ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
DRAG DROP A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?

Question 31

Report
Export
Collapse

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

A.
Pulverizing
A.
Pulverizing
Answers
B.
Shredding
B.
Shredding
Answers
C.
Incinerating
C.
Incinerating
Answers
D.
Degaussing
D.
Degaussing
Answers
Suggested answer: B

Explanation:

Shredding may be the most secure and cost-effective way to destroy electronic data in any media that contain hard drives or solid-state drives and have reached their end-of-life1. Shredding reduces electronic devices to pieces no larger than 2 millimeters2. Therefore, shredding is the most secure but least expensive data destruction method for data that is stored on hard drives.

Question 32

Report
Export
Collapse

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

A.
A RAT
A.
A RAT
Answers
B.
Ransomware
B.
Ransomware
Answers
C.
Polymophic
C.
Polymophic
Answers
D.
A worm
D.
A worm
Answers
Suggested answer: A

Explanation:

Based on the given information, the most likely type of malware infecting the hosts is a RAT (Remote Access Trojan). RATs are often used for stealthy unauthorized access to a victim's computer, and they can evade traditional antivirus software through various sophisticated techniques. In particular, the fact that the malware is communicating with external IP addresses during specific hours suggests that it may be under the control of an attacker who is issuing commands from a remote location. Ransomware, polymorphic malware, and worms are also possible culprits, but the context of the question suggests that a RAT is the most likely answer.

Question 33

Report
Export
Collapse

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

A.
Risk matrix
A.
Risk matrix
Answers
B.
Risk tolerance
B.
Risk tolerance
Answers
C.
Risk register
C.
Risk register
Answers
D.
Risk appetite
D.
Risk appetite
Answers
Suggested answer: B

Explanation:

To determine the total risk an organization can bear, a technician should review the organization's risk tolerance, which is the amount of risk the organization is willing to accept. This information will help determine the organization's "cloud-first" adoption strategy. Reference: CompTIA Security+ Certification Exam Objectives (SY0-601)

Question 34

Report
Export
Collapse

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

A.
Block cipher
A.
Block cipher
Answers
B.
Hashing
B.
Hashing
Answers
C.
Private key
C.
Private key
Answers
D.
Perfect forward secrecy
D.
Perfect forward secrecy
Answers
E.
Salting
E.
Salting
Answers
F.
Symmetric keys
F.
Symmetric keys
Answers
Suggested answer: B, C

Explanation:

Non-repudiation is the ability to ensure that a party cannot deny a previous action or event. Cryptographic concepts that can be used to implement non-repudiation include hashing and digital signatures, which use a private key to sign a message and ensure that the signature is unique to the signer. Reference: CompTIA Security+ Certification Exam Objectives (SY0-601)

Question 35

Report
Export
Collapse

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

A.
NIC Teaming
A.
NIC Teaming
Answers
B.
Port mirroring
B.
Port mirroring
Answers
C.
Defense in depth
C.
Defense in depth
Answers
D.
High availability
D.
High availability
Answers
E.
Geographic dispersal
E.
Geographic dispersal
Answers
Suggested answer: C

Explanation:

Defense in depth is a resiliency technique that involves implementing multiple layers of security controls to protect against different types of threats. In this scenario, the NIPS likely provided protection at a different layer than the boundary firewall, demonstrating the effectiveness of defense in depth. Reference: CompTIA Security+ Certification Exam Objectives (SY0-601)

Question 36

Report
Export
Collapse

Which of the following isa risk that is specifically associated with hesting applications iin the public cloud?

A.
Unsecured root accounts
A.
Unsecured root accounts
Answers
B.
Zero day
B.
Zero day
Answers
C.
Shared tenancy
C.
Shared tenancy
Answers
D.
Insider threat
D.
Insider threat
Answers
Suggested answer: C

Explanation:

When hosting applications in the public cloud, there is a risk of shared tenancy, meaning that multiple organizations are sharing the same infrastructure. This can potentially allow one tenant to access another tenant's data, creating a security risk. Reference: CompTIA Security+ Certification Exam Objectives (SY0-601)

Question 37

Report
Export
Collapse

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A.
Default system configuration
A.
Default system configuration
Answers
B.
Unsecure protocols
B.
Unsecure protocols
Answers
C.
Lack of vendor support
C.
Lack of vendor support
Answers
D.
Weak encryption
D.
Weak encryption
Answers
Suggested answer: C

Explanation:

Using legacy software to support a critical service poses a risk due to lack of vendor support. Legacy software is often outdated and unsupported, which means that security patches and upgrades are no longer available. This can leave the system vulnerable to exploitation by attackers who may exploit known vulnerabilities in the software to gain unauthorized access to the system.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 1: Attacks, Threats, and Vulnerabilities

Question 38

Report
Export
Collapse

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

A.
The unexpected traffic correlated against multiple rules, generating multiple alerts.
A.
The unexpected traffic correlated against multiple rules, generating multiple alerts.
Answers
B.
Multiple alerts were generated due to an attack occurring at the same time.
B.
Multiple alerts were generated due to an attack occurring at the same time.
Answers
C.
An error in the correlation rules triggered multiple alerts.
C.
An error in the correlation rules triggered multiple alerts.
Answers
D.
The SIEM was unable to correlate the rules, triggering the alerts.
D.
The SIEM was unable to correlate the rules, triggering the alerts.
Answers
Suggested answer: A

Explanation:

Multiple alerts were generated on the SIEM during the emergency maintenance activity due to unexpected traffic correlated against multiple rules. The SIEM generates alerts when it detects an event that matches a rule in its rulebase. If the event matches multiple rules, the SIEM will generate multiple alerts.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design

Question 39

Report
Export
Collapse

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

A.
Preventive
A.
Preventive
Answers
B.
Compensating
B.
Compensating
Answers
C.
Corrective
C.
Corrective
Answers
D.
Detective
D.
Detective
Answers
Suggested answer: D

Explanation:

A SIEM is a security solution that helps detect security incidents by monitoring for notable events across the enterprise. A detective control is a control that is designed to detect security incidents and respond to them. Therefore, a SIEM represents a detective control.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design

Question 40

Report
Export
Collapse

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

A.
MAC address filtering
A.
MAC address filtering
Answers
B.
802.1X
B.
802.1X
Answers
C.
Captive portal
C.
Captive portal
Answers
D.
WPS
D.
WPS
Answers
Suggested answer: D

Explanation:

The network analyst should enable Wi-Fi Protected Setup (WPS) to allow users to connect to the wireless access point securely without having to remember passwords. WPS allows users to connect to a wireless network by pressing a button or entering a PIN instead of entering a password.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 4: Identity and Access Management

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms