ExamGecko
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 34

Question list
Search
Search

List of questions

Search

Related questions











A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running. Which of the following should the engineer is to quickly contain the incident with the least amount of impact?

A.
Configure firewall rules to block malicious inbound access.
A.
Configure firewall rules to block malicious inbound access.
Answers
B.
Manually uninstall the update that contains the backdoor.
B.
Manually uninstall the update that contains the backdoor.
Answers
C.
Add the application hash to the organization's blocklist.
C.
Add the application hash to the organization's blocklist.
Answers
D.
Tum off all computers that have the application installed.
D.
Tum off all computers that have the application installed.
Answers
Suggested answer: C

Explanation:

A reverse proxy backdoor is a malicious reverse proxy that can intercept and manipulate the traffic between the client and the web server3. This can allow an attacker to access sensitive data or execute commands on the web server.

One possible way to quickly contain the incident with the least amount of impact is to add the application hash to the organization’s blocklist. A blocklist is a list of applications or files that are not allowed to run on a system or network. By adding the application hash to the blocklist, the security engineer can prevent the malicious application from running and communicating with the reverse proxy backdoor.

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

A.
Public cloud
A.
Public cloud
Answers
B.
Hybrid cloud
B.
Hybrid cloud
Answers
C.
Community cloud
C.
Community cloud
Answers
D.
Private cloud
D.
Private cloud
Answers
Suggested answer: A

Explanation:

There are three main models for cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)12. Each model represents a different part of the cloud computing stack and provides different levels of control, flexibility, and management. According to one source1, a public cloud is a type of cloud deployment where the cloud resources (such as servers and storage) are owned and operated by a third-party cloud service provider and delivered over the Internet. A public cloud can be shared with multiple organizations or users who pay for the service on a subscription or pay-as-you-go basis.

Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?

A.
Shadow IT
A.
Shadow IT
Answers
B.
Hacktivist
B.
Hacktivist
Answers
C.
Insider threat
C.
Insider threat
Answers
D.
script kiddie
D.
script kiddie
Answers
Suggested answer: A

Explanation:

shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge or approval of the IT or security group within the organization12. Shadow IT can encompass cloud services, software, and hardware. The main area of concern today is the rapid adoption of cloud-based services1.

According to one source3, shadow IT helps you know and identify which apps are being used and what your risk level is. 80% of employees use non-sanctioned apps that no one has reviewed, and may not be compliant with your security and compliance policies.

A security operations technician is searching the log named /vax/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

A.
cat /var/messages | grep 10.1.1.1
A.
cat /var/messages | grep 10.1.1.1
Answers
B.
grep 10.1.1.1 | cat /var/messages
B.
grep 10.1.1.1 | cat /var/messages
Answers
C.
grep /var/messages | cat 10.1.1.1
C.
grep /var/messages | cat 10.1.1.1
Answers
D.
cat 10.1.1.1 | grep /var/messages
D.
cat 10.1.1.1 | grep /var/messages
Answers
Suggested answer: A

Explanation:

the cat command reads the file and streams its content to standard output. The | symbol connects the output of the left command with the input of the right command. The grep command returns all lines that match the regex. The cut command splits each line into fields based on a delimiter and extracts a specific field.

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

A.
Log enrichment
A.
Log enrichment
Answers
B.
Log queue
B.
Log queue
Answers
C.
Log parser
C.
Log parser
Answers
D.
Log collector
D.
Log collector
Answers
Suggested answer: D

Explanation:

A log collector can collect logs from various sources, such as servers, devices, applications, or network components, and forward them to a central source for analysis and storage23.

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

A.
Watering-hole attack
A.
Watering-hole attack
Answers
B.
Pretexting
B.
Pretexting
Answers
C.
Typosquatting
C.
Typosquatting
Answers
D.
Impersonation
D.
Impersonation
Answers
Suggested answer: A

Explanation:

a watering hole attack is a form of cyberattack that targets a specific group of users by infecting websites that they commonly visit123. The attacker seeks to compromise the user’s computer and gain access to the network at the user’s workplace or personal data123. The attacker observes the websites often visited by the victim or the group and infects those sites with malware14 . The attacker may also lure the user to a malicious site4. A watering hole attack is difficult to diagnose and poses a significant threat to websites and users2 .

While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:

Which of the following attack types best describes the root cause of the unusual behavior?

A.
Server-side request forgery
A.
Server-side request forgery
Answers
B.
Improper error handling
B.
Improper error handling
Answers
C.
Buffer overflow
C.
Buffer overflow
Answers
D.
SQL injection
D.
SQL injection
Answers
Suggested answer: D

Explanation:

SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input12. A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system3.

According to the pseudocode given in the question, the application takes a user input for display name and concatenates it with a SQL query to update the user’s profile. This is a vulnerable practice that allows an attacker to inject malicious SQL code into the query and execute it on the database. For example, an attacker could enter something like this as their display name:

John'; DROP TABLE users; --

This would result in the following SQL query being executed:

UPDATE profile SET displayname = 'John'; DROP TABLE users; --' WHERE userid = 1; The semicolon (;) terminates the original update statement and starts a new one that drops the users table. The double dash (–) comments out the rest of the query. This would cause a catastrophic loss of data for the application.

A security team is providing input on the design of a secondary data center that has the following req uirements:+ Anatural disaster at the primary site should not affect the secondary site. The secondary site should have the capability for failover during traffic surge situations.+ The secondary site must m eet the same physical security requirements as the primary site. The secondary site must provide pro tection against power surges and outages.

Which of the following should the security team recommend? (Select two).

A.
Coniguring replication of the web servers at the primary site to offline storage B. Constructing the secondary site in a geographically disperse location C. Deploying load balancers at the primary site
A.
Coniguring replication of the web servers at the primary site to offline storage B. Constructing the secondary site in a geographically disperse location C. Deploying load balancers at the primary site
Answers
B.
Installing generators
B.
Installing generators
Answers
C.
Using differential backups at the secondary site
C.
Using differential backups at the secondary site
Answers
D.
Implementing hot and cold aisles at the secondary site
D.
Implementing hot and cold aisles at the secondary site
Answers
Suggested answer: B, D

Explanation:

B. Constructing the secondary site in a geographically disperse location would ensure that a natural disaster at the primary site would not affect the secondary site. It would also allow for failover during traffic surge situations by distributing the load across different regions. D. Installing generators would provide protection against power surges and outages by providing backup power sources in case of a failure. Generators are part of the physical security requirements for data centers as they ensure availability and resilience. Reference: 1 CompTIA Security+ Certification Exam Objectives, page 8, Domain 2.0: Architecture and Design, Objective 2.1: Explain the importance of secure staging deployment concepts 2 CompTIA Security+ Certification Exam Objectives, page 9, Domain 2.0:

Architecture and Design, Objective 2.3: Summarize secure application development, deployment, and automation concepts 3 CompTIA Security+ Certification Exam Objectives, page 11, Domain 2.0:

Architecture and Design, Objective 2.5: Explain the importance of physical security controls

An account was disabled atter several failed and successful login connections were made from various parts of the Word at various times. A security analysts investigating the issue. Which of the following account policies most likely triggered the action to disable the

A.
Time based logins
A.
Time based logins
Answers
B.
Password history
B.
Password history
Answers
C.
Geofencing
C.
Geofencing
Answers
D.
Impossible travel time
D.
Impossible travel time
Answers
Suggested answer: D

Explanation:

Impossible travel time is a policy that detects and blocks login attempts from locations that are geographically impossible to reach from the previous login location within a certain time frame. For example, if a user logs in from New York and then tries to log in from Tokyo within an hour, the policy would flag this as impossible travel time and disable the account. This policy helps prevent unauthorized access from compromised credentials or attackers using proxy servers.

Reference: 1 CompTIA Security+ Certification Exam Objectives, page 6, Domain 1.0: Attacks, Threats, and Vulnerabilities, Objective 1.2: Compare and contrast different types of social engineering techniques 2 CompTIA Security+ Certification Exam Objectives, page 14, Domain 3.0:

Implementation, Objective 3.4: Implement identity and account management controls 3 https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign- in-risk-policy#impossible-travel

Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?

A.
SSAE SOC 2
A.
SSAE SOC 2
Answers
B.
GDPR
B.
GDPR
Answers
C.
PCI DSS
C.
PCI DSS
Answers
D.
NIST CSF
D.
NIST CSF
Answers
Suggested answer: D

Explanation:

NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) is a set of guidelines and best practices for managing cybersecurity risks. It is based on existing standards, guidelines, and practices that are widely recognized and applicable across different sectors and organizations. It provides a common language and framework for understanding, communicating, and managing cybersecurity risks. Reference: 1 CompTIA Security+ Certification Exam Objectives, page 7, Domain 1.0: Attacks, Threats, and Vulnerabilities, Objective 1.4: Explain the techniques used in security assessments 2 CompTIA Security+ Certification Exam Objectives, page 8, Domain 2.0:

Architecture and Design, Objective 2.1: Explain the importance of secure staging deployment concepts 3 https://www.nist.gov/cyberframework

Total 603 questions
Go to page: of 61