New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

SY0-601 CompTIA Security+ Exam 2023 Questions and Answers

Questions 4

A security analyst needs to implement security features across smartphones. laptops, and tablets. Which of the following would be the most effective across heterogeneous platforms?

Options:

A.

Enforcing encryption

B.

Deploying GPOs

C.

Removing administrative permissions

D.

Applying MDM software

Buy Now
Questions 5

A web server has been compromised due to a ransomware attack. Further Investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Options:

A.

The last incremental backup that was conducted 72 hours ago

B.

The last known-good configuration stored by the operating system

C.

The last full backup that was conducted seven days ago

D.

The baseline OS configuration

Buy Now
Questions 6

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Buy Now
Questions 7

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

Options:

A.

MITRE ATT&CK

B.

Walk-through

C.

Red team

D.

Purple team-I

E.

TAXI

Buy Now
Questions 8

A company wants to deploy PKI on its internet-facing website The applications that are currently deployed are

• www company.com (mam website)

• contact us company com (for locating a nearby location)

• quotes company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store company com Which of the following certificate types would best meet the requirements?

Options:

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed

Buy Now
Questions 9

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.

SaaS

B.

PaaS

C.

laaS

D.

DaaS

Buy Now
Questions 10

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.

Detective

B.

Deterrent

C.

Directive

D.

Corrective

Buy Now
Questions 11

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

Options:

A.

Improper algorithms security

B.

Tainted training data

C.

virus

D.

Cryptomalware

Buy Now
Questions 12

A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot Which Of the following IS the most likely reason for the outage?

Options:

A.

Someone near the is jamming the signal.

B.

A user has set up a rogue access point near building.

C.

Someone set up an evil twin access Print in the affected area.

D.

The APS in the affected area have been from the network

Buy Now
Questions 13

A company needs to centralize its logs to create a baseline and have visibility on its security events Which of the following technologies will accomplish this objective?

Options:

A.

Security information and event management

B.

A web application firewall

C.

A vulnerability scanner

D.

A next-generation firewall

Buy Now
Questions 14

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 15

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

Options:

A.

Redundancy

B.

RAID 1+5

C.

Virtual machines

D.

Full backups

Buy Now
Questions 16

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Buy Now
Questions 17

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation.

C.

Utilize email content filtering.

D.

Isolate the infected attachment.

Buy Now
Questions 18

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Buy Now
Questions 19

A network administrator has been alerted that web pages are experiencing long load times After determining it is not a routing or DNS issue the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago

1 sec ave: 99 percent busy

5 sec ave: 97 percent busy

1 min ave: 83 percent busy

Which of the following is The router experiencing?

Options:

A.

DDoS attack

B.

Memory leak

C.

Buffer overflow

D.

Resource exhaustion

Buy Now
Questions 20

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Buy Now
Questions 21

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's Pll?

Options:

A.

SCAP

B.

NetFlow

C.

Antivirus

D.

DLP

Buy Now
Questions 22

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Buy Now
Questions 23

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:

SY0-601 Question 23

Which of the following password attacks is taking place?

Options:

A.

Dictionary

B.

Brute-force

C.

Rainbow table

D.

Spraying

Buy Now
Questions 24

A security analyst is hardening a network infrastructure The analyst is given the following requirements

• Preserve the use of public IP addresses assigned to equipment on the core router

• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Select two).

Options:

A.

Configure VLANs on the core router

B.

Configure NAT on the core router.

C.

Configure BGP on the core router

D.

Enable AES encryption on the web server

E.

Enable 3DES encryption on the web server

F.

Enable TLSv2 encryption on the web server

Buy Now
Questions 25

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tabletop exercise

Buy Now
Questions 26

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

SY0-601 Question 26

Which of the following best describes this kind of attack?

Options:

A.

Directory traversal

B.

SQL injection

C.

API

D.

Request forgery

Buy Now
Questions 27

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Select two).

Options:

A.

passphrase

B.

Time-based one-time password

C.

Facial recognition

D.

Retina scan

E.

Hardware token

F.

Fingerprints

Buy Now
Questions 28

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.

Nmap

B.

CURL

C.

Neat

D.

Wireshark

Buy Now
Questions 29

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.

Soft token

B.

Smart card

C.

CSR

D.

SSH key

Buy Now
Questions 30

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

Options:

A.

Legacy operating system

B.

Weak configuration

C.

Zero day

D.

Supply chain

Buy Now
Questions 31

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Buy Now
Questions 32

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the internet border, followed by a DLP appliance, the VPN server and the data center itself Which of the following is the weakest design element?

Options:

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance.

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network.

D.

Adding two hops in the VPN tunnel may slow down remote connections

Buy Now
Questions 33

Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Buy Now
Questions 34

A security professional wants to enhance the protection of a critical environment that is Used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Options:

A.

DLP

B.

HSM

C.

CA

D.

FIM

Buy Now
Questions 35

A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down. Which of the following should the web architect consider to address this concern?

Options:

A.

Containers

B.

Virtual private cloud

C.

Segmentation

D.

Availability zones

Buy Now
Questions 36

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 37

Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

Options:

A.

Wearable sensors

B.

Raspberry Pi

C.

Surveillance systems

D.

Real-time operating systems

Buy Now
Questions 38

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 39

Which of the following terms should be included in a contract to help a company monitor the ongo-ing security maturity Of a new vendor?

Options:

A.

A right-to-audit clause allowing for annual security audits

B.

Requirements for event logs to kept for a minimum of 30 days

C.

Integration of threat intelligence in the companys AV

D.

A data-breach clause requiring disclosure of significant data loss

Buy Now
Questions 40

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

Options:

A.

The business continuity plan

B.

The risk management plan

C.

The communication plan

D.

The incident response plan

Buy Now
Questions 41

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Buy Now
Questions 42

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

Options:

A.

GDPR

B.

ISO

C.

NIST

D.

PCI DSS

Buy Now
Questions 43

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

SY0-601 Question 43

Options:

Buy Now
Questions 44

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

SY0-601 Question 44

Options:

Buy Now
Questions 45

During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall. Which of the following describes the

greatest risk associated with using FTP?

Options:

A.

Private data can be leaked

B.

FTP is prohibited by internal policy.

C.

Users can upload personal files

D.

Credentials are sent in cleartext.

Buy Now
Questions 46

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to best meet the requirement?

Options:

A.

Fog computing and KVMs

B.

VDI and thin clients

C.

Private cloud and DLP

D.

Full drive encryption and thick clients

Buy Now
Questions 47

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Buy Now
Questions 48

Which of the following are common VoIP-associated vulnerabilities? (Select two).

Options:

A.

SPIM

B.

Vishing

C.

VLAN hopping

D.

Phishing

E.

DHCP snooping

F.

Tailgating

Buy Now
Questions 49

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Buy Now
Questions 50

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the follow r 3 best describes these systems?

Options:

A.

DNS sinkholes

B.

Honey pots

C.

Virtual machines

D.

Neural networks

Buy Now
Questions 51

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 52

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

Options:

A.

Privacy

B.

Availability

C.

Integrity

D.

Confidentiality

Buy Now
Questions 53

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Options:

A.

An RTO report

B.

A risk register

C.

A business impact analysis

D.

An asset value register

E.

A disaster recovery plan

Buy Now
Questions 54

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would best support the policy?

Options:

A.

Mobile device management

B.

Full device encryption

C.

Remote wipe

D.

Biometrics

Buy Now
Questions 55

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

Options:

A.

Internet Proxy

B.

VPN

C.

WAF

D.

Firewall

Buy Now
Questions 56

Which Of the following is a primary security concern for a setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 57

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Buy Now
Questions 58

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.

Shadow IT

B.

Credential stuffing

C.

SQL injection

D.

Man in the browser

E.

Bluejacking

Buy Now
Questions 59

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Buy Now
Questions 60

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Options:

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Buy Now
Questions 61

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

Options:

A.

Enforce the use of a controlled trusted source of container images

B.

Deploy an IPS solution capable of detecting signatures of attacks targeting containers

C.

Define a vulnerability scan to assess container images before being introduced on the environment

D.

Create a dedicated VPC for the containerized environment

Buy Now
Questions 62

After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session

Which of the following types of attacks has occurred?

Options:

A.

Privilege escalation

B.

Session replay

C.

Application programming interface

D.

Directory traversal

Buy Now
Questions 63

A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Options:

A.

Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

B.

Install a sandbox to run the malicious payload in a safe environment

C.

Perform a traceroute to identify the communication path

D.

Use netstat to check whether communication has been made with a remote host

Buy Now
Questions 64

During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

Options:

A.

User behavior analytics

B.

Dump files

C.

Bandwidth monitors

D.

Protocol analyzer output

Buy Now
Questions 65

Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?

Options:

A.

Penetration testing

B.

Code review

C.

Wardriving

D.

Bug bounty

Buy Now
Questions 66

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

The Cyber Kill Chain

C.

The MITRE CVE database

D.

The incident response process

Buy Now
Questions 67

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

Options:

A.

1s

B.

chflags

C.

chmod

D.

lsof

E.

setuid

Buy Now
Questions 68

A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

Options:

A.

A service-level agreement

B.

A business partnership agreement

C.

A SOC 2 Type 2 report

D.

A memorandum of understanding

Buy Now
Questions 69

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

Options:

A.

Authentication protocol

B.

Encryption type

C.

WAP placement

D.

VPN configuration

Buy Now
Questions 70

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

Options:

A.

GDPR

B.

PCI DSS

C.

ISO 27000

D.

NIST 800-53

Buy Now
Questions 71

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.

laC

B.

MSSP

C.

Containers

D.

SaaS

Buy Now
Questions 72

The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

Options:

A.

Disconnect all external network connections from the firewall

B.

Send response teams to the network switch locations to perform updates

C.

Turn on all the network switches by using the centralized management software

D.

Initiate the organization's incident response plan.

Buy Now
Questions 73

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Buy Now
Questions 74

Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?

Options:

A.

TOTP

B.

Biometrics

C.

Kerberos

D.

LDAP

Buy Now
Questions 75

A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

Options:

A.

HIDS

B.

NIPS

C.

HSM

D.

WAF

E.

NAC

F.

NIDS

G.

Stateless firewall

Buy Now
Questions 76

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.

The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

Options:

A.

Identity theft

B.

RFID cloning

C.

Shoulder surfing

D.

Card skimming

Buy Now
Questions 77

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Options:

A.

Vishing

B.

Phishing

C.

Spear phishing

D.

Whaling

Buy Now
Questions 78

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site 's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

Options:

A.

DoS attack

B.

ARP poisoning

C.

DNS spoofing

D.

NXDOMAIN attack

Buy Now
Questions 79

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Buy Now
Questions 80

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

Options:

A.

Security patches were uninstalled due to user impact.

B.

An adversary altered the vulnerability scan reports

C.

A zero-day vulnerability was used to exploit the web server

D.

The scan reported a false negative for the vulnerability

Buy Now
Questions 81

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Options:

A.

Content filter

B.

SIEM

C.

Firewall rules

D.

DLP

Buy Now
Questions 82

A company acquired several other small companies The company thai acquired the others is transitioning network services to the cloud The company wants to make sure that performance and security remain intact Which of the following BEST meets both requirements?

Options:

A.

High availability

B.

Application security

C.

Segmentation

D.

Integration and auditing

Buy Now
Questions 83

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Buy Now
Questions 84

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

Options:

A.

IP restrictions

B.

Multifactor authentication

C.

A banned password list

D.

A complex password policy

Buy Now
Questions 85

A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following is the BEST technical implementation to prevent this from happening again?

Options:

A.

Configure DLP solutions

B.

Disable peer-to-peer sharing

C.

Enable role-based

D.

Mandate job rotation

E.

Implement content filters

Buy Now
Questions 86

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.

Non-credentialed

B.

Web application

C.

Privileged

D.

Internal

Buy Now
Questions 87

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?

Options:

A.

SNMP traps

B.

A Telnet session

C.

An SSH connection

D.

SFTP traffic

Buy Now
Questions 88

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

Options:

A.

A biometric scanner

B.

A smart card reader

C.

APKItoken

D.

A PIN pad

Buy Now
Questions 89

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Buy Now
Questions 90

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

SY0-601 Question 90

Which of the following should the analyst recommend to disable?

Options:

A.

21/tcp

B.

22/tcp

C.

23/tcp

D.

443/tcp

Buy Now
Questions 91

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

SY0-601 Question 91

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS. mplement a SIEM

B.

CSRF. implement an IPS

C.

Directory traversal implement a WAF

D.

SQL infection, mplement an IDS

Buy Now
Questions 92

A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and

are unable to support the addition of MFA, Which of te following will the engineer MOST likely use to achieve this objective?

Options:

A.

A forward proxy

B.

A stateful firewall

C.

A jump server

D.

A port tap

Buy Now
Questions 93

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Buy Now
Questions 94

An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize. Which of the following BEST describes this type of email?

Options:

A.

Spear phishing

B.

Whaling

C.

Phishing

D.

Vishing

Buy Now
Questions 95

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices Which of the following is a cost-effective approach to address these concerns?

Options:

A.

Enhance resiliency by adding a hardware RAID.

B.

Move data to a tape library and store the tapes off-site

C.

Install a local network-attached storage.

D.

Migrate to a cloud backup solution

Buy Now
Questions 96

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 97

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.

Dictionary

B.

Rainbow table

C.

Spraying

D.

Brute-force

Buy Now
Questions 98

A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

Options:

A.

Create a new network for the mobile devices and block the communication to the internal network and servers

B.

Use a captive portal for user authentication.

C.

Authenticate users using OAuth for more resiliency

D.

Implement SSO and allow communication to the internal network

E.

Use the existing network and allow communication to the internal network and servers.

F.

Use a new and updated RADIUS server to maintain the best solution

Buy Now
Questions 99

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered. Which of the following BEST represents the type of testing that is being used?

Options:

A.

White-box

B.

Red-leam

C.

Bug bounty

D.

Gray-box

E.

Black-box

Buy Now
Questions 100

A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?

Options:

A.

OpenID is mandatory to make the MFA requirements work

B.

An incorrect browser has been detected by the SAML application

C.

The access device has a trusted certificate installed that is overwriting the session token

D.

The user’s IP address is changing between logins, bur the application is not invalidating the token

Buy Now
Questions 101

Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

Options:

A.

RTO

B.

MTBF

C.

MTTR

D.

RPO

Buy Now
Questions 102

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

Options:

A.

Vulnerabilities with a CVSS score greater than 6.9.

B.

Critical infrastructure vulnerabilities on non-IP protocols.

C.

CVEs related to non-Microsoft systems such as printers and switches.

D.

Missing patches for third-party software on Windows workstations and servers.

Buy Now
Questions 103

A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares. Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Buy Now
Questions 104

Which of the following is a cryptographic concept that operates on a fixed length of bits?

Options:

A.

Block cipher

B.

Hashing

C.

Key stretching

D.

Salting

Buy Now
Questions 105

A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Buy Now
Questions 106

A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Buy Now
Questions 107

Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

Options:

A.

Mantraps

B.

Security guards

C.

Video surveillance

D.

Fences

E.

Bollards

F.

Antivirus

Buy Now
Questions 108

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?

Options:

A.

SOAP

B.

SAML

C.

SSO

D.

Kerberos

Buy Now
Questions 109

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Buy Now
Questions 110

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Options:

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Buy Now
Questions 111

A help desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

Options:

A.

Check the metadata in the email header of the received path in reverse order to follow the email’s path.

B.

Hover the mouse over the CIO's email address to verify the email address.

C.

Look at the metadata in the email header and verify the "From." line matches the CIO's email address.

D.

Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Buy Now
Questions 112

A company recently experienced an attack during which 5 main website was directed to the atack-er’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?

Options:

A.

IPSec

B.

SSL/TLS

C.

DNSSEC

D.

S/MIME

Buy Now
Questions 113

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.

A new firewall rule is needed to access the application.

B.

The system was quarantined for missing software updates.

C.

The software was not added to the application whitelist.

D.

The system was isolated from the network due to infected software

Buy Now
Questions 114

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Options:

A.

Evil twin

B.

Jamming

C.

DNS poisoning

D.

Bluesnarfing

E.

DDoS

Buy Now
Questions 115

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

Options:

A.

The unexpected traffic correlated against multiple rules, generating multiple alerts.

B.

Multiple alerts were generated due to an attack occurring at the same time.

C.

An error in the correlation rules triggered multiple alerts.

D.

The SIEM was unable to correlate the rules, triggering the alerts.

Buy Now
Questions 116

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?

Options:

A.

Phishing

B.

Vishing

C.

Smishing

D.

Spam

Buy Now
Questions 117

As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

Options:

A.

TAXII

B.

TLP

C.

TTP

D.

STIX

Buy Now
Questions 118

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access Which of the following is the BEST security solution to reduce this risk?

Options:

A.

CASB

B.

VPN concentrator

C.

MFA

D.

VPC endpoint

Buy Now
Questions 119

Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

Options:

A.

Production

B.

Test

C.

Staging

D.

Development

Buy Now
Questions 120

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Buy Now
Questions 121

Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Options:

A.

File integrity monitoring

B.

Honeynets

C.

Tcpreplay

D.

Data loss prevention

Buy Now
Questions 122

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 123

A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash. Which of the following is the next step according to the incident response process?

Options:

A.

Recovery

B.

Lessons learned

C.

Containment

D.

Preparation

Buy Now
Questions 124

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Buy Now
Questions 125

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Buy Now
Questions 126

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Options:

A.

Intrusion prevention system

B.

Proxy server

C.

Jump server

D.

Security zones

Buy Now
Questions 127

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 128

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

D.

Including an "allow any" policy above the "deny any" policy

Buy Now
Questions 129

A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  • Consistent power levels in case of brownouts or voltage spikes
  • A minimum of 30 minutes runtime following a power outage
  • Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

Options:

A.

Maintaining a standby, gas-powered generator

B.

Using large surge suppressors on computer equipment

C.

Configuring managed PDUs to monitor power levels

D.

Deploying an appropriately sized, network-connected UPS device

Buy Now
Questions 130

The new Chief Information Security Officer at a company has asked the security learn to implement stronger user account policies. The new policies require:

• Users to choose a password unique to their last ten passwords

• Users to not log in from certain high-risk countries

Which of the following should the security team implement? (Select two).

Options:

A.

Password complexity

B.

Password history

C.

Geolocation

D.

Geospatial

E.

Geotagging

F.

Password reuse

Buy Now
Questions 131

A security analyst received the following requirements for the deployment of a security camera solution:

* The cameras must be viewable by the on-site security guards.

+ The cameras must be able to communicate with the video storage server.

* The cameras must have the time synchronized automatically.

* The cameras must not be reachable directly via the internet.

* The servers for the cameras and video storage must be available for remote maintenance via the company VPN.

Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?

Options:

A.

Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on

B.

Deploying a jump server that is accessible via the internal network that can communicate with the servers

C.

Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering

D.

Implementing a WAF to allow traffic from the local NTP server to the camera server

Buy Now
Questions 132

Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?

Options:

A.

Shadow IT

B.

Hacktivist

C.

Insider threat

D.

script kiddie

Buy Now
Questions 133

After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

Options:

A.

Supply chain attack

B.

Ransomware attack

C.

Cryptographic attack

D.

Password attack

Buy Now
Questions 134

An organization wants to quickly assess how effectively the IT team hardened new laptops Which of the following would be the best solution to perform this assessment?

Options:

A.

Install a SIEM tool and properly configure it to read the OS configuration files.

B.

Load current baselines into the existing vulnerability scanner.

C.

Maintain a risk register with each security control marked as compliant or non-compliant.

D.

Manually review the secure configuration guide checklists.

Buy Now
Questions 135

Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Buy Now
Questions 136

A financial institution recently joined a bug bounty program to identify security issues in the institution's new public platform. Which of the following best describes who the institution is working with to identify security issues?

Options:

A.

Script kiddie

B.

Insider threats

C.

Malicious actor

D.

Authorized hacker

Buy Now
Questions 137

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Buy Now
Questions 138

Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

AUP

Buy Now
Questions 139

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

Options:

A.

Tokenization

B.

Input validation

C.

Code signing

D.

Secure cookies

Buy Now
Questions 140

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

SY0-601 Question 140

Options:

Buy Now
Questions 141

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.

The MRI vendor does not support newer versions of the OS.

C.

Changing the OS breaches a support SLA with the MRI vendor.

D.

The IT team does not have the budget required to upgrade the MRI scanner.

Buy Now
Questions 142

A security analyst is investigating network issues between a workstation and a company server. The workstation and server occasionally experience service disruptions, and employees are forced to

reconnect to the server. In addition, some reports indicate sensitive information is being leaked from the server to the public.

The workstation IP address is 192.168.1.103, and the server IP address is 192.168.1.101.

The analyst runs arp -a On a separate workstation and obtains the following results:

SY0-601 Question 142

Which of the following is most likely occurring?

Options:

A.

Evil twin attack

B.

Domain hijacking attack

C.

On-path attack

D.

MAC flooding attack

Buy Now
Questions 143

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet

this objective?

Options:

A.

SIEM

B.

HIDS

C.

CASB

D.

EDR

Buy Now
Questions 144

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?

Options:

A.

Digital signatures

B.

Key exchange

C.

Salting

D.

PPTP

Buy Now
Questions 145

A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team. Which of the following approaches would be most effective for the manager to use to

address this issue?

Options:

A.

Tune the accuracy of fuzz testing.

B.

Invest in secure coding training and application security guidelines.

C.

Increase the frequency of dynamic code scans 1o detect issues faster.

D.

Implement code signing to make code immutable.

Buy Now
Questions 146

Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?

Options:

A.

IaaS

B.

SaaS

C.

PaaS

D.

XaaS

Buy Now
Questions 147

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

Options:

A.

Privilege creep

B.

Unmodified default

C.

TLS

D.

Improper patch management

Buy Now
Questions 148

A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would most likely contain language that would prohibit this activity?

Options:

A.

NDA

B.

BPA

C.

AUP

D.

SLA

Buy Now
Questions 149

A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customername”. Which of the following is most likely being attempted?

Options:

A.

Directory traversal

B.

SQL injection

C.

Privilege escalation

D.

Cross-site scripting

Buy Now
Questions 150

An air traffic controller receives a change in flight plan for an morning aircraft over the phone. The air traffic controller compares the change to what

appears on radar and determines the information to be false. As a result, the air traffic controller is able to prevent an incident from occurring. Which of the following is this scenario an example of?

Options:

A.

Mobile hijacking

B.

Vishing

C.

Unsecure VoIP protocols

D.

SPIM attack

Buy Now
Questions 151

A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?

Options:

A.

cat webserver.log | head -4600 | tail +500 |

B.

cat webserver.log | tail -1995400 | tail -500 |

C.

cat webserver.log | tail -4600 | head -500 |

D.

cat webserver.log | head -5100 | tail -500 |

Buy Now
Questions 152

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

SY0-601 Question 152

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

User-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Buy Now
Questions 153

A security analyst reviews web server logs and notices the following line:

104.35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp—admin/

Which of the following vulnerabilities is the attacker trying to exploit?

Options:

A.

SSRF

B.

CSRF

C.

xss

D.

SQLi

Buy Now
Questions 154

A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server. Which o( the following algorithms should the administrator use to split the number of the connections on each server In half?

Options:

A.

Weighted response

B.

Round-robin

C.

Least connection

D.

Weighted least connection

Buy Now
Questions 155

Which of the following describes where an attacker can purchase DDoS or ransomware services?

Options:

A.

Threat intelligence

B.

Open-source intelligence

C.

Vulnerability database

D.

Dark web

Buy Now
Questions 156

A systems administrator needs to install a new wireless network for authenticated guest access. The wireless network should support 802. IX using the most secure encryption and protocol available.

Perform the following steps:

1. Configure the RADIUS server.

2. Configure the WiFi controller.

3. Preconfigure the client for an

incoming guest. The guest AD

credentials are:

User: guest01

Password: guestpass

SY0-601 Question 156

Options:

Buy Now
Questions 157

An account was disabled atter several failed and successful login connections were made from various parts of the Word at various times. A security analysts investigating the issue. Which of the following account policies most likely triggered the action to disable the

Options:

A.

Time based logins

B.

Password history

C.

Geofencing

D.

Impossible travel time

Buy Now
Questions 158

While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

Options:

A.

Data loss prevention

B.

Blocking IP traffic at the firewall

C.

Containerization

D.

File integrity monitoring

Buy Now
Questions 159

Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

Options:

A.

Containment

B.

Identification

C.

Preparation

D.

Recovery

Buy Now
Questions 160

A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which Of following is most likely installed on compromised host?

Options:

A.

Keylogger

B.

Spyware

C.

Torjan

D.

Ransomware

Buy Now
Questions 161

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

Options:

A.

nmap

B.

tracert

C.

ping

D.

ssh

Buy Now
Questions 162

Which of Ihe following control types is patch management classified under?

Options:

A.

Deterrent

B.

Physical

C.

Corrective

D.

Detective

Buy Now
Questions 163

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile

application. After reviewing the back-end server logs, the security analyst finds the following entries

SY0-601 Question 163

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

user-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Buy Now
Questions 164

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

Options:

A.

A spraying attack was used to determine which credentials to use

B.

A packet capture tool was used to steal the password

C.

A remote-access Trojan was used to install the malware

D.

A directory attack was used to log in as the server administrator

Buy Now
Questions 165

A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

Options:

A.

Dual supply

B.

Generator

C.

PDU

D.

Dally backups

Buy Now
Questions 166

Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?

Options:

A.

 Edge computing

B.

Microservices

C.

Containers

D.

Thin client

Buy Now
Questions 167

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Buy Now
Questions 168

A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)

Options:

A.

Identify rogue access points.

B.

Check for channel overlaps.

C.

Create heat maps.

D.

Implement domain hijacking.

Buy Now
Questions 169

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

Options:

A.

Provisioning

B.

Staging

C.

Development

D.

Quality assurance

Buy Now
Questions 170

A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their

devices, the following requirements must be met:

  • Mobile device OSs must be patched up to the latest release.
  • A screen lock must be enabled (passcode or biometric).
  • Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Select two).

Options:

A.

Disable firmware over-the-air

B.

Storage segmentation

C.

Posture checking

D.

Remote wipe

E.

Full device encryption

F.

Geofencing

Buy Now
Questions 171

A company has hired an assessment team to test the security of the corporate network and employee vigilance. Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors. Which of the following is taking place?

Options:

A.

A red-team test

B.

A white-team test

C.

A purple-team test

D.

A blue-team test

Buy Now
Questions 172

An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider IS

used and the selected option is highly scalable?

Options:

A.

Self-signed certificate

B.

Certificate attributes

C.

Public key Infrastructure

D.

Domain validation

Buy Now
Questions 173

A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

Options:

A.

Reconnaissance

B.

Impersonation

C.

Typosquatting

D.

Watering-hole

Buy Now
Questions 174

The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.

Which of the following would be the best way to safeguard this information without impeding the testing process?

Options:

A.

Implementing a content filter

B.

Anonymizing the data

C.

Deploying DLP tools

D.

Installing a FIM on the application server

Buy Now
Questions 175

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Buy Now
Questions 176

A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

Options:

A.

Unsecure root accounts

B.

Lack of vendor support

C.

Password complexity

D.

Default settings

Buy Now
Questions 177

An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?

Options:

A.

SDLC

B.

VLAN

C.

SDN

D.

SDV

Buy Now
Questions 178

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which

of the following roles is the company assuming?

Options:

A.

Data owner

B.

Data processor

C.

Data steward

D.

Data collector

Buy Now
Questions 179

A company that provides an online streaming service made its customers' personal data including names and email addresses publicly available in a cloud storage service. As a result, the company experienced an increase m the number of requests to delete user accounts. Which of the following best describes the consequence of tins data disclosure?

Options:

A.

Regulatory tines

B.

Reputation damage

C.

Increased insurance costs

D.

Financial loss

Buy Now
Questions 180

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

Options:

A.

Ignore the warning and continue to use the application normally.

B.

Install the certificate on each endpoint that needs to use the application.

C.

Send the new certificate to the users to install on their browsers.

D.

Send a CSR to a known CA and install the signed certificate on the application's server.

Buy Now
Questions 181

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

Options:

A.

MDM

B.

RFID

C.

DLR

D.

SIEM

Buy Now
Questions 182

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

Options:

A.

Crossover error rate

B.

False match raw

C.

False rejection

D.

False positive

Buy Now
Questions 183

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Options:

A.

Compensating

B.

Deterrent

C.

Preventive

D.

Detective

Buy Now
Questions 184

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

Options:

A.

Directory traversal

B.

CSRF

C.

Pass the hash

D.

SQL injection

Buy Now
Questions 185

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would best describe the estimated number of devices to be replaced next year?

Options:

A.

SLA

B.

ARO

C.

RPO

D.

SLE

Buy Now
Questions 186

A junior human resources administrator was gathering data about employees to submit to a new company awards program The employee data included job title business phone number location first initial with last name and race Which of the following best describes this type of information?

Options:

A.

Sensitive

B.

Non-Pll

C.

Private

D.

Confidential

Buy Now
Questions 187

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

Options:

A.

RAID

B.

UPS

C.

NIC teaming

D.

Load balancing

Buy Now
Questions 188

The findings in a consultant's report indicate the most critical risk to the security posture from an incident response perspective is a lack of workstation and server investigation capabilities. Which of the following should be implemented to remediate this risk?

Options:

A.

HIDS

B.

FDE

C.

NGFW

D.

EDR

Buy Now
Questions 189

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Options:

A.

Walk-throughs

B.

Lessons learned

C.

Attack framework alignment

D.

Containment

Buy Now
Questions 190

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Options:

A.

IP schema

B.

Application baseline configuration

C.

Standard naming convention policy

D.

Wireless LAN and network perimeter diagram

Buy Now
Questions 191

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

Options:

A.

Corrective

B.

Compensating

C.

Deterrent

D.

Technical

Buy Now
Questions 192

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

Options:

A.

TFTP was disabled on the local hosts

B.

SSH was turned off instead of modifying the configuration file

C.

Remote login was disabled in the networkd.conf instead of using the sshd.conf.

D.

Network services are no longer running on the NAS.

Buy Now
Questions 193

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Options:

A.

Whaling

B.

Credential harvesting

C.

Prepending

D.

Dumpster diving

Buy Now
Questions 194

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Options:

A.

SPF

B.

GPO

C.

NAC

D.

FIM

Buy Now
Questions 195

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

Options:

A.

Continuous

B.

Ad hoc

C.

Recurring

D.

One time

Buy Now
Questions 196

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

'Tm in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address."

Which of the following are the best responses to this situation? (Select two).

Options:

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO's phone.

F.

Implement mobile device management.

Buy Now
Questions 197

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Options:

A.

Development

B.

b Test

C.

Production

D.

Staging

Buy Now
Questions 198

An organization is required to maintain financial data records for three years and customer data for five years. Which of the following data management policies should the organization implement?

Options:

A.

Retention

B.

Destruction

C.

Inventory

D.

Certification

Buy Now
Questions 199

An organization wants to reduce the likelihood that a data breach could result in reputational, financial, or regulatory consequences. The organization needs an enterprise-wide solution that does not require new technology or specialized roles. Which of the following describes the best way to achieve these goals?

Options:

A.

Developing a process where sensitive data is converted to non-sensitive values such as a token

B.

Masking identifiable information so the data cannot be traced back to a specific user

C.

Incorporating the principle of data minimization throughout business processes

D.

Requiring users and customers to consent to the processing of their information

Buy Now
Questions 200

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Options:

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Buy Now
Questions 201

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Buy Now
Questions 202

Users are reporting performance issues from a specific application server A security administrator notices that user traffic is being intermittently denied depending on which load balancer the traffic is originating from Which of the following types of log files should be used to capture this information?

Options:

A.

Session traffic

B.

Syslog data

C.

Security events

D.

DNS responses

E.

Authentication

Buy Now
Questions 203

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Buy Now
Questions 204

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Buy Now
Questions 205

Which of the following is the best resource to consult for information on the most common application exploitation methods?

Options:

A.

OWASP

B.

k STIX

C.

OVAL

D.

Threat intelligence feed

E.

Common Vulnerabilities and Exposures

Buy Now
Questions 206

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Options:

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Buy Now
Questions 207

A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Options:

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Buy Now
Questions 208

A company would like to enhance the authentication technologies being used by remote employees Which of the following should the company most likely choose?

Options:

A.

Token key

B.

Iris scan

C.

Gait analysis

D.

Voice recognition

Buy Now
Questions 209

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Options:

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Buy Now
Questions 210

A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

Options:

A.

Signature-based

B.

Behavioral-based

C.

URL-based

D.

Agent-based

Buy Now
Questions 211

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Options:

A.

SSO

B.

LEAP

C.

MFA

D.

REAP

Buy Now
Questions 212

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

Options:

A.

Corrective

B.

Preventive

C.

Detective

D.

Deterrent

Buy Now
Questions 213

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Buy Now
Questions 214

Which of the following alert types is the most likely to be ignored over time?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 215

A local business When of the following best describes a legal hold?

Options:

A.

It occurs during litigabon and requires retention of both electronic and physical documents.

B It occurs during a risk assessment and requires retention of risk-related documents.

B.

It occurs during incident recovery and requires retention of electronic documents

C.

It occurs during a business impact analysis and requires retention of documents categorized as personally identifiable information

Buy Now
Questions 216

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Buy Now
Questions 217

An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or nonexistent wireless signal?

Options:

A.

Heat map

B.

Agentless scanning

C.

Wardriving

D.

Embedded systems

Buy Now
Questions 218

Which of the following permits consistent, automated deployment rather than manual provisioning of data centers?

Options:

A.

Transit gateway

B.

Private cloud

C.

Containerization

D.

Infrastructure as code

Buy Now
Questions 219

As accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Buy Now
Questions 220

An organization wants to ensure it can track changes between software deployments. Which of the following concepts should the organization implement?

Options:

A.

Continuous monitoring

B.

Rights management

C.

Non-repudiation

D.

Version control

Buy Now
Questions 221

An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

Options:

A.

Implement a SIEM to correlate logs from multiple sources looking for alterable incidents.

B.

Configure IDS capabilities on the internet firewall to alert on the particular exploits used by the tester.

C.

Set up NetFlow on all data center switches connected to the servers.

D.

Deploy FIM agents on all servers in the environment.

Buy Now
Questions 222

A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?

Options:

A.

Copy

B.

Incremental

C.

Cloud

D.

Disk

E.

Storage area network

Buy Now
Questions 223

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Options:

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Buy Now
Questions 224

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

Options:

A.

802.1X

B.

SAML

C.

RADIUS

D.

CHAP

Buy Now
Questions 225

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Options:

A.

Contain the impacted hosts.

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing.

Buy Now
Questions 226

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

Options:

A.

Requiring all personnel to sign an acceptable use policy

B.

Implementing mandatory vacations

C.

Conducting criminal background checks

D.

Applying data retention standards to all databases

Buy Now
Questions 227

Which of the following is the most important security concern when using legacy systems to provide production service?

Options:

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Buy Now
Questions 228

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The security analyst reviews the following logs from the authentication server that is being used by the database:

SY0-601 Question 228

Which of the following can the security analyst conclude based on the review?

Options:

A.

A brute-force attack occurred.

B.

A rainbow table uncovered the password.

C.

Technical controls did not block the reuse of a password.

D.

An attacker used password spraying.

Buy Now
Questions 229

An incident response team for a media streaming provider is investigating a data exfiltration event of licensed video content that was able to circumvent advanced monitoring analytics The team has identified the following:

1 The analytics use machine learning with classifiers to label network data transfers.

2. Transfers labeled as "authenticated media stream’’ are permitted to egress, all ethers are interrupted/dropped

3. The most recent attempt was erroneously labeled as an "authenticated media stream."

4. An earlier attempt from the same threat actor was unsuccessful and labeled as "unauthorized media transfer."

5. The PCAP from the most recent event looks identical with the exception of a few bytes that had been modified

Which of the following moil likely occurred?

Options:

A.

Susceptibilities in the classifier enabled counter-AI techniques.

B.

Data used to train the model before deployment had been tainted

C.

An implant in the hardware supply chain went undetected

D.

The threat actor established a middle position and redirected the transfer

Buy Now
Questions 230

A food delivery service gives its drivers mobile devices that enable customers to track orders. Some drivers forget to leave the devices at the store when their shifts end. Which of the following would help remind the drivers to leave the devices at the store?

Options:

A.

Geofencing alerts

B.

Containerization

C.

Bring your own device policy

D.

Remote device wipe

Buy Now
Questions 231

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Select two).

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Directive

E.

Compensating

F.

Detective

Buy Now
Questions 232

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Select two).

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Buy Now
Questions 233

Which of the following is the first step to take when creating an anomaly detection process?

Options:

A.

Selecting events

B.

Building a baseline

C.

Selecting logging options

D.

Creating an event log

Buy Now
Questions 234

A municipality implements an loT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

Options:

A.

Isolate the controller from the rest of the network and constrain connectivity.

B.

Remove the controller from the network altogether.

C.

Quarantine the controller in a VLAN used for device patching from the internet

D.

Configure the internet firewall to deny any internet access to or from the controller.

Buy Now
Questions 235

A company wants to get alerts when others are researching and doing reconnaissance on the company. One approach would be to host a part of the infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Buy Now
Questions 236

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resumes?

Options:

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Buy Now
Questions 237

Which of the following is most likely to include a SCADA system?

Options:

A.

Water treatment plant

B.

Surveillance system

C.

Smart watch

D.

Wi-Fi-enabled thermostat

Buy Now
Questions 238

A security analyst inspects the following log:

SY0-601 Question 238

Which of the following was attempted?

Options:

A.

Command injection

B.

Buffer overflow

C.

Privilege escalation

D.

Directory traversal

Buy Now
Questions 239

An organization is build ng a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?

Options:

A.

NIC teaming

B.

Cloud backups

C.

A load balancer appliance

D.

UPS

Buy Now
Questions 240

A security analyst at an organization observed several user logins from outside the organization's network The analyst determined that these logins were not performed by individuals within the organization Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

Options:

A.

Disciplinary actions for users

B.

Conditional access policies

C.

More regular account audits

D.

implementation of additional authentication factors

E.

Enforcement of content filtering policies

F.

A review of user account permissions

Buy Now
Questions 241

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

Options:

A.

Hoaxes

B.

SPIMs

C.

Identity fraud

D.

Credential harvesting

Buy Now
Questions 242

A security analyst receives reports of widespread password login attempts for most of the administrator accounts in the environment. Logs indicate that a successful login occurred and the same credentials are being used to attempt to gain access to other resources. Which of the following would best prevent this type of attack from being successful?

Options:

A.

Multifactor authentication

B.

Password hygiene

C.

Key rotation

D.

IPSec certificates

E.

802.1X

Buy Now
Questions 243

In order to save on expenses Company A and Company B agree to host each other's compute and storage disaster recovery sites at their primary data centers The two data centers are about a mile apart, and they each have their own power source When necessary, one company will escort the other company to its data center. Which of the following is the greatest risk with this arrangement?

Options:

A.

The data center sites are not geographically dispersed

B.

A redundant power source for disaster recovery is lacking

C.

The physical security resources are shared

D.

In an emergency, escorted access may not be timely enough.

Buy Now
Questions 244

A security analyst is investigating a SIEM event concerning invalid log-ins The system logs that match the time frame of the event show the following:

SY0-601 Question 244

Which of the following best describes this type of attack?

Options:

A.

Rainbow table

B.

Spraying

C.

Dictionary

D.

Keylogger

Buy Now
Questions 245

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

Options:

A.

Service accounts

B.

Account audits

C.

Password complexity

D.

Lockout policy

Buy Now
Questions 246

A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might connect to the network and perform illicit activities. Which of the following should the security team implement to address this concern?

Options:

A.

Configure a RADIUS server to manage device authentication.

B.

Use 802.1 X on all devices connecting to wireless.

C.

Add a guest captive portal requiring visitors to accept terms and conditions.

D.

Allow for new devices to be connected via WPS.

Buy Now
Questions 247

Which of the following risks can be mitigated by HTTP headers?

Options:

A.

SQLi

B.

xss

C.

DoS

D.

SSL

Buy Now
Questions 248

An external vendor recently visited a company's headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Options:

A.

Government

B.

Public

C.

Proprietary

D.

Critical

Buy Now
Questions 249

An analyst observed an unexpected high number of DE authentication on requests being sent from an unidentified device on the network. Which of the following attacks was most likely executed in this scenario?

Options:

A.

Jamming

B.

Blue jacking

C.

Rogue access point

D.

Disassociation

Buy Now
Questions 250

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

Options:

A.

Replay attack

B.

Memory leak

C.

Buffer overflow attack

D.

On-path attack

Buy Now
Questions 251

A network analyst is performing a signal strength check to ensure the company's guest wireless network adequately covers the lobby where customers usually arrive. The analyst discovers that at the far end of the lobby a second guest network is broadcasting at full strength while the original network strength is quite weak Which of the following is most likely happening?

Options:

A.

Evil twin attack

B.

Wireless jamming

C.

ARP poisoning

D.

IP spoofing

Buy Now
Questions 252

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

Options:

A.

SCEP

B.

OCSP

C.

CSR

D.

CRL

Buy Now
Questions 253

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Buy Now
Questions 254

A company would like to enhance the authentication technologies being used by remote employees. Which of the following should the company most likely choose?

Options:

A.

Token key

B.

Iris scan

C.

Gait analysis

D.

Voice recognition

Buy Now
Questions 255

An organization's internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

Options:

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Buy Now
Questions 256

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule. Which of the following best describes this form of security control?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Buy Now
Questions 257

A company is working with a vendor to perform a penetration test. Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Buy Now
Questions 258

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13) : /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

Options:

A.

Pass-the-hash monitor

B.

File integrity monitor

C.

Forensic analysis

D.

Password cracker

Buy Now
Questions 259

A security administrator checks the security logs of a Linux server and sees a lot of the following lines:

SY0-601 Question 259

Which of the following is most likely being attempted?

Options:

A.

SQL injection attack

B.

Rainbow table attack

C.

Rootkit attack

D.

Brute-force attack

Buy Now
Questions 260

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Buy Now
Questions 261

A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

Options:

A.

Cold

B.

Tertiary

C.

Warm

D.

Hot

Buy Now
Questions 262

An administrator reviewed the log files after a recent ransomware attack on a company's system and discovered vulnerabilities that resulted in the loss of a database server. The administrator applied a patch to the server to resolve the CVE score. Which of the following controls did the administrator use?

Options:

A.

Corrective

B.

Deterrent

C.

Compensating

D.

Directive

Buy Now
Questions 263

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.

DLP

B.

VPC

C.

CASB

D.

Content filtering

Buy Now
Questions 264

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?

Options:

A.

Smart card

B.

PIN code

C.

Knowledge-based question

D.

Secret key

Buy Now
Questions 265

Which of the following scenarios best describes a risk reduction technique?

Options:

A.

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches

B.

A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred

D.

A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

Buy Now
Questions 266

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.

Facial recognition

B.

Six-digit PIN

C.

PKI certificate

D.

Smart card

Buy Now
Questions 267

Which of the following is an example of risk avoidance?

Options:

A.

Installing security updates directly in production to expedite vulnerability fixes

B.

Buying insurance to prepare for financial loss associated with exploits

C.

Not installing new software to prevent compatibility errors

D.

Not taking preventive measures to stop the theft of equipment

Buy Now
Questions 268

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10 50 10.25

Which of the following firewall ACLs will accomplish this goal?

Options:

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port S3

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port S3

B.

Access list outbound permit 0.0.0.0/0 10.50.10.2S/32 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port S3

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port S3

Buy Now
Questions 269

A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

Options:

A.

Logic bomb

B.

Brute-force

C.

Buffer overflow

D.

DDoS

Buy Now
Questions 270

The concept of connecting a user account across the systems of multiple enterprises is best known as:

Options:

A.

federation

B.

a remote access policy.

C.

multifactor authentication

D.

single sign-on.

Buy Now
Questions 271

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Buy Now
Questions 272

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

Options:

A.

Laptops

B.

Containers

C.

Thin clients

D.

Workstations

Buy Now
Questions 273

Which of the following examples would be best mitigated by input sanitization?

Options:

A.

B.

nmap -p- 10.11.1.130

C.

Email message: "Click this link to get your free gift card."

D.

Browser message: "Your connection is not private

Buy Now
Questions 274

Which of the following security controls s sed to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of

possible attacks?

Options:

A.

Faraday cages

B.

Air gap

C.

Vaulting

D.

Proximity readers

Buy Now
Questions 275

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?

Options:

A.

Network diagram

B.

WPS

C.

802.1X

D.

Heat map

Buy Now
Questions 276

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

Options:

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Buy Now
Questions 277

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following lost describes the type of assessment taking place?

Options:

A.

Input validation

B.

Dynamic code analysis

C.

Fuzzing

D.

Manual code review

Buy Now
Questions 278

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Data subject access request process

C.

Role as controller and processor

D.

Physical location of the company

Buy Now
Questions 279

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

Options:

A.

The S'MIME plug-m is not enabled.

B.

The SSL certificate has expired.

C.

Secure I MAP was not implemented.

D.

P0P3S is not supported.

Buy Now
Questions 280

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to coiled network traffic between workstations throughout the network The analysts review the following logs:

SY0-601 Question 280

The Layer 2 address table has hundreds of entries similar to the ones above Which of the following attacks has most likely occurred?

Options:

A.

SQL injection

B.

DNS spoofing

C.

MAC flooding

D.

ARP poisoning

Buy Now
Questions 281

After reviewing the following vulnerability scanning report:

server:192.168.14.6

Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test

nmap -p 23 192.1€8.14. € --script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability7?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist

Buy Now
Questions 282

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Select two).

Options:

A.

Warm site

B.

Generator

C.

Hot site

D.

Cold site

E.

Cloud backups

F.

UPS

Buy Now
Questions 283

Adding a value to the end of a password to create a different password hash is called:

Options:

A.

salting.

B.

key stretching.

C.

steganography.

D.

MD5 checksum.

Buy Now
Questions 284

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 285

A software company adopted the following processes before releasing software to production

• Peer review

• Static code scanning

• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

Options:

A.

File integrity monitoring for the source code

B.

Dynamic code analysis tool

C.

Encrypted code repository

D.

Endpoint detection and response solution

Buy Now
Questions 286

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system The analyst runs a forensics tool to gather file metadata Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GSS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Buy Now
Questions 287

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

Options:

A.

Data custodian

B.

Data controller

C.

Data protection officer

D.

Data processor

Buy Now
Questions 288

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code

D.

Submit the application to OA before releasing it.

Buy Now
Questions 289

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 290

A security analyst it investigating an incident to determine what an attacker was able to do on a compromised Laptop. The analyst reviews the following SIEM log:

SY0-601 Question 290

Which of the following describes the method that was used to compromise the laptop?

Options:

A.

An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach

B.

An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

Buy Now
Questions 291

Which of the following is a hardware-specific vulnerability?

Options:

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Buy Now
Questions 292

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

Options:

A.

Input validation

B.

Obfuscation

C.

Error handling

D.

Username lockout

Buy Now
Questions 293

A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

  • Site risk assessment

  • Environmental impact report

  • Disaster recovery plan

Options:

A.

Physical risk register

Buy Now
Questions 294

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Options:

A.

Implementing a bastion host

B.

Deploying a perimeter network

C.

Installing a WAF

D.

Utilizing single sign-on

Buy Now
Questions 295

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646953 &amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

Options:

A.

SQLi

B.

CSRF

C.

Spear phishing

D.

API

Buy Now
Questions 296

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Buy Now
Questions 297

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?

Options:

A.

Memory dumps

B.

The syslog server

C.

The application logs

D.

The log retention policy

Buy Now
Questions 298

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE).

Options:

A.

SFTP, FTPS

B.

SNMPv2, SNMPv3

C.

HTTP, HTTPS

D.

TFTP, FTP

E.

SNMPW1, SNMPv2

F.

Telnet, SSH

G.

TLS, SSL

Buy Now
Questions 299

Which of the following test describes the risk that is present once mitigations are applied?

Options:

A.

Control risk

B.

Residual risk

C.

Inherent risk

D.

Risk awareness

Buy Now
Questions 300

A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network?

Options:

A.

On-path

B.

Evil twin

C.

Jamming

D.

Rogue access point

E.

Disassociation

Buy Now
Questions 301

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Buy Now
Questions 302

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Buy Now
Questions 303

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Options:

A.

Remove expensive systems that generate few alerts.

B.

Modify the systems to alert only on critical issues.

C.

Utilize a SIEM to centralize logs and dashboards.

D.

Implement a new syslog/NetFlow appliance.

Buy Now
Questions 304

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following BEST describes this attack?

Options:

A.

On-path

B.

Domain hijacking

C.

DNS poisoning

D.

Evil twin

Buy Now
Questions 305

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Buy Now
Questions 306

A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Buy Now
Questions 307

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

Options:

A.

Proxy server

B.

NGFW

C.

WAF

D.

Jump server

Buy Now
Questions 308

Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?

Options:

A.

Faraday cages

B.

Air gap

C.

Vaulting

D.

Proximity readers

Buy Now
Questions 309

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.

Trusted Platform Module

B.

laaS

C.

HSMaas

D.

PaaS

Buy Now
Questions 310

A threat actor used a sophisticated attack to breach a well-known ride-sharing. company. The threat actor posted on social media that this action was in response to the company's treatment of its drivers Which of the following best describes tm type of throat actor?

Options:

A.

Nation-slate

B.

Hacktivist

C.

Organized crime

D.

Shadow IT

Buy Now
Questions 311

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

Options:

A.

A brute-force attack was used against the time-keeping website to scan for common passwords.

B.

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

C.

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

D.

ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.

Buy Now
Questions 312

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Options:

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Off boarding

Buy Now
Questions 313

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

SY0-601 Question 313

Which of the following was most likely observed?

Options:

A.

DLL injection

B.

Session replay

C.

SQLi

D.

xss

Buy Now
Questions 314

The primary goal of the threat-hunting team at a large company is to identify cyberthreats that the SOC has not detected. Which of the following types of data would the threat-hunting team primarily use to identify systems that are exploitable?

Options:

A.

Vulnerability scan

B.

Packet capture

C.

Threat feed

D.

User behavior

Buy Now
Questions 315

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?

Options:

A.

Revoke the code signing certificate used by both programs.

B.

Block all unapproved file hashes from installation.

C.

Add the accounting application file hash to the allowed list.

D.

Update the code signing certificate for the approved application.

Buy Now
Questions 316

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 317

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 318

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2023
Last Update: Dec 18, 2024
Questions: 1063

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now SY0-601 testing engine

PDF (Q&A)

$36.75  $104.99
buy now SY0-601 pdf