Weekend Sale Express Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

SY0-601 Sample Questions Answers

Questions 4

Ann, a forensic analyst, needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

Options:

A.

Chain of custody

B.

Checksums

C.

Non-repudiation

D.

Legal hold

Buy Now
Questions 5

A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

Options:

A.

DAC

B.

ABAC

C.

SCAP

D.

SOAR

Buy Now
Questions 6

A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO).

Options:

A.

The order of volatility

B.

A checksum

C.

The location of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Buy Now
Questions 7

Which of the following control sets should a well-written BCP include? (Select THREE)

Options:

A.

Preventive

B.

Detective

C.

Deterrent

D.

Corrective

E.

Compensating

F.

Physical

G.

Recovery

Buy Now
Questions 8

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has Just informed investigators that other log files are available for review. Which of the following did the administrator MOST likely configure that will assist the investigators?

Options:

A.

Memory dumps

B.

The syslog server

C.

The application logs

D.

The log retention policy

Buy Now
Questions 9

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

Options:

A.

Data encryption

B.

Data masking

C.

Anonymization

D.

Tokenization

Buy Now
Questions 10

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

Options:

A.

Lease a point-to-point circuit to provide dedicated access.

B.

Connect the business router to its own dedicated UPS.

C.

Purchase services from a cloud provider for high availability

D Replace the business's wired network with a wireless network.

Buy Now
Questions 11

A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?

Options:

A.

Configuring signature-based antivirus io update every 30 minutes

B.

Enforcing S/MIME for email and automatically encrypting USB drives upon insertion.

C.

Implementing application execution in a sandbox for unknown software.

D.

Fuzzing new files for vulnerabilities if they are not digitally signed

Buy Now
Questions 12

A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?

Options:

A.

Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag

B.

Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy

C.

Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches

D.

Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy evidence

Buy Now
Questions 13

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

Options:

A.

An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.

B.

An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.

C.

Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox

D.

Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

Buy Now
Questions 14

A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GPS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Buy Now
Questions 15

A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirements?

Options:

A.

RAID 0+1

B.

RAID 2

C.

RAID 5

D.

RAID 6

Buy Now
Questions 16

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

Options:

A.

hping3 -S corsptia.org -p 80

B.

nc —1 —v comptia.org -p 80

C.

nmap comptia.org -p 80 —sV

D.

nslookup -port=80 comptia.org

Buy Now
Questions 17

A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server's listening ports. Which of the following tools can BEST accomplish this talk?

Options:

A.

Netcat

B.

Netstat

C.

Nmap

D.

Nessus

Buy Now
Questions 18

Given the following logs:

Which of the following BEST describes the type of attack that is occurring?

Options:

A.

Rainbow table

B.

Dictionary

C.

Password spraying

D.

Pass-the-hash

Buy Now
Questions 19

A company is designing the layout of a new datacenter so it will have an optimal environmental temperature Which of the following must be included? (Select TWO)

Options:

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Buy Now
Questions 20

A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

Options:

A.

A rainbow table attack

B.

A password-spraying attack

C.

A dictionary attack

D.

A keylogger attack

Buy Now
Questions 21

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

Options:

A.

An SLA

B.

An NDA

C.

A BPA

D.

An MOU

Buy Now
Questions 22

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

Options:

A.

Recovery

B.

Identification

C.

Lessons learned

D.

Preparation

Buy Now
Questions 23

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

Options:

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Buy Now
Questions 24

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?

Options:

A.

The S/MME plug-in is not enabled.

B.

The SLL certificate has expired.

C.

Secure IMAP was not implemented

D.

POP3S is not supported.

Buy Now
Questions 25

Which of the following types of controls is a CCTV camera that is not being monitored?

Options:

A.

Detective

B.

Deterrent

C.

Physical

D.

Preventive

Buy Now
Questions 26

A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

Options:

A.

Nmapn

B.

Heat maps

C.

Network diagrams

D.

Wireshark

Buy Now
Questions 27

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

Options:

A.

A spear-phishing attack

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Buy Now
Questions 28

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

Options:

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Buy Now
Questions 29

A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

Options:

A.

Upgrade the bandwidth available into the datacenter

B.

Implement a hot-site failover location

C.

Switch to a complete SaaS offering to customers

D.

Implement a challenge response test on all end-user queries

Buy Now
Questions 30

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Buy Now
Questions 31

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

Options:

A.

Change the default settings on the PC.

B.

Define the PC firewall rules to limit access.

C.

Encrypt the disk on the storage device.

D.

Plug the storage device in to the UPS

Buy Now
Questions 32

A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

Options:

A.

0

B.

1

C.

5

D.

6

Buy Now
Questions 33

A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?

Options:

A.

DNS sinkholding

B.

DLP rules on the terminal

C.

An IP blacklist

D.

Application whitelisting

Buy Now
Questions 34

A security analyst receives an alert from the company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source. Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 35

A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Which of the following is MOST likely the issue?

Options:

A.

RAT

B.

PUP

C.

Spyware

D.

Keylogger

Buy Now
Questions 36

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

Options:

A.

A service-level agreement

B.

A business partnership agreement

C.

A SOC 2 Type 2 report

D.

A memorandum of understanding

Buy Now
Questions 37

Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

Options:

A.

To provide data to quantity risk based on the organization's systems.

B.

To keep all software and hardware fully patched for known vulnerabilities

C.

To only allow approved, organization-owned devices onto the business network

D.

To standardize by selecting one laptop model for all users in the organization

Buy Now
Questions 38

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Options:

A.

Utilizing SIEM correlation engines

B.

Deploying Netflow at the network border

C.

Disabling session tokens for all sites

D.

Deploying a WAF for the web server

Buy Now
Questions 39

Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?

Options:

A.

Application code signing

B.

Application whitellsting

C.

Data loss prevention

D.

Web application firewalls

Buy Now
Questions 40

On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)

Options:

A.

Data accessibility

B.

Legal hold

C.

Cryptographic or hash algorithm

D.

Data retention legislation

E.

Value and volatility of data

F.

Right-to-audit clauses

Buy Now
Questions 41

While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

Options:

A.

Conduct a ping sweep.

B.

Physically check each system,

C.

Deny Internet access to the "UNKNOWN" hostname.

D.

Apply MAC filtering,

Buy Now
Questions 42

Which of the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS; implement a SIEM

B.

CSRF; implement an IPS

C.

Directory traversal: implement a WAF

D.

SQL injection: implement an IDS

Buy Now
Questions 43

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

Options:

A.

On-path attack

B.

Protocol poisoning

C.

Domain hijacking

D.

Bluejacking

Buy Now
Questions 44

A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two.)

Options:

A.

The order of volatility

B.

ACRC32 checksum

C.

The provenance of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Buy Now
Questions 45

A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

Options:

A.

logger

B.

Metasploit

C.

tcpdump

D.

netstat

Buy Now
Questions 46

Several employees have noticed other bystanders can clearly observe a terminal where passcodes are being entered. Which of the following can be eliminated with the use of a privacy screen?

Options:

A.

Shoulder surfing

B.

Spear phishing

C.

Impersonation attack

D.

Card cloning

Buy Now
Questions 47

Which of the following would detect intrusions at the perimeter of an airport?

Options:

A.

Signage

B.

Fencing

C.

Motion sensors

D.

Lighting

E.

Bollards

Buy Now
Questions 48

A security researcher is attempting to gather data on the widespread use of a Zero-day exploit. Which of the following will the researcher MOST likely use to capture this data?

Options:

A.

A DNS sinkhole

B.

A honeypot

C.

A vulnerability scan

D.

CVSS

Buy Now
Questions 49

An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

Options:

A.

Development

B.

Test

C.

Production

D.

Staging

Buy Now
Questions 50

Developers are about to release a financial application, but the number of fields on the forms that could be abused by an attacker is troubling. Which of the following techniques should be used to address this vulnerability?

Options:

A.

Implement input validation

B.

Encrypt data Before submission

C.

Perform a manual review

D.

Conduct a peer review session

Buy Now
Questions 51

A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?

Options:

A.

Fileless malware

B.

A downgrade attack

C.

A supply-chain attack

D.

A logic bomb

E.

Misconfigured BIOS

Buy Now
Questions 52

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Buy Now
Questions 53

Which of the following control types is focused primarily on reducing risk before an incident occurs?

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Detective

Buy Now
Questions 54

Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:

The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

Options:

A.

SQL injection

B.

DNS spoofing

C.

MAC flooding

D.

ARP poisoning

Buy Now
Questions 55

Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

Options:

A.

SPIM

B.

vising

C.

Hopping

D.

Phishing

E.

Credential harvesting

F.

Tailgating

Buy Now
Questions 56

When planning to build a virtual environment, an administrator need to achieve the following,

•Establish polices in Limit who can create new VMs

•Allocate resources according to actual utilization‘

•Require justification for requests outside of the standard requirements.

•Create standardized categories based on size and resource requirements

Which of the following is the administrator MOST likely trying to do?

Options:

A.

Implement IaaS replication

B.

Product against VM escape

C.

Deploy a PaaS

D.

Avoid VM sprawl

Buy Now
Questions 57

An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity to have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher-bandwidth connections to meet the increased demand

D.

Configuring QoS properly on the VPN accelerators

Buy Now
Questions 58

A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an Iv1FA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

Options:

A.

Context-aware authentication

B.

Simultaneous authentication of equals

C.

Extensive authentication protocol

D.

Agentless network access control

Buy Now
Questions 59

A security monitoring company offers a service that alerts ifs customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?

Options:

A.

STIX

B.

The dark web

C.

TAXII

D.

Social media

E.

PCI

Buy Now
Questions 60

A forensics investigator is examining a number of unauthorized payments that were reported on the 00mpany’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Which of the following will the forensics investigator MOST likely determine has occurred?

Options:

A.

SQL injection

B.

Broken authentication

C.

XSS

D.

XSRF

Buy Now
Questions 61

A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

Options:

A.

Create a new acceptable use policy.

B.

Segment the network into trusted and untrusted zones.

C.

Enforce application whitelisting.

D.

Implement DLP at the network boundary.

Buy Now
Questions 62

A user contacts the help desk to report the following:

  • Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested.
  • The user was able to access the Internet but had trouble accessing the department share until the next day.
  • The user is now getting notifications from the bank about unauthorized transactions.

Which of the following attack vectors was MOST likely used in this scenario?

Options:

A.

Rogue access point

B.

Evil twin

C.

DNS poisoning

D.

ARP poisoning

Buy Now
Questions 63

A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'?

Options:

A.

A capture-the-flag competition

B.

A phishing simulation

C.

Physical security training

D.

Baste awareness training

Buy Now
Questions 64

An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

Options:

A.

Voice

B.

Gait

C.

Vein

D.

Facial

E.

Retina

F.

Fingerprint

Buy Now
Questions 65

After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

Options:

A.

The public ledger

B.

The NetFlow data

C.

A checksum

D.

The event log

Buy Now
Questions 66

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Buy Now
Questions 67

An amusement park is implementing a biometric system that validates customers' fingerprints to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should the security team prioritize FIRST?

Options:

A.

LOW FAR

B.

Low efficacy

C.

Low FRR

D.

Low CER

Buy Now
Questions 68

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Buy Now
Questions 69

While checking logs, a security engineer notices a number of end users suddenly downloading files with the

.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

Options:

A.

A RAT was installed and is transferring additional exploit tools.

B.

The workstations are beaconing to a command-and-control server.

C.

A logic bomb was executed and is responsible for the data transfers.

D.

A fireless virus is spreading in the local network environment.

Buy Now
Questions 70

The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code.

D.

Submit the application to QA before releasing it.

Buy Now
Questions 71

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

Options:

A.

PCI DSS

B.

GDPR

C.

NIST

D.

ISO 31000

Buy Now
Questions 72

A network engineer needs to build a solution that will allow guests at the company’s headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following should the engineer employ to meet these requirements?

Options:

A.

Implement open PSK on the APs

B.

Deploy a WAF

C.

Configure WIPS on the APs

D.

Install a captive portal

Buy Now
Questions 73

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:

Options:

A.

business continuity plan

B.

communications plan.

C.

disaster recovery plan.

D.

continuity of operations plan

Buy Now
Questions 74

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

Options:

A.

Cross-site scripting

B.

Data exfiltration

C.

Poor system logging

D.

Weak encryption

E.

SQL injection

F.

Server-side request forgery

Buy Now
Questions 75

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

Options:

A.

Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis

B.

Restrict administrative privileges and patch ail systems and applications.

C.

Rebuild all workstations and install new antivirus software

D.

Implement application whitelisting and perform user application hardening

Buy Now
Questions 76

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:

• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP

• The forged website's IP address appears to be 10.2.12.99. based on NetFtow records

• AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP

• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

Options:

A.

A reverse proxy was used to redirect network traffic

B.

An SSL strip MITM attack was performed

C.

An attacker temporarily pawned a name server

D.

An ARP poisoning attack was successfully executed

Buy Now
Questions 77

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO’s concern? (Select TWO).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Buy Now
Questions 78

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

Options:

A.

Predictability

B.

Key stretching

C.

Salting

D.

Hashing

Buy Now
Questions 79

A company has limited storage available and online presence that cannot for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space?

Options:

A.

Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations.

B.

Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m

C.

Implement nightly full backups every Sunday at 8:00 p.m

D.

Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00

Buy Now
Questions 80

In which of the following common use cases would steganography be employed?

Options:

A.

Obfuscation

B.

Integrity

C.

Non-repudiation

D.

Blockchain

Buy Now
Questions 81

During an incident response, a security analyst observes the following log entry on the web server.

Which of the following BEST describes the type of attack the analyst is experience?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Pass-the-hash

D.

Directory traversal

Buy Now
Questions 82

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Choose two.)

Options:

A.

DoS

B.

SSL stripping

C.

Memory leak

D.

Race condition

E.

Shimming

F.

Refactoring

Buy Now
Questions 83

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

Options:

A.

The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B.

The document is a backup file if the system needs to be recovered.

C.

The document is a standard file that the OS needs to verify the login credentials.

D.

The document is a keylogger that stores all keystrokes should the account be compromised.

Buy Now
Questions 84

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Options:

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Ofboarding

Buy Now
Questions 85

A security analyst is reviewing the following attack log output:

Which of the following types of attacks does this MOST likely represent?

Options:

A.

Rainbow table

B.

Brute-force

C.

Password-spraying

D.

Dictionary

Buy Now
Questions 86

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

Options:

A.

Containerization

B.

Geofencing

C.

Full-disk encryption

D.

Remote wipe

Buy Now
Questions 87

A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions Which of the following should the administrator use when configuring the VPN?

Options:

A.

AH

B.

EDR

C.

ESP

D.

DNSSEC

Buy Now
Questions 88

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

Options:

A.

OAuth

B.

SSO

C.

SAML

D.

PAP

Buy Now
Questions 89

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

Options:

A.

An air gap

B.

A Faraday cage

C.

A shielded cable

D.

A demilitarized zone

Buy Now
Questions 90

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message Which of the following actions MOST likely supports an investigation for fraudulent submission?

Options:

A.

Establish chain of custody

B.

Inspect the file metadata

C.

Reference the data retention policy

D.

Review the email event logs

Buy Now
Questions 91

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

Options:

A.

Check the SIEM for failed logins to the LDAP directory.

B.

Enable MAC filtering on the switches that support the wireless network.

C.

Run a vulnerability scan on all the devices in the wireless network

D.

Deploy multifactor authentication for access to the wireless network

E.

Scan the wireless network for rogue access points.

F.

Deploy a honeypot on the network

Buy Now
Questions 92

Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?

Options:

A.

An ARO

B.

An MOU

C.

An SLA

D.

A BPA

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2021
Last Update: May 17, 2022
Questions: 617
$64  $159.99
$48  $119.99
$40  $99.99
buy now SY0-601