ExamGecko
Search Search Login
Home Home / CompTIA / SY0-601

CompTIA SY0-601 Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be selected multiple times, and some devices may require more than one remediation. If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
Which of the following threat actors is most likely to be motivated by ideology?
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?
Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Question 61

Report
Export
Collapse

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

A.
Create a new network for the mobile devices and block the communication to the internal network and servers
A.
Create a new network for the mobile devices and block the communication to the internal network and servers
Answers
B.
Use a captive portal for user authentication.
B.
Use a captive portal for user authentication.
Answers
C.
Authenticate users using OAuth for more resiliency
C.
Authenticate users using OAuth for more resiliency
Answers
D.
Implement SSO and allow communication to the internal network
D.
Implement SSO and allow communication to the internal network
Answers
E.
Use the existing network and allow communication to the internal network and servers.
E.
Use the existing network and allow communication to the internal network and servers.
Answers
F.
Use a new and updated RADIUS server to maintain the best solution
F.
Use a new and updated RADIUS server to maintain the best solution
Answers
Suggested answer: B, C

Explanation:

When allowing mobile BYOD devices to access network resources, using a captive portal for user authentication and authenticating users using OAuth are both best practices for authentication and infrastructure security. A captive portal requires users to authenticate before accessing the network and can be used to enforce policies and restrictions. OAuth allows users to authenticate using third- party providers, reducing the risk of password reuse and credential theft. Reference: CompTIA Security+ Study Guide, pages 217-218, 225-226

Question 62

Report
Export
Collapse

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

A.
Apply a DLP solution.
A.
Apply a DLP solution.
Answers
B.
Implement network segmentation
B.
Implement network segmentation
Answers
C.
Utilize email content filtering,
C.
Utilize email content filtering,
Answers
D.
isolate the infected attachment.
D.
isolate the infected attachment.
Answers
Suggested answer: D

Explanation:


Question 63

Report
Export
Collapse

An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

A.
HSM
A.
HSM
Answers
B.
CASB
B.
CASB
Answers
C.
TPM
C.
TPM
Answers
D.
DLP
D.
DLP
Answers
Suggested answer: A

Explanation:

Hardware Security Module (HSM) is a network appliance designed to securely store cryptographic keys and perform cryptographic operations. HSMs provide a secure environment for key management and can be used to keep cryptographic keys safe from theft, loss, or unauthorized access. Therefore, an enterprise can achieve the goal of keeping cryptographic keys in a safe manner by using an HSM appliance. Reference: CompTIA Security+ Certification Exam Objectives, Exam Domain 2.0: Technologies and Tools, 2.4 Given a scenario, use appropriate tools and techniques to troubleshoot security issues, p. 21

Question 64

Report
Export
Collapse

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

A.
It allows for the sharing of digital forensics data across organizations
A.
It allows for the sharing of digital forensics data across organizations
Answers
B.
It provides insurance in case of a data breach
B.
It provides insurance in case of a data breach
Answers
C.
It provides complimentary training and certification resources to IT security staff.
C.
It provides complimentary training and certification resources to IT security staff.
Answers
D.
It certifies the organization can work with foreign entities that require a security clearance
D.
It certifies the organization can work with foreign entities that require a security clearance
Answers
E.
It assures customers that the organization meets security standards
E.
It assures customers that the organization meets security standards
Answers
Suggested answer: E

Explanation:

ISO 27001 is an international standard that outlines the requirements for an Information Security Management System (ISMS). It provides a framework for managing and protecting sensitive information using risk management processes. Acquiring an ISO 27001 certification assures customers that the organization meets security standards and follows best practices for information security management. It helps to build customer trust and confidence in the organization's ability to protect their sensitive information. Reference: CompTIA Security+ Certification Exam Objectives, Exam Domain 1.0: Attacks, Threats, and Vulnerabilities, 1.2 Given a scenario, analyze indicators of compromise and determine the type of malware, p. 7

Question 65

Report
Export
Collapse

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

A.
BYOD
A.
BYOD
Answers
B.
VDI
B.
VDI
Answers
C.
COPE
C.
COPE
Answers
D.
CYOD
D.
CYOD
Answers
Suggested answer: D

Explanation:

Choose Your Own Device (CYOD) is a deployment model that allows employees to select from a predefined list of devices. It provides employees with flexibility in device preference while allowing the company to maintain control and security over company data and infrastructure. CYOD deployment model provides a compromise between the strict control provided by Corporate-Owned, Personally Enabled (COPE) deployment model and the flexibility provided by Bring Your Own Device (BYOD) deployment model. Reference: CompTIA Security+ Study Guide, Chapter 6: Securing Application, Data, and Host Security, 6.5 Implement Mobile Device Management, pp. 334-335

Question 66

Report
Export
Collapse

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

A.
Evil twin
A.
Evil twin
Answers
B.
Jamming
B.
Jamming
Answers
C.
DNS poisoning
C.
DNS poisoning
Answers
D.
Bluesnarfing
D.
Bluesnarfing
Answers
E.
DDoS
E.
DDoS
Answers
Suggested answer: A

Explanation:

The attack being conducted is an Evil twin attack. An Evil twin attack involves creating a rogue wireless access point (WAP) with the same Service Set Identifier (SSID) as a legitimate WAP to trick users into connecting to it. Once connected, the attacker can intercept traffic or steal login credentials. The successful login attempts with impossible travel times suggest that an attacker is using a stolen or compromised credential to access the external site to which the sensitive data is being downloaded. The non-standard DHCP configurations and overlapping channels of the WAPs suggest that the attacker is using a rogue WAP to intercept traffic. Reference: CompTIA Security+ Certification Exam Objectives, Exam Domain 1.0: Attacks, Threats, and Vulnerabilities, 1.4 Compare and contrast types of attacks, p. 8

Question 67

Report
Export
Collapse

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

A.
A Geofencing
A.
A Geofencing
Answers
B.
Biometric authentication
B.
Biometric authentication
Answers
C.
Geolocation
C.
Geolocation
Answers
D.
Geotagging
D.
Geotagging
Answers
Suggested answer: A

Explanation:

Geofencing is a technology used in mobile device management (MDM) to allow administrators to define geographical boundaries within which mobile devices can operate. This can be used to enforce location-based policies, such as ensuring that devices can be tracked and wiped if lost or stolen. Additionally, encryption can be enforced on the devices to ensure the protection of sensitive data in the event of theft or loss. Reference:

CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 7

Question 68

Report
Export
Collapse

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

A.
Dumpster diving
A.
Dumpster diving
Answers
B.
Shoulder surfing
B.
Shoulder surfing
Answers
C.
Information elicitation
C.
Information elicitation
Answers
D.
Credential harvesting
D.
Credential harvesting
Answers
Suggested answer: A

Explanation:

Crosscut shredders are used to destroy paper documents and reduce the risk of data leakage through dumpster diving. Dumpster diving is a method of retrieving sensitive information from paper waste by searching through discarded documents.

Reference:

CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 2

Question 69

Report
Export
Collapse

Which of the following conditions impacts data sovereignty?

A.
Rights management
A.
Rights management
Answers
B.
Criminal investigations
B.
Criminal investigations
Answers
C.
Healthcare data
C.
Healthcare data
Answers
D.
International operations
D.
International operations
Answers
Suggested answer: D

Explanation:

Data sovereignty refers to the legal concept that data is subject to the laws and regulations of the country in which it is located. International operations can impact data sovereignty as companies operating in multiple countries may need to comply with different laws and regulations. Reference:

CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 5

Question 70

Report
Export
Collapse

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

A.
Functional testing
A.
Functional testing
Answers
B.
Stored procedures
B.
Stored procedures
Answers
C.
Elasticity
C.
Elasticity
Answers
D.
Continuous integration
D.
Continuous integration
Answers
Suggested answer: D

Explanation:

Continuous integration is a software development practice where developers merge their code into a shared repository several times a day, and the code is tested automatically. This ensures that code changes are tested and integrated continuously, reducing the risk of errors and conflicts.

Total 603 questions
Go to page: of 61
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms