ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 36

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 351

Report
Export
Collapse

An organization wants to secure a LAN/WLAN so users can authenticate and transport data securely. The solution needs to prevent on-path attacks and evil twin attacks. Which of the following will best meet the organization's need?

A.
MFA
A.
MFA
Answers
B.
802.1X
B.
802.1X
Answers
C.
WPA2
C.
WPA2
Answers
D.
TACACS
D.
TACACS
Answers
Suggested answer: B

Explanation:

802.1X is a standard for network access control that provides authentication and encryption for devices that connect to a LAN/WLAN. 802.1X uses the Extensible Authentication Protocol (EAP) to exchange authentication messages between a supplicant (the device requesting access), an authenticator (the device granting access), and an authentication server (the device verifying credentials). 802.1X can prevent on-path attacks and evil twin attacks by requiring users to provide valid credentials before accessing the network and encrypting the data transmitted over the network.

On-path attacks are attacks that involve intercepting or modifying network traffic between two endpoints. An on-path attacker can eavesdrop on sensitive information, alter or inject malicious data, or redirect traffic to malicious destinations. On-path attacks are frequently perpetrated over WiFi networks1.

Evil twin attacks are attacks that involve setting up a fake WiFi access point that mimics a legitimate one. An evil twin attacker can trick users into connecting to the fake network and then monitor or manipulate their online activity. Evil twin attacks are more common on public WiFi networks that are unsecured and leave personal data vulnerable23.

Question 352

Report
Export
Collapse

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these mitigations?

A.
Corrective
A.
Corrective
Answers
B.
Compensating
B.
Compensating
Answers
C.
Deterrent
C.
Deterrent
Answers
D.
Technical
D.
Technical
Answers
Suggested answer: B

Explanation:

Compensating controls are additional security measures that are implemented to reduce the risk of non-compliant controls. They do not fix the underlying issue, but they provide an alternative way of achieving the same security objective. For example, if a system does not have encryption, a compensating control could be to restrict access to the system or use a secure network connection.

Question 353

Report
Export
Collapse

A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?

A.
Shoulder surfing
A.
Shoulder surfing
Answers
B.
Watering hole
B.
Watering hole
Answers
C.
Vishing
C.
Vishing
Answers
D.
Tailgating
D.
Tailgating
Answers
Suggested answer: A

Explanation:

Shoulder surfing is a social engineering technique that involves looking over someone’s shoulder to see what they are typing, writing, or viewing on their screen. It can be used to steal passwords, PINs, credit card numbers, or other sensitive information. In this scenario, the contractor used shoulder surfing to overhear the customer’s credit card number during a phone call.

Question 354

Report
Export
Collapse

An analyst is working on an investigation with multiple alerts for multiple hosts. The hosts are showing signs of being compromised by a fast-spreading worm. Which of the following should be the next step in order to stop the spread?

A.
Disconnect every host from the network.
A.
Disconnect every host from the network.
Answers
B.
Run an AV scan on the entire
B.
Run an AV scan on the entire
Answers
C.
Scan the hosts that show signs of
C.
Scan the hosts that show signs of
Answers
D.
Place all known-infected hosts on an isolated network
D.
Place all known-infected hosts on an isolated network
Answers
Suggested answer: D

Explanation:

Placing all known-infected hosts on an isolated network is the best way to stop the spread of a worm infection. This will prevent the worm from reaching other hosts on the network and allow the infected hosts to be cleaned and restored. Disconnecting every host from the network is not practical and may disrupt business operations. Running an AV scan on the entire network or scanning the hosts that show signs of infection may not be effective or fast enough to stop a fast-spreading worm.

Question 355

Report
Export
Collapse

Which of the following best describes a tool used by an organization to identi-fy, log, and track any potential risks and corresponding risk information?

A.
Quantitative risk assessment
A.
Quantitative risk assessment
Answers
B.
Risk register
B.
Risk register
Answers
C.
Risk control assessment
C.
Risk control assessment
Answers
D.
Risk matrix
D.
Risk matrix
Answers
Suggested answer: B

Explanation:

A risk register is a tool used by an organization to identify, log, and track any potential risks and corresponding risk information. It helps to document the risks, their likelihood, impact, mitigation strategies, and status. A risk register is an essential part of risk management and can be used for projects or organizations.

Question 356

Report
Export
Collapse

An air traffic controller receives a change in flight plan for an morning aircraft over the phone. The air traffic controller compares the change to what appears on radar and determines the information to be false. As a result, the air traffic controller is able to prevent an incident from occurring. Which of the following is this scenario an example of?

A.
Mobile hijacking
A.
Mobile hijacking
Answers
B.
Vishing
B.
Vishing
Answers
C.
Unsecure VoIP protocols
C.
Unsecure VoIP protocols
Answers
D.
SPIM attack
D.
SPIM attack
Answers
Suggested answer: B

Explanation:

Vishing is a form of phishing that uses voice calls or voice messages to trick victims into revealing personal information, such as credit card numbers, bank details, or passwords. Vishing often uses spoofed phone numbers, voice-altering software, or social engineering techniques to impersonate legitimate organizations or authorities. In this scenario, the caller pretended to be someone who could change the flight plan of an aircraft, which could have caused a serious incident.

Question 357

Report
Export
Collapse

A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business. The first step the IT team should perform is to deploy a DLP solution:

A.
for only data in transit.
A.
for only data in transit.
Answers
B.
for only data at reset.
B.
for only data at reset.
Answers
C.
in blocking mode.
C.
in blocking mode.
Answers
D.
in monitoring mode.
D.
in monitoring mode.
Answers
Suggested answer: D

Explanation:

A DLP solution in monitoring mode is a good first step to deploy for data loss prevention. It allows the IT team to observe and analyze the data flows and activities without blocking or interfering with them. It helps to identify the sources and destinations of sensitive data, the types and volumes of data involved, and the potential risks and violations. It also helps to fine-tune the DLP policies and rules before switching to blocking mode, which can disrupt business operations if not configured properly.

Question 358

Report
Export
Collapse

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the following should the analyst recommend? (Select two).

A.
TACACS+
A.
TACACS+
Answers
B.
RADIUS
B.
RADIUS
Answers
C.
OAuth
C.
OAuth
Answers
D.
OpenlD
D.
OpenlD
Answers
E.
Kerberos
E.
Kerberos
Answers
F.
CHAP
F.
CHAP
Answers
Suggested answer: B, E

Explanation:

RADIUS and Kerberos are two protocols that can be used to integrate Active Directory accounts and groups with network and remote-access devices. RADIUS is a protocol that provides centralized authentication, authorization, and accounting for network access. It can use Active Directory as a backend database to store user credentials and group memberships. Kerberos is a protocol that provides secure authentication and encryption for network services. It is the default authentication protocol for Active Directory and can be used by remote-access devices that support it.

Question 359

Report
Export
Collapse

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

Which of the following is the most likely cause of the security control bypass?

A.
IP address allow list
A.
IP address allow list
Answers
B.
User-agent spoofing
B.
User-agent spoofing
Answers
C.
WAF bypass
C.
WAF bypass
Answers
D.
Referrer manipulation
D.
Referrer manipulation
Answers
Suggested answer: B

Explanation:

User-agent spoofing is a technique that involves changing the user-agent string of a web browser or other client to impersonate another browser or device. The user-agent string is a piece of information that identifies the client to the web server and can contain details such as the browser name, version, operating system, and device type. User-agent spoofing can be used to bypass security controls that rely on the user-agent string to determine the legitimacy of a request. In this scenario, the consultants were able to spoof the user-agent string of the company’s mobile application and access the API that should have been restricted to it.

Question 360

Report
Export
Collapse

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

A.
Tokenization
A.
Tokenization
Answers
B.
Input validation
B.
Input validation
Answers
C.
Code signing
C.
Code signing
Answers
D.
Secure cookies
D.
Secure cookies
Answers
Suggested answer: B

Explanation:

Input validation is a technique that involves checking the user input for any malicious or unexpected characters or commands that could be used to perform SQL injection attacks. Input validation can be done by using allow-lists or deny-lists to filter out the input based on predefined criteria. Input validation can prevent SQL injection attacks by ensuring that only valid and expected input is passed to the database queries.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms