ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 45

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
A candidate attempts to go to but accidentally visits http://comptiia.org . The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A company acquired several other small companies The company thai acquired the others is transitioning network services to the cloud The company wants to make sure that performance and security remain intact Which of the following BEST meets both requirements?
A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?
A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

Question 441

Report
Export
Collapse

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

A.
Security information and event management
A.
Security information and event management
Answers
B.
A web application firewall
B.
A web application firewall
Answers
C.
A vulnerability scanner
C.
A vulnerability scanner
Answers
D.
A next-generation firewall
D.
A next-generation firewall
Answers
Suggested answer: A

Explanation:

Security information and event management (SIEM) is a solution that collects, analyzes, and correlates logs and events from various sources such as firewalls, servers, applications, etc., within an organization's network. It can centralize logs to create a baseline and have visibility on security events by providing a unified dashboard and reporting system for log management and security monitoring.

Question 442

Report
Export
Collapse

Which of the following would be used to find the most common web-applicalion vulnerabilities?

A.
OWASP
A.
OWASP
Answers
B.
MITRE ATTACK
B.
MITRE ATTACK
Answers
C.
Cyber Kill Chain
C.
Cyber Kill Chain
Answers
D.
SDLC
D.
SDLC
Answers
Suggested answer: A

Explanation:

OWASP (Open Web Application Security Project) is a non-profit organization that provides resources and guidance for improving the security of web applications. It publishes a list of the most common web application vulnerabilities, such as injection, broken authentication, cross-site scripting, etc., and provides recommendations and best practices for preventing and mitigating them

Question 443

Report
Export
Collapse

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot.

Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

A.
An external access point is engaging in an evil-Twin attack
A.
An external access point is engaging in an evil-Twin attack
Answers
B.
The signal on the WAP needs to be increased in that section of the building
B.
The signal on the WAP needs to be increased in that section of the building
Answers
C.
The certificates have expired on the devices and need to be reinstalled
C.
The certificates have expired on the devices and need to be reinstalled
Answers
D.
The users in that section of the building are on a VLAN that is being blocked by the firewall
D.
The users in that section of the building are on a VLAN that is being blocked by the firewall
Answers
Suggested answer: A

Explanation:

An evil-Twin attack is a type of wireless network attack that involves setting up a rogue access point that mimics a legitimate one. It can trick users into connecting to the rogue access point instead of the real one, and then intercept or modify their traffic, steal their credentials, launch phishing pages, etc. It is the most likely cause of the issue that users are experiencing slow speeds, unable to connect to network drives, and required to enter their credentials on web pages when working in the section of the building that is closest to the parking lot, where an external access point could be placed nearby.

Question 444

Report
Export
Collapse

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

A.
Security
A.
Security
Answers
B.
Application
B.
Application
Answers
C.
Dump
C.
Dump
Answers
D.
Syslog
D.
Syslog
Answers
Suggested answer: C

Explanation:

A dump file is a file that contains the contents of memory at a specific point in time. It can be used for debugging or forensic analysis of a system or an application. It can reveal what was in the memory on the compromised server, such as processes, variables, passwords, encryption keys, etc.

Question 445

Report
Export
Collapse

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

A.
IDS solution
A.
IDS solution
Answers
B.
EDR solution
B.
EDR solution
Answers
C.
HIPS software solution
C.
HIPS software solution
Answers
D.
Network DLP solution
D.
Network DLP solution
Answers
Suggested answer: D

Explanation:

A network DLP (Data Loss Prevention) solution is a tool that monitors and controls the data that is transmitted over a network. It can inspect in-transit files on the enterprise network to search for PII (Personally Identifiable Information), credit card data, and classification words by using predefined rules and policies, and then block, encrypt, quarantine, or alert on any sensitive data that is detected or leaked.

Question 446

Report
Export
Collapse

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

A.
OWASP
A.
OWASP
Answers
B.
Vulnerability scan results
B.
Vulnerability scan results
Answers
C.
NIST CSF
C.
NIST CSF
Answers
D.
Third-party libraries
D.
Third-party libraries
Answers
Suggested answer: A

Explanation:

OWASP (Open Web Application Security Project) is a non-profit organization that provides resources and guidance for improving the security of web applications. It can be the best resource for a software developer who is looking to improve secure coding practices for web applications by offering various tools, frameworks, standards, cheat sheets, testing guides, etc., that cover various aspects of web application security development and testing

Question 447

Report
Export
Collapse

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

A.
The DLP appliance should be integrated into a NGFW.
A.
The DLP appliance should be integrated into a NGFW.
Answers
B.
Split-tunnel connections can negatively impact the DLP appliance's performance.
B.
Split-tunnel connections can negatively impact the DLP appliance's performance.
Answers
C.
Encrypted VPN traffic will not be inspected when entering or leaving the network.
C.
Encrypted VPN traffic will not be inspected when entering or leaving the network.
Answers
D.
Adding two hops in the VPN tunnel may slow down remote connections
D.
Adding two hops in the VPN tunnel may slow down remote connections
Answers
Suggested answer: C

Explanation:

VPN (Virtual Private Network) traffic is encrypted to protect its confidentiality and integrity over the internet. However, this also means that it cannot be inspected by security devices or tools when entering or leaving the network, unless it is decrypted first. This can create a blind spot or a vulnerability for the network security posture, as malicious traffic or data could bypass detection or prevention mechanisms by using VPN encryption

Question 448

Report
Export
Collapse

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

A.
Something you know
A.
Something you know
Answers
B.
Something you have
B.
Something you have
Answers
C.
Somewhere you are
C.
Somewhere you are
Answers
D.
Someone you know
D.
Someone you know
Answers
E.
Something you are
E.
Something you are
Answers
F.
Something you can do
F.
Something you can do
Answers
Suggested answer: A, B

Explanation:

MFA (Multi-Factor Authentication) is a method of verifying a user's identity by requiring two or more factors or attributes that belong to different categories. The categories are something you know (such as a password or a PIN), something you have (such as a token or a smart card), something you are (such as a fingerprint or an iris scan), something you do (such as a gesture or a voice command), and somewhere you are (such as a location or an IP address). In this case, the user enters a password (something you know) and then receives an authentication code (something you have) to log in to a workstation.

Question 449

Report
Export
Collapse

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

A.
SAN
A.
SAN
Answers
B.
Wildcard
B.
Wildcard
Answers
C.
Extended validation
C.
Extended validation
Answers
D.
Self-signed
D.
Self-signed
Answers
Suggested answer: B

Explanation:

A wildcard certificate is a type of SSL certificate that can secure multiple subdomains under one domain name by using an asterisk (*) as a placeholder for any subdomain name. For example, *.company.com can secure www.company.com, contactus.company.com, quotes.company.com, etc. It can work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com.

Question 450

Report
Export
Collapse

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst most likely see in this packet capture?

A.
Session replay
A.
Session replay
Answers
B.
Evil twin
B.
Evil twin
Answers
C.
Bluejacking
C.
Bluejacking
Answers
D.
ARP poisoning
D.
ARP poisoning
Answers
Suggested answer: B

Explanation:

An evil twin is a type of wireless network attack that involves setting up a rogue access point that mimics a legitimate one. It can trick users into connecting to the rogue access point instead of the real one, and then intercept or modify their traffic, steal their credentials, launch phishing pages, etc.

In this packet capture, the analyst can see that there are two access points with the same SSID (CoffeeShop) but different MAC addresses (00:0c:41:82:9c:4f and 00:0c:41:82:9c:4e). This indicates that one of them is an evil twin that is trying to impersonate the other one.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms