CompTIA SY0-601 Practice Test - Questions Answers, Page 51

nmap is a network scanning tool that can perform various tasks such as port scanning, service detection, version detection, OS detection, vulnerability scanning, etc… nmap comptia.org -p 80 -sv is a command that scans port 80 (the default port for HTTP) on comptia.org domain name and tries to identify the service name and version running on that port. This can help identify potential vulnerabilities in the web server software by comparing the version with known exploits or patches.

A next-generation firewall (NGFW) is a solution that can defend against malicious actors misusing protocols and being allowed through network defenses. A NGFW is a type of firewall that can perform deep packet inspection, application-level filtering, intrusion prevention, malware detection, and identity-based access control. A NGFW can also use threat intelligence and behavioral analysis to identify and block malicious traffic based on protocols, signatures, or anomalies. Reference:

https://www.comptia.org/blog/what-is-a-next-generation-firewall https://www.certblaster.com/wpcontent/ uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

A cloud access security broker (CASB) is a technology that can restrict access to internet services to authorized users only and control the actions each user can perform on each service. A CASB is a type of software or service that acts as an intermediary between users and cloud service providers. A

CASB can enforce security policies, monitor user activity, detect and prevent data leaks, encrypt data, and provide visibility and auditability of cloud usage. Reference:

https://www.comptia.org/blog/what-is-a-cloud-access-security-broker

https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

This is the best course of action for the help desk technician because it can help prevent a potential social engineering attack. Social engineering is a technique that involves manipulating or deceiving people into revealing sensitive information or performing actions that compromise security. The caller may be impersonating a member of the organization's cybersecurity incident response team to obtain the network's internal firewall IP address, which could be used for further attacks. The help desk technician should not provide any information over the phone without verifying the caller's identity and authorization. The help desk technician should also report the incident to the organization's cybersecurity officer for investigation and response. Reference:

https://www.comptia.org/blog/social-engineering-explained https://www.certblaster.com/wpcontent/ uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

A community cloud deployment strategy would best meet the need of several universities participating in a collaborative research project and needing to share compute and storage resources. A community cloud is a type of cloud service model that provides a shared platform for multiple organizations with common interests, goals, or requirements. A community cloud can offer benefits such as cost savings, scalability, security, privacy, compliance, and collaboration. Reference:

https://www.comptia.org/blog/cloud-service-models-saas-paas-and-iaas-explained

https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

An on-path attack is an attack that took place when an attacker was eavesdropping on a user who was shopping online and was able to spoof the IP address associated with the shopping site. An onpath attack is a type of network attack that involves intercepting or modifying traffic between two parties by placing oneself in the communication path. An on-path attack can also be called a man-inthe-middle attack or a session hijacking attack. An on-path attacker can steal sensitive information, such as credit card details, or redirect the user to a malicious website. Reference:

https://www.comptia.org/blog/what-is-a-man-in-the-middle-attack

https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

Jailbreaking is the vulnerability that the organization is addressing by adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Jailbreaking is the process of removing the restrictions or limitations imposed by the manufacturer or carrier on a mobile device, such as an iPhone or iPad. Jailbreaking can allow users to install unauthorized applications, customize settings, or access system files. However, jailbreaking can also expose the device to security risks, such as malware, data loss, or warranty voidance. Reference:

https://www.comptia.org/blog/what-is-jailbreaking https://www.certblaster.com/wpcontent/ uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

A purple team combines both offensive and defensive testing techniques to protect an organization's critical systems. A purple team is a type of cybersecurity team that consists of members from both the red team and the blue team. The red team performs simulated attacks on the organization's systems, while the blue team defends against them. The purple team facilitates the collaboration and communication between the red team and the blue team, and provides feedback and recommendations for improvement. A purple team can help the organization identify and remediate vulnerabilities, enhance security controls, and increase resilience. Reference:

https://www.comptia.org/blog/red-team-blue-team-purple-team https://www.certblaster.com/wpcontent/ uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf