ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 60

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 591

Report
Export
Collapse

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

A.
Configuring signature-based antivirus to update every 30 minutes
A.
Configuring signature-based antivirus to update every 30 minutes
Answers
B.
Enforcing S/MIME for email and automatically encrypting USB drives upon assertion
B.
Enforcing S/MIME for email and automatically encrypting USB drives upon assertion
Answers
C.
Implementing application execution in a sandbox for unknown software
C.
Implementing application execution in a sandbox for unknown software
Answers
D.
Fuzzing new files for vulnerabilities if they are not digitally signed
D.
Fuzzing new files for vulnerabilities if they are not digitally signed
Answers
Suggested answer: C

Explanation:

Implementing application execution in a sandbox for unknown software is the best defense against this scenario. A sandbox is a isolated environment that can run applications or code without affecting or being affected by other processes or systems. A sandbox can prevent malicious software from accessing or modifying sensitive data or resources, as well as limit its network communication and system privileges. A sandbox can also monitor and analyze the behavior and output of unknown software to determine if it is benign or malicious.

Question 592

Report
Export
Collapse

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

A.
Implement input validations
A.
Implement input validations
Answers
B.
Deploy UFA
B.
Deploy UFA
Answers
C.
Utilize a WAF
C.
Utilize a WAF
Answers
D.
Conjure HIPS
D.
Conjure HIPS
Answers
Suggested answer: C

Explanation:

A web application firewall (WAF) is a security solution that monitors and filters the traffic between a web application and the internet. It can prevent code injection attacks by blocking malicious requests that contain code snippets or commands that could compromise the web application. A WAF can also enforce input validation rules and sanitize user inputs to prevent code injection. Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 4: Implementing Secure Network Designs, page 194; 5 ways to prevent code injection in JavaScript and Node.js

Question 593

Report
Export
Collapse

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to coiled network traffic between workstations throughout the network The analysts review the following logs:

The Layer 2 address table has hundreds of entries similar to the ones above Which of the following attacks has most likely occurred?

A.
SQL injection
A.
SQL injection
Answers
B.
DNS spoofing
B.
DNS spoofing
Answers
C.
MAC flooding
C.
MAC flooding
Answers
D.
ARP poisoning
D.
ARP poisoning
Answers
Suggested answer: C

Question 594

Report
Export
Collapse

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following lost describes the type of assessment taking place?

A.
Input validation
A.
Input validation
Answers
B.
Dynamic code analysis
B.
Dynamic code analysis
Answers
C.
Fuzzing
C.
Fuzzing
Answers
D.
Manual code review
D.
Manual code review
Answers
Suggested answer: B

Explanation:

Dynamic code analysis is a technique that tests and analyzes an application during runtime to identify potential vulnerabilities, errors, or performance issues. Dynamic code analysis can detect problems that may not be visible in the source code or during static analysis, such as memory leaks, buffer overflows, or input validation errors. Dynamic code analysis can also simulate real-world scenarios and user inputs to evaluate the behavior and functionality of the application. Reference: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 5:

Implementing Host Security Solutions, page 246; What is Dynamic Code Analysis?

Question 595

Report
Export
Collapse

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

A.
WPS
A.
WPS
Answers
B.
WPA2
B.
WPA2
Answers
C.
WAP
C.
WAP
Answers
D.
HTTPS
D.
HTTPS
Answers
Suggested answer: B

Explanation:

WPA2 (Wi-Fi Protected Access 2) is a network security protocol that should be implemented to ensure the strongest encryption for a wireless network. WPA2 is an upgrade from the original WPA protocol, which was designed as a replacement for the older and less secure WEP protocol. WPA2 implements the mandatory elements of IEEE 802.11i standard, including CCMP, an AES-based encryption mode. WPA2 provides stronger security and data protection than WPS (Wi-Fi Protected Setup), WAP (Wireless Application Protocol), or HTTPS (Hypertext Transfer Protocol Secure)

Question 596

Report
Export
Collapse

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?

A.
Smart card
A.
Smart card
Answers
B.
PIN code
B.
PIN code
Answers
C.
Knowledge-based question
C.
Knowledge-based question
Answers
D.
Secret key
D.
Secret key
Answers
Suggested answer: A

Explanation:

A smart card is a physical device that contains an embedded integrated circuit chip that can store and process data. A smart card can be used as a second authentication factor, in addition to a password, to verify the identity of a user who wants to log in to company-owned devices. A smart card requires a smart card reader to access the data on the chip, which adds an extra layer of security. A smart card meets the requirements of the company because it does not involve a smartphone or any other device that is not allowed at the desks

Question 597

Report
Export
Collapse

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

A.
Remove expensive systems that generate few alerts.
A.
Remove expensive systems that generate few alerts.
Answers
B.
Modify the systems to alert only on critical issues.
B.
Modify the systems to alert only on critical issues.
Answers
C.
Utilize a SIEM to centralize logs and dashboards.
C.
Utilize a SIEM to centralize logs and dashboards.
Answers
D.
Implement a new syslog/NetFlow appliance.
D.
Implement a new syslog/NetFlow appliance.
Answers
Suggested answer: C

Explanation:

A SIEM (Security Information and Event Management) is a system that collects, analyzes, and correlates data from multiple sources, such as AV (antivirus), EDR (endpoint detection and response), DLP (data loss prevention), SWG (secure web gateway), WAF (web application firewall), MDM (mobile device management), HIPS (host intrusion prevention system), and CASB (cloud access security broker). A SIEM can help improve the situation by providing a centralized view of the security posture, alerts, and incidents across the organization.

Question 598

Report
Export
Collapse

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

A.
Laptops
A.
Laptops
Answers
B.
Containers
B.
Containers
Answers
C.
Thin clients
C.
Thin clients
Answers
D.
Workstations
D.
Workstations
Answers
Suggested answer: C

Explanation:

Thin clients are devices that rely on a server or a cloud service to perform most of the processing and storage tasks, while only providing a minimal interface for the user. Thin clients are low-cost solutions that can enable users on the shop floor to log in to the VDI (virtual desktop infrastructure) environment directly, without requiring a full-fledged computer or laptop.

Question 599

Report
Export
Collapse

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

A.
A replay attack is being conducted against the application.
A.
A replay attack is being conducted against the application.
Answers
B.
An injection attack is being conducted against a user authentication system.
B.
An injection attack is being conducted against a user authentication system.
Answers
C.
A service account password may have been changed, resulting in continuous failed logins within the application.
C.
A service account password may have been changed, resulting in continuous failed logins within the application.
Answers
D.
A credentialed vulnerability scanner attack is testing several CVEs against the application.
D.
A credentialed vulnerability scanner attack is testing several CVEs against the application.
Answers
Suggested answer: A

Explanation:

A replay attack is a type of network attack where an attacker captures and retransmits a valid data transmission, such as a login request, to gain unauthorized access or impersonate a legitimate user.

In this case, the attacker may have captured the credentials of the app admin test account and used them to log in to the application. The application log shows multiple failed login attempts from different IP addresses, which indicates a replay attack.

Question 600

Report
Export
Collapse

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

A.
Security awareness training
A.
Security awareness training
Answers
B.
Frequency of NIDS updates
B.
Frequency of NIDS updates
Answers
C.
Change control procedures
C.
Change control procedures
Answers
D.
EDR reporting cycle
D.
EDR reporting cycle
Answers
Suggested answer: A

Explanation:

Security awareness training is an administrative control that educates users on the best practices and policies for protecting the organization's data and systems from various threats, such as malware, phishing, social engineering, etc. Security awareness training can reduce the occurrence of malware execution by increasing the users' ability to recognize and avoid malicious links, attachments, downloads, or websites.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms