Answers
D.
SSH
D.
SSH
Answers
Suggested answer: C

Explanation:

IPSec is a protocol suite that provides secure communication over IP networks. It uses encryption, authentication, and integrity mechanisms to protect data from unauthorized access or modification. IPSec can operate in two modes: transport mode and tunnel mode. In tunnel mode, IPSec can create a virtual private network (VPN) between two endpoints, such as external partners and internal networks. To establish a VPN connection, IPSec requires a pre-shared key (PSK) or other parameters to negotiate the security association. Reference: https://www.comptia.org/content/guides/what-is- vpn

Question 328

Report
Export
Collapse

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain dat

A.
Authenticated users who access the data must have a need to know, depending on their level of permissions.Which of the following is the first step the organization should take when implementing the policy?
A.
Authenticated users who access the data must have a need to know, depending on their level of permissions.Which of the following is the first step the organization should take when implementing the policy?
Answers
B.
Determine a quality CASB solution.
B.
Determine a quality CASB solution.
Answers
C.
Configure the DLP policies by user groups.
C.
Configure the DLP policies by user groups.
Answers
D.
Implement agentless NAC on boundary devices.
D.
Implement agentless NAC on boundary devices.
Answers
E.
Classify all data on the file servers.
E.
Classify all data on the file servers.
Answers
Suggested answer: D

Explanation:

zero trust is a security strategy that assumes breach and verifies each request as though it originates from an untrusted network12. A zero trust policy is a set of “allow rules” that specify conditions for accessing certain resources3.

According to one source4, the first step in implementing a zero trust policy is to identify and classify all data and assets in the organization. This helps to determine the level of sensitivity and risk associated with each resource and apply appropriate access controls. Classifying all data on the file servers is the first step in implementing a zero trust policy because it helps to determine the level of sensitivity and risk associated with each resource and apply appropriate access controls.

Reference: Zero Trust implementation guidance | Microsoft Learn

Question 329

Report
Export
Collapse

An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential dat a. Which of the following is the attacker most likely using?

A.
Base64 encoding
A.
Base64 encoding
Answers
B.
Steganography
B.
Steganography
Answers
C.
Data encryption
C.
Data encryption
Answers
D.
Perfect forward secrecy
D.
Perfect forward secrecy
Answers
Suggested answer: B

Explanation:

Steganography is a technique for hiding data inside of benign files such as images, audio, or video. This can be used to exfiltrate confidential data without raising suspicion or detection.

Reference: How to Hide Files Inside Files [Images, Folder] - Raymond.CC Blog; How to Hide Data in a Secret Text File Compartment - How-To Geek; How to Hide Data Within an Image - Medium

Question 330

Report
Export
Collapse

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

A.
Utilize a SOAR playbook to remove the phishing message.
A.
Utilize a SOAR playbook to remove the phishing message.
Answers
B.
Manually remove the phishing emails when alerts arrive.
B.
Manually remove the phishing emails when alerts arrive.
Answers
C.
Delay all emails until the retroactive alerts are received.
C.
Delay all emails until the retroactive alerts are received.
Answers
D.
Ingest the alerts into a SIEM to correlate with delivered messages.
D.
Ingest the alerts into a SIEM to correlate with delivered messages.
Answers
Suggested answer: A

Explanation:

One possible way to address this type of alert in the future is to use a SOAR (Security Orchestration, Automation, and Response) playbook to automatically remove the phishing message from the inbox3. A SOAR playbook is a set of predefined actions that can be triggered by certain events or conditions. This can help reduce the response time and human error in dealing with phishing alerts.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms