Weekend Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! SY0-601 CompTIA Security+ Exam 2023 is now Stable and With Pass Result

SY0-601 Practice Exam Questions and Answers

CompTIA Security+ Exam 2023

Last Update 1 month ago
Total Questions : 607

SY0-601 is stable now with all latest exam questions are added 1 month ago. Just download our Full package and start your journey with CompTIA Security+ Exam 2023 certification. All these CompTIA SY0-601 practice exam questions are real and verified by our Experts in the related industry fields.

SY0-601 PDF

SY0-601 PDF (Printable)
$48
$119.99

SY0-601 Testing Engine

SY0-601 PDF (Printable)
$56
$139.99

SY0-601 PDF + Testing Engine

SY0-601 PDF (Printable)
$70.8
$176.99
Question # 1

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

Question # 1

Which of the following MOST likely would have prevented the attacker from learning the service account name?

Options:

A.  

Race condition testing

B.  

Proper error handling

C.  

Forward web server logs to a SIEM

D.  

Input sanitization

Discussion 0
Question # 2

Which of the following controls would be the MOST cost-effective and time-efficient to deter intrusions at the perimeter of a restricted, remote military training area?

(Select TWO).

Options:

A.  

Barricades

B.  

Thermal sensors

C.  

Drones

D.  

Signage

E.  

Motion sensors

F.  

Guards

G.  

Bollards

Discussion 0
Question # 3

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.  

Risk matrix

B.  

Risk tolerance

C.  

Risk register

D.  

Risk appetite

Discussion 0
Question # 4

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

Options:

A.  

An incident response plan

B.  

A communications plan

C.  

A business continuity plan

D.  

A disaster recovery plan

Discussion 0
Question # 5

The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

Options:

A.  

Geofencing

B.  

Self-sovereign identification

C.  

PKl certificates

D.  

SSO

Discussion 0
Question # 6

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.  

Hashing

B.  

DNS sinkhole

C.  

TLS inspection

D.  

Data masking

Discussion 0
Question # 7

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

Options:

A.  

BYOD

B.  

VDI

C.  

COPE

D.  

CYOD

Discussion 0
Question # 8

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Options:

A.  

The key length of the encryption algorithm

B.  

The encryption algorithm's longevity

C.  

A method of introducing entropy into key calculations

D.  

The computational overhead of calculating the encryption key

Discussion 0
Question # 9

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops The review yielded the following results.

• The exception process and policy have been correctly followed by the majority of users

• A small number of users did not create tickets for the requests but were granted access

• All access had been approved by supervisors.

• Valid requests for the access sporadically occurred across multiple departments.

• Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Options:

A.  

Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

B.  

Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

C.  

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

D.  

Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

Discussion 0
Question # 10

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Options:

A.  

Vishing

B.  

Phishing

C.  

Spear phishing

D.  

Whaling

Discussion 0
Question # 11

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?

Options:

A.  

HIDS

B.  

Allow list

C.  

TPM

D.  

NGFW

Discussion 0
Question # 12

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

Options:

A.  

Production

B.  

Test

C.  

Staging

D.  

Development

Discussion 0
Question # 13

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.  

SLA

B.  

BPA

C.  

NDA

D.  

MOU

Discussion 0
Question # 14

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.  

Test

B.  

Staging

C.  

Development

D.  

Production

Discussion 0
Question # 15

An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize. Which of the following BEST describes this type of email?

Options:

A.  

Spear phishing

B.  

Whaling

C.  

Phishing

D.  

Vishing

Discussion 0
Question # 16

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

A The unexpected traffic correlated against multiple rules, generating multiple alerts.

B.  

Multiple alerts were generated due to an attack occurring at the same time.

C.  

An error in the correlation rules triggered multiple alerts.

D.  

The SIEM was unable to correlate the rules, triggering the alerts.

Options:

Discussion 0
Question # 17

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

Question # 17

Which of the following attacks occurred?

Options:

A.  

Buffer overflow

B.  

Pass the hash

C.  

SQL injection

D.  

Replay attack

Discussion 0
Question # 18

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP Which of the following BEST describes what is happening?

Options:

A.  

Birthday collision on the certificate key

B.  

DNS hijacking to reroute traffic

C.  

Brute force to the access point

D.  

ASSLILS downgrade

Discussion 0
Question # 19

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.  

A reverse proxy

B.  

A decryption certificate

C.  

A spill-tunnel VPN

D.  

Load-balanced servers

Discussion 0
Question # 20

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?

Options:

A.  

Perfect forward secrecy

B.  

Elliptic-curve cryptography

C.  

Key stretching

D.  

Homomorphic encryption

Discussion 0
Question # 21

You received the output of a recent vulnerability assessment.

Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce.

Remediation options may be selected multiple times, and some devices may require more than one remediation.

If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.

Question # 21

Options:

Discussion 0
Question # 22

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.  

A Geofencing

B.  

Biometric authentication

C.  

Geolocation

D.  

Geotagging

Discussion 0
Question # 23

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

Options:

A.  

.pfx

B.  

.csr

C.  

.pvk

D.  

.cer

Discussion 0
Question # 24

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.  

A DMZ

B.  

A VPN a

C.  

A VLAN

D.  

An ACL

Discussion 0
Question # 25

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Options:

A.  

Birthday collision on the certificate key

B.  

DNS hacking to reroute traffic

C.  

Brute force to the access point

D.  

A SSL/TLS downgrade

Discussion 0
Question # 26

A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following is the BEST technical implementation to prevent this from happening again?

Options:

A.  

Configure DLP solutions

B.  

Disable peer-to-peer sharing

C.  

Enable role-based

D.  

Mandate job rotation

E.  

Implement content filters

Discussion 0
Question # 27

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.  

The Diamond Model of Intrusion Analysis

B.  

CIS Critical Security Controls

C.  

NIST Risk Management Framevtoik

D.  

ISO 27002

Discussion 0
Question # 28

A company recently experienced an attack during which 5 main website was directed to the atack-er’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?

Options:

A.  

IPSec

B.  

SSL/TLS

C.  

DNSSEC

D.  

S/MIME

Discussion 0
Question # 29

A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.

The task list shows the following results

Question # 29

Which of the following is MOST likely the issue?

Options:

A.  

RAT

B.  

PUP

C.  

Spyware

D.  

Keylogger

Discussion 0
Question # 30

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable

To improve security? (Select TWO.)

Options:

A.  

RADIUS

B.  

PEAP

C.  

WPS

D.  

WEP-EKIP

E.  

SSL

F.  

WPA2-PSK

Discussion 0
Question # 31

Which of the following controls would provide the BEST protection against tailgating?

Options:

A.  

Access control vestibule

B.  

Closed-circuit television

C.  

Proximity card reader

D.  

Faraday cage

Discussion 0
Question # 32

Which of the following roles would MOST likely have direct access to the senior management team?

Options:

A.  

Data custodian

B.  

Data owner

C.  

Data protection officer

D.  

Data controller

Discussion 0
Question # 33

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. which of the is following MOST likely reason for this type of assessment?

Options:

A.  

An international expansion project is currently underway.

B.  

Outside consultants utilize this tool to measure security maturity.

C.  

The organization is expecting to process credit card information.

D.  

A government regulator has requested this audit to be completed

Discussion 0
Question # 34

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

Options:

A.  

HIDS

B.  

NIPS

C.  

HSM

D.  

WAF

E.  

NAC

F.  

NIDS

G.  

Stateless firewall

Discussion 0
Question # 35

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access Which of the following is the BEST security solution to reduce this risk?

Options:

A.  

CASB

B.  

VPN concentrator

C.  

MFA

D.  

VPC endpoint

Discussion 0
Question # 36

A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).

Options:

A.  

Identity processor

B.  

Service requestor

C.  

Identity provider

D.  

Service provider

E.  

Tokenized resource

F.  

Notarized referral

Discussion 0
Question # 37

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?

Options:

A.  

Functional testing

B.  

Stored procedures

C.  

Elasticity

D.  

Continuous integration

Discussion 0
Question # 38

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.  

Data protection officer

B.  

Data owner

C.  

Backup administrator

D.  

Data custodian

E.  

Internal auditor

Discussion 0
Question # 39

A company is concerned about individuals dnvmg a car into the building to gam access Which of the following security controls would work BEST to prevent this from happening?

Options:

A.  

Bollard

B.  

Camera

C.  

Alarms

D.  

Signage

E.  

Access control vestibule

Discussion 0
Question # 40

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.  

Requiring all new, on-site visitors to configure their devices to use WPS

B.  

Implementing a new SSID for every event hosted by the college that has visitors

C.  

Creating a unique PSK for every visitor when they arrive at the reception area

D.  

Deploying a captive portal to capture visitors' MAC addresses and names

Discussion 0
Question # 41

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

Options:

A.  

A biometric scanner

B.  

A smart card reader

C.  

APKItoken

D.  

A PIN pad

Discussion 0
Question # 42

A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).

Options:

A.  

Full-device encryption

B.  

Network usage rules

C.  

Geofencing

D.  

Containerization

E.  

Application whitelisting

F.  

Remote control

Discussion 0
Question # 43

A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and

are unable to support the addition of MFA, Which of te following will the engineer MOST likely use to achieve this objective?

Options:

A.  

A forward proxy

B.  

A stateful firewall

C.  

A jump server

D.  

A port tap

Discussion 0
Question # 44

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.  

A RAT

B.  

Ransomware

C.  

Polymophic

D.  

A worm

Discussion 0
Question # 45

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.  

Asymmetric

B.  

Symmetric

C.  

Homomorphic

D.  

Ephemeral

Discussion 0
Question # 46

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack Which of the following options will mitigate this issue without compromising the number of outlets available?

Options:

A.  

Adding a new UPS dedicated to the rack

B.  

Installing a managed PDU

C.  

Using only a dual power supplies unit

D.  

Increasing power generator capacity

Discussion 0
Question # 47

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

Options:

A.  

NIC Teaming

B.  

Port mirroring

C.  

Defense in depth

D.  

High availability

E.  

Geographic dispersal

Discussion 0
Question # 48

The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols. Which of the following will this enable?

Options:

A.  

SSO

B.  

MFA

C.  

PKI

D.  

OLP

Discussion 0
Question # 49

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.  

Mantraps

B.  

Security guards

C.  

Video surveillance

D.  

Fences

E.  

Bollards

F.  

Antivirus

Discussion 0
Question # 50

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.  

Non-credentialed

B.  

Web application

C.  

Privileged

D.  

Internal

Discussion 0
Question # 51

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

Options:

A.  

Pulverizing

B.  

Shredding

C.  

Incinerating

D.  

Degaussing

Discussion 0
Question # 52

A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares Which of the following should the company implement?

Options:

A.  

DLP

B.  

CASB

C.  

HIDS

D.  

EDR

E.  

UEFI

Discussion 0
Question # 53

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Options:

A.  

openssl

B.  

hping

C.  

netcat

D.  

tcpdump

Discussion 0
Question # 54

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Question # 54

Which of the following BEST explains this type of attack?

Options:

A.  

DLL injection to hijack administrator services

B.  

SQLi on the field to bypass authentication

C.  

Execution of a stored XSS on the website

D.  

Code to execute a race condition on the server

Discussion 0
Question # 55

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise P

C.  

Which

of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.  

Physically move the PC to a separate Internet point of presence.

B.  

Create and apply microsegmentation rules,

C.  

Emulate the malware in a heavily monitored DMZ segment

D.  

Apply network blacklisting rules for the adversary domain

Discussion 0
Question # 56

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.  

A reverse proxy

B.  

A decryption certificate

C.  

A split-tunnel VPN

D.  

Load-balanced servers

Discussion 0
Question # 57

A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system Which of the following would be BEST suited for this task?

Options:

A.  

Social media analysis

B.  

Annual information security training

C.  

Gamification

D.  

Phishing campaign

Discussion 0
Question # 58

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.  

TAXII

B.  

TLP

C.  

TTP

D.  

STIX

Discussion 0
Question # 59

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.  

Default system configuration

B.  

Unsecure protocols

C.  

Lack of vendor support

D.  

Weak encryption

Discussion 0
Question # 60

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.  

Development

B.  

Staging

C.  

Production

D.  

Test

Discussion 0
Question # 61

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

Options:

A.  

Preventive

B.  

Compensating

C.  

Corrective

D.  

Detective

Discussion 0
Question # 62

Which of the following would produce the closet experience of responding to an actual incident response scenario?

Options:

A.  

Lessons learned

B.  

Simulation

C.  

Walk-through

D.  

Tabletop

Discussion 0
Question # 63

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

Options:

A.  

1s

B.  

chflags

C.  

chmod

D.  

lsof

E.  

setuid

Discussion 0
Question # 64

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.  

Production

B.  

Test

C.  

Staging

D.  

Development

Discussion 0
Question # 65

An employee's company account was used in a data breach Interviews with the employee revealed:

• The employee was able to avoid changing passwords by using a previous password again.

• The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

Options:

A.  

Geographic dispersal

B.  

Password complexity

C.  

Password history

D.  

Geotagging

E.  

Password lockout

F.  

Geofencing

Discussion 0
Question # 66

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.  

Content filter

B.  

SIEM

C.  

Firewall rules

D.  

DLP

Discussion 0
Question # 67

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.  

Privileged access management

B.  

SSO

C.  

RADIUS

D.  

Attribute-based access control

Discussion 0
Question # 68

An organization wants to enable built-in FDE on all laptops Which of the following should the organization ensure is Installed on all laptops?

Options:

A.  

TPM

B.  

CA

C.  

SAML

D.  

CRL

Discussion 0
Question # 69

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.  

WPA2-Enterprise

B.  

WPA3-PSK

C.  

802.11n

D.  

WPS

Discussion 0
Question # 70

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.  

135

B.  

139

C.  

143

D.  

161

E.  

443

F.  

445

Discussion 0
Question # 71

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise P

C.  

Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.  

Physical move the PC to a separate internet pint of presence

B.  

Create and apply micro segmentation rules.

C.  

Emulate the malware in a heavily monitored DM Z segment.

D.  

Apply network blacklisting rules for the adversary domain

Discussion 0
Question # 72

Which of the following incident response steps occurs before containment?

Options:

A.  

Eradication

B.  

Recovery

C.  

Lessons learned

D.  

Identification

Discussion 0
Question # 73

The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

Options:

A.  

CASB

B.  

Next-generation SWG

C.  

NGFW

D.  

Web-application firewall

Discussion 0
Question # 74

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.  

IPsec

B.  

SSL/TLS

C.  

ONSSEC

D.  

SMIME

Discussion 0
Question # 75

A company uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST concerning to the company?

Options:

A.  

Privacy

B.  

Cloud storage of telemetry data

C.  

GPS spoofing

D.  

Weather events

Discussion 0
Question # 76

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

Options:

A.  

Disable Telnet and force SSH.

B.  

Establish a continuous ping.

C.  

Utilize an agentless monitor

D.  

Enable SNMPv3 With passwords.

Discussion 0
Question # 77

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.  

Shadow IT

B.  

Credential stuffing

C.  

SQL injection

D.  

Man in the browser

E.  

Bluejacking

Discussion 0
Question # 78

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

Options:

A.  

An air gap

B.  

A hot site

C.  

A VUAN

D.  

A screened subnet

Discussion 0
Question # 79

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

Options:

A.  

Apply a DLP solution.

B.  

Implement network segmentation

C.  

Utilize email content filtering,

D.  

isolate the infected attachment.

Discussion 0
Question # 80

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Options:

A.  

Default system configuration

B.  

Unsecure protocols

C.  

Lack of vendor support

D.  

Weak encryption

Discussion 0
Question # 81

A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

Options:

A.  

Dual supply

B.  

Generator

C.  

PDU

D.  

Dally backups

Discussion 0
Question # 82

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.  

Soft token

B.  

Smart card

C.  

CSR

D.  

SSH key

Discussion 0
Question # 83

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

Options:

A.  

A spraying attack was used to determine which credentials to use

B.  

A packet capture tool was used to steal the password

C.  

A remote-access Trojan was used to install the malware

D.  

A directory attack was used to log in as the server administrator

Discussion 0
Question # 84

A security administrator examines the ARP table of an access switch and sees the following output:

Question # 84

Which of the following is a potential threat that is occurring on this access switch?

Options:

A.  

DDoSonFa02 port

B.  

MAG flooding on Fa0/2 port

C.  

ARP poisoning on Fa0/1 port

D.  

DNS poisoning on port Fa0/1

Discussion 0
Question # 85

A systems integrator is installing a new access control system for a building. The new system will need to connect to the Company's AD server In order to validate current employees. Which of the following should the systems integrator configure to be the most secure?

Options:

A.  

HTTPS

B.  

SSH

C.  

SFTP

D.  

LDAPS

Discussion 0
Question # 86

A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability Which of the following would be the most cost-effective solution for the data center 10 implement''

Options:

A.  

Uninterruptible power supplies with battery backup

B.  

Managed power distribution units lo track these events

C.  

A generator to ensure consistent, normalized power delivery

D.  

Dual power supplies to distribute the load more evenly

Discussion 0
Question # 87

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.  

MDM

B.  

RFID

C.  

DLR

D.  

SIEM

Discussion 0
Question # 88

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

Question # 88

Which of the following is the most likely cause of the security control bypass?

Options:

A.  

IP address allow list

B.  

user-agent spoofing

C.  

WAF bypass

D.  

Referrer manipulation

Discussion 0
Question # 89

The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers. Which of the attacks has most likely occurred?

Options:

A.  

Privilege escalation

B.  

Buffer overflow

C.  

Resource exhaustion

D.  

Cross-site scripting

Discussion 0
Question # 90

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.  

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.  

The MRI vendor does not support newer versions of the OS.

C.  

Changing the OS breaches a support SLA with the MRI vendor.

D.  

The IT team does not have the budget required to upgrade the MRI scanner.

Discussion 0
Question # 91

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

Options:

A.  

Ignore the warning and continue to use the application normally.

B.  

Install the certificate on each endpoint that needs to use the application.

C.  

Send the new certificate to the users to install on their browsers.

D.  

Send a CSR to a known CA and install the signed certificate on the application's server.

Discussion 0
Question # 92

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Options:

A.  

DLP

B.  

SIEM

C.  

NIDS

D.  

WAF

Discussion 0
Question # 93

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.  

Configure VLANs on the core router

B.  

Configure NAT on the core router.

C.  

Configure BGP on the core router

D.  

Enable AES encryption on the web server

E.  

Enable 3DES encryption on the web server

F.  

Enable TLSv2 encryption on the web server

Discussion 0
Question # 94

A company is concerned about individuals driving a car into the building to gain access. Which of the following security controls would work BEST to prevent this from happening?

Options:

A.  

Bollard

B.  

Camera

C.  

Alarms

D.  

Signage

E.  

Access control vestibule

Discussion 0
Question # 95

Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

Options:

A.  

Containment

B.  

Identification

C.  

Preparation

D.  

Recovery

Discussion 0
Question # 96

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

Question # 96

Which of the following best describes the attack that is currently in progress?

Options:

A.  

MAC flooding

B.  

Evil twin

C.  

ARP poisoning

D.  

DHCP spoofing

Discussion 0
Question # 97

A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?

Options:

A.  

Kerberos

B.  

SSL/TLS

C.  

IPSec

D.  

SSH

Discussion 0
Question # 98

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

Options:

A.  

Log enrichment

B.  

Log queue

C.  

Log parser

D.  

Log collector

Discussion 0
Question # 99

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained Which of the following roles would MOST likely include these responsibilities?

Options:

A.  

Data protection officer

B.  

Data owner

C.  

Backup administrator

D.  

Data custodian

E.  

Internal auditor

Discussion 0
Question # 100

Which of the following should be addressed first on security devices before connecting to the network?

Options:

A.  

Open permissions

B.  

Default settings

C.  

API integration configuration

D.  

Weak encryption

Discussion 0
Question # 101

An incident has occurred in the production environment.

Analyze the command outputs and identify the type of compromise.

Question # 101

Options:

Discussion 0
Question # 102

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Options:

A.  

Implement proper network access restrictions.

B.  

Initiate a bug bounty program.

C.  

Classify the system as shadow IT.

D.  

Increase the frequency of vulnerability scans.

Discussion 0
Question # 103

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.  

Facial recognition

B.  

Six-digit PIN

C.  

PKI certificate

D.  

Smart card

Discussion 0
Question # 104

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.  

A buffer overflow was exploited to gain unauthorized access.

B.  

The user's account was con-promised, and an attacker changed the login credentials.

C.  

An attacker used a pass-the-hash attack to gain access.

D.  

An insider threat with username logged in to the account.

Discussion 0
Question # 105

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

Options:

A.  

Directory traversal

B.  

CSRF

C.  

Pass the hash

D.  

SQL injection

Discussion 0
Question # 106

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.  

SSO

B.  

Digital certificate

C.  

Token

D.  

SSH key

Discussion 0
Question # 107

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.  

Ensure the scan engine is configured correctly.

B.  

Apply a patch to the domain controller.

C.  

Research the CV

E.  

D.  

Document this as a false positive.

Discussion 0
Question # 108

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.  

True positive

B.  

True negative

C.  

False positive

D.  

False negative

Discussion 0
Question # 109

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.  

Geolocation

B.  

Time-of-day restrictions

C.  

Certificates

D.  

Tokens

E.  

Geotagging

F.  

Role-based access controls

Discussion 0
Question # 110

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?

Options:

A.  

Determine a quality CASB solution.

B.  

Configure the DLP policies by user groups.

C.  

Implement agentless NAC on boundary devices.

D.  

Classify all data on the file servers.

Discussion 0
Question # 111

A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

Options:

A.  

Identify rogue access points.

B.  

Check for channel overlaps.

C.  

Create heat maps.

D.  

Implement domain hijacking.

Discussion 0
Question # 112

Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?

Options:

A.  

Shadow IT

B.  

Hacktivist

C.  

Insider threat

D.  

script kiddie

Discussion 0
Question # 113

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

Options:

A.  

The Diamond Model of Intrusion Analysis

B.  

CIS Critical Security Controls

C.  

NIST Risk Management Framework

D.  

ISO 27002

Discussion 0
Question # 114

Which of Ihe following control types is patch management classified under?

Options:

A.  

Deterrent

B.  

Physical

C.  

Corrective

D.  

Detective

Discussion 0
Question # 115

A security analyst receives an alert that indicates a user's device is displaying anomalous behavior The analyst suspects the device might be compromised Which of the following should the analyst to first?

Options:

A.  

Reboot the device

B.  

Set the host-based firewall to deny an incoming connection

C.  

Update the antivirus definitions on the device

D.  

Isolate the device

Discussion 0
Question # 116

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.  

Intrusion prevention system

B.  

Proxy server

C.  

Jump server

D.  

Security zones

Discussion 0
Question # 117

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.  

Nmap

B.  

CURL

C.  

Neat

D.  

Wireshark

Discussion 0
Question # 118

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.  

Trusted Platform Module

B.  

laaS

C.  

HSMaas

D.  

PaaS

Discussion 0
Question # 119

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.  

Legacy operating system

B.  

Weak configuration

C.  

Zero day

D.  

Supply chain

Discussion 0
Question # 120

A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected.

Which of the following would provide the best proof that customer data is being protected?

Options:

A.  

SOC2

B.  

CSA

C.  

CSF

D.  

1SO 31000

Discussion 0
Question # 121

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.  

Something you know

B.  

Something you have

C.  

Somewhere you are

D.  

Someone you know

E.  

Something you are

F.  

Something you can do

Discussion 0
Question # 122

Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

Options:

A.  

Stored procedures

B.  

Code reuse

C.  

Version control

D.  

Continunus

Discussion 0
Question # 123

An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?

Options:

A.  

SDLC

B.  

VLAN

C.  

SDN

D.  

SDV

Discussion 0
Question # 124

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.  

SaaS

B.  

PaaS

C.  

laaS

D.  

DaaS

Discussion 0
Question # 125

Which of the following would be used to find the most common web-applicalion vulnerabilities?

Options:

A.  

OWASP

B.  

MITRE ATT&CK

C.  

Cyber Kill Chain

D.  

SDLC

Discussion 0
Question # 126

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.  

SPIM

B.  

Vishing

C.  

Spear phishing

D.  

Smishing

Discussion 0
Question # 127

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

Options:

A.  

Corrective

B.  

Compensating

C.  

Deterrent

D.  

Technical

Discussion 0
Question # 128

Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.  

Hashing

B.  

DNS sinkhole

C.  

TLS inspection

D.  

Data masking

Discussion 0
Question # 129

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.  

SMIME

B.  

LDAPS

C.  

SSH

D.  

SRTP

Discussion 0
Question # 130

Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

Options:

A.  

VM escape

B.  

SQL injection

C.  

Buffer overflow

D.  

Race condition

Discussion 0
Question # 131

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following steps:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an

incoming guest. The guest AD

credentials are:

User: guest01

Password: guestpass

Question # 131

Options:

Discussion 0
Question # 132

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

Options:

A.  

Public cloud

B.  

Hybrid cloud

C.  

Community cloud

D.  

Private cloud

Discussion 0
Question # 133

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

Options:

A.  

MAC filtering

B.  

Anti-malware

C.  

Translation gateway

D.  

VPN

Discussion 0
Question # 134

A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that

someone could use removable media to install a rootkit Mich of the should the security engineer configure to BEST protect the kiosk computer?

Options:

A.  

Measured boot

B.  

Boot attestation

C.  

UEFI

D.  

EDR

Discussion 0
Question # 135

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Options:

A.  

Machine learning

B.  

DNS sinkhole

C.  

Blocklist

D.  

Honey pot

Discussion 0
Question # 136

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.  

MITRE ATT&CK

B.  

Walk-through

C.  

Red team

D.  

Purple team-I

E.  

TAXI

Discussion 0
Question # 137

A building manager is concerned about people going in and out of the office during non-working hours. Which of the following physical security controls would provide the best solution?

Options:

A.  

Cameras

B.  

Badges

C.  

Locks

D.  

Bollards

Discussion 0
Question # 138

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.  

laaS

B.  

PaaS

C.  

DaaS

D.  

SaaS

Discussion 0
Question # 139

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

Question # 139

Which of the following password attacks is taking place?

Options:

A.  

Dictionary

B.  

Brute-force

C.  

Rainbow table

D.  

Spraying

Discussion 0
Question # 140

A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?

Options:

A.  

Security groups

B.  

Container security

C.  

Virtual networks

D.  

Segmentation

Discussion 0
Question # 141

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

Options:

A.  

User training

B.  

CAsB

C.  

MDM

D.  

EDR

Discussion 0
Question # 142

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Question # 142

Options:

Discussion 0
Question # 143

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

Options:

A.  

MOU

B.  

SLA

C.  

EOL

D.  

NDA

Discussion 0
Question # 144

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

Options:

A.  

IDS solution

B.  

EDR solution

C.  

HIPS software solution

D.  

Network DLP solution

Discussion 0
Question # 145

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.  

Insider threat

B.  

Hacktivist

C.  

Nation-state

D.  

Organized crime

Discussion 0
Question # 146

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)

Options:

A.  

Load balancing

B.  

Incremental backups

C.  

UPS

D.  

RAID

E.  

Dual power supply

F.  

VLAN

Discussion 0
Question # 147

An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data. Which of the following is the attacker most likely using?

Options:

A.  

Base64 encoding

B.  

Steganography

C.  

Data encryption

D.  

Perfect forward secrecy

Discussion 0
Question # 148

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

Options:

A.  

SAN

B.  

Wildcard

C.  

Extended validation

D.  

Self-signed

Discussion 0
Question # 149

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

Options:

A.  

Unsecure root accounts

B.  

Lack of vendor support

C.  

Password complexity

D.  

Default settings

Discussion 0
Question # 150

Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

Options:

A.  

IaaS

B.  

SaaS

C.  

PaaS

D.  

XaaS

Discussion 0
Question # 151

While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the BEST solution to securely prevent future issues?

Options:

A.  

Using an administrator account to run the processes and disabling the account when it is not in use

B.  

Implementing a shared account the team can use to run automated processes

C.  

Configuring a service account to run the processes

D.  

Removing the password complexity requirements for the user account

Discussion 0
Question # 152

A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their

devices, the following requirements must be met:

  • Mobile device OSs must be patched up to the latest release.
  • A screen lock must be enabled (passcode or biometric).
  • Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

Options:

A.  

Disable firmware over-the-air

B.  

Storage segmentation

C.  

Posture checking

D.  

Remote wipe

E.  

Full device encryption

F.  

Geofencing

Discussion 0
Question # 153

The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

Options:

A.  

Implementing a content filter

B.  

Anonymizing the data

C.  

Deploying DLP tools

D.  

Installing a FIM on the application server

Discussion 0
Question # 154

A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management. Which of the following cloud models would best suit this company's priorities?

Options:

A.  

Public

B.  

Hybrid

C.  

Community

D.  

Private

Discussion 0
Question # 155

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question # 155

Question # 155

Select and Place:

Question # 155

Options:

Discussion 0
Question # 156

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.  

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.  

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.  

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.  

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Discussion 0
Question # 157

A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

Options:

A.  

Dump file

B.  

System log

C.  

Web application log

D.  

Security too

Discussion 0
Question # 158

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.  

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.  

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.  

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.  

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Discussion 0
Question # 159

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.  

Detective

B.  

Deterrent

C.  

Directive

D.  

Corrective

Discussion 0
Get SY0-601 dumps and pass your exam in 24 hours!

Free Exams Sample Questions