ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
DRAG DROP A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?

Question 41

Report
Export
Collapse

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

A.
Production
A.
Production
Answers
B.
Test
B.
Test
Answers
C.
Staging
C.
Staging
Answers
D.
Development
D.
Development
Answers
Suggested answer: D

Explanation:

A development environment is the environment that is used to develop and test software. It is typically installed locally on a system that allows code to be assessed directly and modified easily with each build. In this environment, dummy data is often utilized to test the software's functionality.

Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design

Question 42

Report
Export
Collapse

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

A.
SNMP traps
A.
SNMP traps
Answers
B.
A Telnet session
B.
A Telnet session
Answers
C.
An SSH connection
C.
An SSH connection
Answers
D.
SFTP traffic
D.
SFTP traffic
Answers
Suggested answer: B

Explanation:

The security analyst is likely observing a Telnet session, as Telnet transmits data in plain text format, including usernames and passwords. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 1.2 Given a scenario, analyze indicators of compromise and determine the type of malware.

Question 43

Report
Export
Collapse

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

A.
Establish chain of custody.
A.
Establish chain of custody.
Answers
B.
Inspect the file metadata.
B.
Inspect the file metadata.
Answers
C.
Reference the data retention policy.
C.
Reference the data retention policy.
Answers
D.
Review the email event logs
D.
Review the email event logs
Answers
Suggested answer: D

Explanation:

Reviewing the email event logs can support an investigation for fraudulent submission, as these logs can provide details about the history of emails, including the message content, timestamps, and sender/receiver information. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 3.2 Given a scenario, implement appropriate data security and privacy controls.

Question 44

Report
Export
Collapse

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

A.
135
A.
135
Answers
B.
139
B.
139
Answers
C.
143
C.
143
Answers
D.
161
D.
161
Answers
E.
443
E.
443
Answers
F.
445
F.
445
Answers
Suggested answer: B, F

Explanation:

To protect the servers in the company’s DMZ from external attack due to the new vulnerability in the SMB protocol on the Windows systems, the security administrator should block TCP ports 139 and 445 for all external inbound connections to the DMZ.

SMB uses TCP port 139 and 445. Blocking these ports will prevent external attackers from exploiting the vulnerability in SMB protocol on Windows systems.

Blocking TCP ports 139 and 445 for all external inbound connections to the DMZ can help protect the servers, as these ports are used by SMB protocol. Port 135 is also associated with SMB, but it is not commonly used. Ports 143 and 161 are associated with other protocols and services. Reference:

CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 1.4 Compare and contrast network architecture and technologies.

Question 45

Report
Export
Collapse

When planning to build a virtual environment, an administrator need to achieve the following,

• Establish polices in Limit who can create new VMs

• Allocate resources according to actual utilization‘

• Require justification for requests outside of the standard requirements.

• Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

A.
Implement IaaS replication
A.
Implement IaaS replication
Answers
B.
Product against VM escape
B.
Product against VM escape
Answers
C.
Deploy a PaaS
C.
Deploy a PaaS
Answers
D.
Avoid VM sprawl
D.
Avoid VM sprawl
Answers
Suggested answer: D

Explanation:

The administrator is most likely trying to avoid VM sprawl, which occurs when too many VMs are created and managed poorly, leading to resource waste and increased security risks. The listed actions can help establish policies, resource allocation, and categorization to prevent unnecessary VM creation and ensure proper management. Reference: CompTIA Security+ Certification Exam Objectives, Exam SY0-601, 3.6 Given a scenario, implement the appropriate virtualization components.

Question 46

Report
Export
Collapse

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

A.
openssl
A.
openssl
Answers
B.
hping
B.
hping
Answers
C.
netcat
C.
netcat
Answers
D.
tcpdump
D.
tcpdump
Answers
Suggested answer: A

Explanation:

To verify that a client-server (non-web) application is sending encrypted traffic, a security analyst can use OpenSSL. OpenSSL is a software library that provides cryptographic functions, including encryption and decryption, in support of various security protocols, including SSL/TLS. It can be used to check whether a client-server application is using encryption to protect traffic. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

Question 47

Report
Export
Collapse

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?

A.
An annual privacy notice
A.
An annual privacy notice
Answers
B.
A non-disclosure agreement
B.
A non-disclosure agreement
Answers
C.
A privileged-user agreement
C.
A privileged-user agreement
Answers
D.
A memorandum of understanding
D.
A memorandum of understanding
Answers
Suggested answer: A

Explanation:

Ann received an annual privacy notice from her mortgage company. An annual privacy notice is a statement from a financial institution or creditor that outlines the institution's privacy policy and explains how the institution collects, uses, and shares customers' personal information. It informs the customer about their rights under the Gramm-Leach-Bliley Act (GLBA) and the institution's practices for protecting their personal information. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

Question 48

Report
Export
Collapse

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

A.
Shadow IT
A.
Shadow IT
Answers
B.
Credential stuffing
B.
Credential stuffing
Answers
C.
SQL injection
C.
SQL injection
Answers
D.
Man in the browser
D.
Man in the browser
Answers
E.
Bluejacking
E.
Bluejacking
Answers
Suggested answer: A

Explanation:

The most likely cause of the enterprise data being compromised from a local database is Shadow IT. Shadow IT is the use of unauthorized applications or devices by employees to access company resources. In this case, the sales director's laptop was stolen, and the attacker was able to use it to access the local database, which was not secured properly, allowing unauthorized access to sensitive data. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

Question 49

Report
Export
Collapse

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

A.
Password history
A.
Password history
Answers
B.
Account expiration
B.
Account expiration
Answers
C.
Password complexity
C.
Password complexity
Answers
D.
Account lockout
D.
Account lockout
Answers
Suggested answer: C

Explanation:

To prevent such a breach in the future, the BEST control to use would be Password complexity. Password complexity is a security measure that requires users to create strong passwords that are difficult to guess or crack. It can help prevent unauthorized access to systems and data by making it more difficult for attackers to guess or crack passwords.

The best control to use to prevent a breach like the one shown in the logs is password complexity. Password complexity requires users to create passwords that are harder to guess, by including a mix of upper and lowercase letters, numbers, and special characters. In the logs, the attacker was able to guess the user's password using a dictionary attack, which means that the password was not complex enough. Reference:

CompTIA Security+ Certification Exam Objectives - Exam SY0-601

Question 50

Report
Export
Collapse

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?

A.
Birthday collision on the certificate key
A.
Birthday collision on the certificate key
Answers
B.
DNS hijacking to reroute traffic
B.
DNS hijacking to reroute traffic
Answers
C.
Brute force to the access point
C.
Brute force to the access point
Answers
D.
A SSL/TLS downgrade
D.
A SSL/TLS downgrade
Answers
Suggested answer: D

Explanation:

The scenario describes a Man-in-the-Middle (MitM) attack where the attacker intercepts traffic and downgrades the secure SSL/TLS connection to an insecure HTTP connection. This type of attack is commonly known as SSL/TLS downgrade attack or a stripping attack. The attacker is able to see and modify the communication between the client and server.


Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms