ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 46

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 451

Report
Export
Collapse

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

A.
An RTO report
A.
An RTO report
Answers
B.
A risk register
B.
A risk register
Answers
C.
A business impact analysis
C.
A business impact analysis
Answers
D.
An asset value register
D.
An asset value register
Answers
E.
A disaster recovery plan
E.
A disaster recovery plan
Answers
Suggested answer: B

Explanation:

A risk register is a document or a tool that records and tracks information about the identified risks and their analysis, such as likelihood, impact, priority, mitigation strategies, residual risks, etc. It can contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented.

Question 452

Report
Export
Collapse

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

A.
The business continuity plan
A.
The business continuity plan
Answers
B.
The risk management plan
B.
The risk management plan
Answers
C.
The communication plan
C.
The communication plan
Answers
D.
The incident response plan
D.
The incident response plan
Answers
Suggested answer: A

Explanation:

A business continuity plan is a document or a process that outlines how an organization can continue its critical operations and functions in the event of a disruption or disaster. It can include strategies and procedures for recovering or relocating resources, personnel, data, etc., to ensure minimal downtime and impact. The organization will most likely consult the business continuity plan when setting up offices in a temporary work space after its corporate offices were destroyed due to a natural disaster.

Question 453

Report
Export
Collapse

A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

• The manager of the accounts payable department is using the same password across multiple external websites and the corporate account

• One of the websites the manager used recently experienced a data breach.

• The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.

Which of the following attacks has most likely been used to compromise the manager's corporate account?

A.
Remote access Trojan
A.
Remote access Trojan
Answers
B.
Brute-force
B.
Brute-force
Answers
C.
Dictionary
C.
Dictionary
Answers
D.
Credential stuffing
D.
Credential stuffing
Answers
E.
Password spraying
E.
Password spraying
Answers
Suggested answer: D

Explanation:

Credential stuffing is a type of attack that involves using stolen or leaked usernames and passwords from one website or service to gain unauthorized access to other websites or services that use the same credentials. It can exploit the common practice of reusing passwords across multiple accounts. It is the most likely attack that has been used to compromise the manager's corporate account, given that the manager is using the same password across multiple external websites and the corporate account, and one of the websites recently experienced a data breach.

Question 454

Report
Export
Collapse

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the follow r 3 best describes these systems?

A.
DNS sinkholes
A.
DNS sinkholes
Answers
B.
Honey pots
B.
Honey pots
Answers
C.
Virtual machines
C.
Virtual machines
Answers
D.
Neural networks
D.
Neural networks
Answers
Suggested answer: B

Explanation:

Honey pots are decoy systems or resources that are designed to attract and deceive threat actors and to learn more about their motives, techniques, etc. They can be deployed alongside production systems to create an illusion of a vulnerable target and divert attacks away from the real systems. They can also collect valuable information and evidence about the attackers and their activities for further analysis or prosecution.

Question 455

Report
Export
Collapse

Which of the following are common VoIP-associated vulnerabilities? (Select two).

A.
SPIM
A.
SPIM
Answers
B.
Vishing
B.
Vishing
Answers
C.
VLAN hopping
C.
VLAN hopping
Answers
D.
Phishing
D.
Phishing
Answers
E.
DHCP snooping
E.
DHCP snooping
Answers
F.
Tailgating
F.
Tailgating
Answers
Suggested answer: A, B

Explanation:

SPIM (Spam over Internet Messaging) is a type of VoIP-associated vulnerability that involves sending unsolicited or fraudulent messages over an internet messaging service, such as Skype or WhatsApp.

It can trick users into clicking on malicious links, downloading malware, providing personal or financial information, etc., by impersonating a legitimate entity or creating a sense of urgency or curiosity. Vishing (Voice Phishing) is a type of VoIP-associated vulnerability that involves making unsolicited or fraudulent phone calls over an internet telephony service, such as Google Voice or Vonage. It can trick users into disclosing personal or financial information, following malicious instructions, transferring money, etc., by using voice spoofing, caller ID spoofing, or interactive voice response systems.

Question 456

Report
Export
Collapse

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

A.
Redundancy
A.
Redundancy
Answers
B.
RAID 1+5
B.
RAID 1+5
Answers
C.
Virtual machines
C.
Virtual machines
Answers
D.
Full backups
D.
Full backups
Answers
Suggested answer: D

Explanation:


Question 457

Report
Export
Collapse

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

A.
CVE
A.
CVE
Answers
B.
SIEM
B.
SIEM
Answers
C.
SOAR
C.
SOAR
Answers
D.
CVSS
D.
CVSS
Answers
Suggested answer: D

Explanation:

CVSS (Common Vulnerability Scoring System) is a framework and a metric that provides a standardized and consistent way of assessing and communicating the severity levels of vulnerabilities. It assigns a numerical score and a vector string to each vulnerability based on various factors, such as exploitability, impact, scope, etc. It can help communicate to the leadership team the severity levels of the organization's vulnerabilities by providing a quantitative and qualitative measure of the risks and the potential impacts.

Question 458

Report
Export
Collapse

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

A.
# iptables -t mangle -X
A.
# iptables -t mangle -X
Answers
B.
# iptables -F
B.
# iptables -F
Answers
C.
# iptables -2
C.
# iptables -2
Answers
D.
# iptables -P INPUT -j DROP
D.
# iptables -P INPUT -j DROP
Answers
Suggested answer: B

Explanation:

iptables is a command-line tool that allows an administrator to configure firewall rules for a Linux system. The -F option flushes or deletes all the existing rules in the selected chain or in all chains if none is given. It can be used to remove the rules that caused the network to be unresponsive and restore the default firewall behavior.

Question 459

Report
Export
Collapse

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

A.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any
A.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any
Answers
B.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any
B.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any
Answers
C.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any
C.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any
Answers
D.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any
D.
[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any
Answers
Suggested answer: A

Explanation:

This firewall rule set allows a subnet to only access DHCP, web pages, and SFTP, and specifically blocks FTP by allowing or denying traffic based on the source, destination, and port. The rule set is as follows:

Allow any source and any destination on port 80 (HTTP)

Allow any source and any destination on port 443 (HTTPS)

Allow any source and any destination on port 67 (DHCP server)

Allow any source and any destination on port 68 (DHCP client)

Allow any source and any destination on port 22 (SFTP)

Deny any source and any destination on port 21 (FTP)

Deny any source and any destination on any other port

Question 460

Report
Export
Collapse

An organization has hired a red team to simulate attacks on its security pos-ture, which Of following will the blue team do after detecting an IOC?

A.
Reimage the impacted workstations.
A.
Reimage the impacted workstations.
Answers
B.
Activate runbooks for incident response.
B.
Activate runbooks for incident response.
Answers
C.
Conduct forensics on the compromised system,
C.
Conduct forensics on the compromised system,
Answers
D.
Conduct passive reconnaissance to gather information
D.
Conduct passive reconnaissance to gather information
Answers
Suggested answer: B

Explanation:

A runbook is a set of predefined procedures and steps that guide an incident response team through the process of handling a security incident. It can help the blue team respond quickly and effectively to an indicator of compromise (IOC) by following the best practices and predefined actions for containment, eradication, recovery and lessons learned.


Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms