Comptia Testkings Sy0-601 PDF Download 2023-May-16 by Christopher 664q Vce
Comptia Testkings Sy0-601 PDF Download 2023-May-16 by Christopher 664q Vce
CompTIA
Exam Questions SY0-601
CompTIA Security+ Exam
NEW QUESTION 1
A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the
following controls will the analyst MOST likely recommend?
A. MAC
B. ACL
C. BPDU
D. ARP
Answer: A
NEW QUESTION 2
Which of the following describes the BEST approach for deploying application patches?
A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment, andthen apply them to the production systems
C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment
D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment
Answer: A
NEW QUESTION 3
A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which
of the following would be the BEST method to increase the security on the Linux server?
Answer: C
NEW QUESTION 4
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other
paid subscribers, the organization is MOST likely obligated by contracts to:
Answer: B
NEW QUESTION 5
Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select
TWO.)
A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software
Answer: AD
NEW QUESTION 6
A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?
A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary
Answer: C
NEW QUESTION 7
Which of the following relets to applications and systems that are used within an organization without consent or approval?
A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats
Answer: A
NEW QUESTION 8
Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?
Answer: C
NEW QUESTION 9
After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the
company MOST likely review to trace this transaction?
Answer: A
NEW QUESTION 10
A malicious actor recently penetration a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the
memory on the compromised server. Which of the following files should be given to the forensics firm?
A. Security
B. Application
C. Dump
D. Syslog
Answer: C
NEW QUESTION 10
A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user
provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more
staff members. Which of the following should the administrator implement?
A. DAC
B. ABAC
C. SCAP
D. SOAR
Answer: D
NEW QUESTION 11
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business
customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls
should be used to reduce the risk created by this scenario?
A. Physical
B. Detective
C. Preventive
D. Compensating
Answer: D
NEW QUESTION 12
A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be
handle with extreme care From which of the following did the alert MOST likely originate?
A. S/MIME
B. DLP
C. IMAP
D. HIDS
Answer: B
NEW QUESTION 17
A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a
change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
Answer: D
NEW QUESTION 19
Which of the following BEST explains the difference between a data owner and a data custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance
regarding the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data
Answer: B
NEW QUESTION 22
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires
that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:
A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force
Answer: D
NEW QUESTION 25
A symmetric encryption algorithm Is BEST suited for:
A. key-exchange scalability.
B. protecting large amounts of data.
C. providing hashing capabilities,
D. implementing non-repudiation.
Answer: D
NEW QUESTION 28
A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed
on the recent so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least
amount of overhead?
A. WPA-EAP
B. WEP-TKIP
C. WPA-PSK
D. WPS-PIN
Answer: A
NEW QUESTION 32
A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence
sources should to security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
Answer: D
NEW QUESTION 36
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is
breached. Which of the blowing would BEST address this security concern?
Answer: D
NEW QUESTION 39
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires
compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?
A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF
Answer: A
NEW QUESTION 43
To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials. Which of the following will BEST ensure the site’s
users are not compromised after the reset?
Answer: C
NEW QUESTION 45
Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the
network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to
protect the environment from this malware?
Answer: C
NEW QUESTION 46
A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following
would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
Answer: D
NEW QUESTION 51
A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner. Which of the following
access control schemes BEST fits the requirements?
Answer: B
NEW QUESTION 54
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to
the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following
should the engineer do to determine the issue? (Choose two.)
Answer: AC
NEW QUESTION 59
A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities. Which of the
following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
Answer: D
NEW QUESTION 63
A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but
then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?
A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing
Answer: D
NEW QUESTION 67
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective?
(Choose two.)
Answer: AB
NEW QUESTION 68
Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential
attackers?
A. Red team
B. While team
C. Blue team
D. Purple team
Answer: A
NEW QUESTION 73
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from
several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device
approach?
A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls.
B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to
adversaries.
C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
Answer: C
NEW QUESTION 77
In which of the following situations would it be BEST to use a detective control type for mitigation?
A. A company implemented a network load balancer to ensure 99.999% availability of its web application.
B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.
C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.
D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.
E. A company purchased liability insurance for flood protection on all capital assets.
Answer: D
NEW QUESTION 79
A security engineer needs to Implement the following requirements:
• All Layer 2 switches should leverage Active Directory tor authentication.
• All Layer 2 switches should use local fallback authentication If Active Directory Is offline.
• All Layer 2 switches are not the same and are manufactured by several vendors.
Which of the following actions should the engineer take to meet these requirements? (Select TWO).
A. Implement RADIUS.
B. Configure AAA on the switch with local login as secondary.
C. Configure port security on the switch with the secondary login method.
D. Implement TACACS+
E. Enable the local firewall on the Active Directory server.
F. Implement a DHCP server.
Answer: AB
NEW QUESTION 83
An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization
performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the
analyst to meet the business requirements?
A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly
B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.
C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly.
D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.
Answer: A
NEW QUESTION 86
An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness.
Which of the following will the CSO MOST likely use?
Answer: C
NEW QUESTION 91
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of
the following is the analyst doing?
A. A packet capture
B. A user behavior analysis
C. Threat hunting
D. Credentialed vulnerability scanning
Answer: C
NEW QUESTION 95
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via
SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:
Which of the following network attacks is the researcher MOST likely experiencing?
A. MAC cloning
B. Evil twin
C. Man-in-the-middle
D. ARP poisoning
Answer: C
NEW QUESTION 99
Which of the following algorithms has the SMALLEST key size?
A. DES
B. Twofish
C. RSA
D. AES
Answer: B
A. SED
B. HSM
C. DLP
D. TPM
Answer: A
A. validate the vulnerability exists in the organization's network through penetration testing
B. research the appropriate mitigation techniques in a vulnerability database
C. find the software patches that are required to mitigate a vulnerability
D. prioritize remediation of vulnerabilities based on the possible impact.
Answer: D
Answer: C
A. CASB
B. SWG
C. Containerization
D. Automated failover
Answer: C
A. Disallow new hires from using mobile devices for six months
B. Select four devices for the sales department to use in a CYOD model
C. Implement BYOD for the sates department while leveraging the MDM
Answer: C
A. Spear phishing
B. Whaling
C. Phishing
D. Vishing
Answer: C
Answer: C
A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat
Answer: B
A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum
Answer: A
A. data controller.
B. data owner
C. data custodian.
D. data processor
Answer: D
A. Load balancing
B. Incremental backups
C. UPS
D. RAID
E. Dual power supply
F. NIC teaming
Answer: AD
ineffective. Which of the following would BEST detect the presence of a rootkit in the future?
A. FDE
B. NIDS
C. EDR
D. DLP
Answer: C
Which of the following BEST describes the type of attack the analyst is experience?
A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
Answer: B
A. Multifactor authentication
B. Something you can do
C. Biometric
D. Two-factor authentication
Answer: D
Answer: A
Answer: C
A. Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag
B. Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy
C. Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches
D. Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy
evidence
Answer: D
A. iPSec
B. Always On
C. Split tunneling
D. L2TP
Answer: B
A. DLP
B. HIDS
C. EDR
D. NIPS
Answer: C
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Answer: B
A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery
Answer: B
A. SOAR playbook
B. Security control matrix
C. Risk management framework
D. Benchmarks
Answer: D
A. Identification
B. Preparation
C. Eradiction
D. Recovery
E. Containment
Answer: E
A. Obfuscation
B. Integrity
C. Non-repudiation
D. Blockchain
Answer: A
Answer: BD
Answer: A
Answer: D
A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization
Answer: B
A.
Answer: A
Explanation:
See explanation below.
Explanation
Firewall 1:
Firewall 3:
Answer: B
A. SSO would simplify username and password management, making it easier for hackers to pass guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of system if the provider goes offline.
Answer: D
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat
Answer: D
A. Acceptance
B. Mitigation
C. Avoidance
D. Transference
Answer: D
A. SIEM
B. DLP
C. CASB
D. SWG
Answer: C
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Answer: B
A. Phishing
B. Whaling
C. Typo squatting
D. Pharming
Answer: B
Answer: A
A. RA1D 0
B. RAID1
C. RAID 5
D. RAID 10
Answer: C
A. Predictability
B. Key stretching
C. Salting
D. Hashing
Answer: C
A. Physical
B. Detective
C. Corrective
D. Technical
Answer: A
Answer: A
A. MTBF
B. RPO
C. RTO
D. MTTR
Answer: C
A. Incident response
B. Communications
C. Disaster recovery
D. Data retention
Answer: C
A. OWASP
B. Vulnerability scan results
C. NIST CSF
D. Third-party libraries
Answer: A
Answer: C
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should
the administrator configure?
A. A captive portal
B. PSK
C. 802.1X
D. WPS
Answer: C
Answer: B
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis
B. Restrict administrative privileges and patch ail systems and applications.
C. Rebuild all workstations and install new antivirus software
D. Implement application whitelisting and perform user application hardening
Answer: A
Answer: B
A. Screen locks
B. Application management
C. Geofencing
D. Containerization
Answer: D
A. The end user purchased and installed a PUP from a web browser
B. A bot on the computer is brute forcing passwords against a website
C. A hacker is attempting to exfiltrate sensitive data
D. Ransomware is communicating with a command-and-control server.
Answer: A
About Exambible
Found in 1998
Exambible is a company specialized on providing high quality IT exam practice study materials, especially Cisco CCNA, CCDA,
CCNP, CCIE, Checkpoint CCSE, CompTIA A+, Network+ certification practice exams and so on. We guarantee that the
candidates will not only pass any IT exam at the first attempt but also get profound understanding about the certificates they have
got. There are so many alike companies in this industry, however, Exambible has its unique advantages that other companies could
not achieve.
Our Advances
* 99.9% Uptime
All examinations will be up to date.
* 24/7 Quality Support
We will provide service round the clock.
* 100% Pass Rate
Our guarantee that you will pass the exam.
* Unique Gurantee
If you do not pass the exam at the first time, we will not only arrange FULL REFUND for you, but also provide you another
exam of your claim, ABSOLUTELY FREE!
NEW QUESTION 1
A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the
following controls will the analyst MOST likely recommend?
A. MAC
B. ACL
C. BPDU
D. ARP
Answer: A
NEW QUESTION 2
Which of the following describes the BEST approach for deploying application patches?
A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment, andthen apply them to the production systems
C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment
D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment
Answer: A
NEW QUESTION 3
A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which
of the following would be the BEST method to increase the security on the Linux server?
Answer: C
NEW QUESTION 4
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other
paid subscribers, the organization is MOST likely obligated by contracts to:
Answer: B
NEW QUESTION 5
Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select
TWO.)
A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software
Answer: AD
NEW QUESTION 6
A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?
A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary
Answer: C
NEW QUESTION 7
Which of the following relets to applications and systems that are used within an organization without consent or approval?
A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats
Answer: A
NEW QUESTION 8
Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?
Answer: C
NEW QUESTION 9
After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the
company MOST likely review to trace this transaction?
Answer: A
NEW QUESTION 10
A malicious actor recently penetration a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the
memory on the compromised server. Which of the following files should be given to the forensics firm?
A. Security
B. Application
C. Dump
D. Syslog
Answer: C
NEW QUESTION 10
A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user
provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more
staff members. Which of the following should the administrator implement?
A. DAC
B. ABAC
C. SCAP
D. SOAR
Answer: D
NEW QUESTION 11
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business
customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls
should be used to reduce the risk created by this scenario?
A. Physical
B. Detective
C. Preventive
D. Compensating
Answer: D
NEW QUESTION 12
A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be
handle with extreme care From which of the following did the alert MOST likely originate?
A. S/MIME
B. DLP
C. IMAP
D. HIDS
Answer: B
NEW QUESTION 17
A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a
change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
Answer: D
NEW QUESTION 19
Which of the following BEST explains the difference between a data owner and a data custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance
regarding the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data
Answer: B
NEW QUESTION 22
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires
that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:
A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force
Answer: D
NEW QUESTION 25
A symmetric encryption algorithm Is BEST suited for:
A. key-exchange scalability.
B. protecting large amounts of data.
C. providing hashing capabilities,
D. implementing non-repudiation.
Answer: D
NEW QUESTION 28
A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed
on the recent so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least
amount of overhead?
A. WPA-EAP
B. WEP-TKIP
C. WPA-PSK
D. WPS-PIN
Answer: A
NEW QUESTION 32
A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence
sources should to security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
Answer: D
NEW QUESTION 36
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is
breached. Which of the blowing would BEST address this security concern?
Answer: D
NEW QUESTION 39
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires
compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?
A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF
Answer: A
NEW QUESTION 43
To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials. Which of the following will BEST ensure the site’s
users are not compromised after the reset?
Answer: C
NEW QUESTION 45
Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the
network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to
protect the environment from this malware?
Answer: C
NEW QUESTION 46
A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following
would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
Answer: D
NEW QUESTION 51
A system administrator needs to implement an access control scheme that will allow an object’s access policy be determined by its owner. Which of the following
access control schemes BEST fits the requirements?
Answer: B
NEW QUESTION 54
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to
the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following
should the engineer do to determine the issue? (Choose two.)
Answer: AC
NEW QUESTION 59
A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities. Which of the
following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
Answer: D
NEW QUESTION 63
A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but
then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?
A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing
Answer: D
NEW QUESTION 67
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective?
(Choose two.)
Answer: AB
NEW QUESTION 68
Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential
attackers?
A. Red team
B. While team
C. Blue team
D. Purple team
Answer: A
NEW QUESTION 73
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from
several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device
approach?
A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls.
B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to
adversaries.
C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
Answer: C
NEW QUESTION 77
In which of the following situations would it be BEST to use a detective control type for mitigation?
A. A company implemented a network load balancer to ensure 99.999% availability of its web application.
B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.
C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.
D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.
E. A company purchased liability insurance for flood protection on all capital assets.
Answer: D
NEW QUESTION 79
A security engineer needs to Implement the following requirements:
• All Layer 2 switches should leverage Active Directory tor authentication.
• All Layer 2 switches should use local fallback authentication If Active Directory Is offline.
• All Layer 2 switches are not the same and are manufactured by several vendors.
Which of the following actions should the engineer take to meet these requirements? (Select TWO).
A. Implement RADIUS.
B. Configure AAA on the switch with local login as secondary.
C. Configure port security on the switch with the secondary login method.
D. Implement TACACS+
E. Enable the local firewall on the Active Directory server.
F. Implement a DHCP server.
Answer: AB
NEW QUESTION 83
An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization
performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the
analyst to meet the business requirements?
A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly
B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.
C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly.
D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.
Answer: A
NEW QUESTION 86
An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness.
Which of the following will the CSO MOST likely use?
Answer: C
NEW QUESTION 91
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of
the following is the analyst doing?
A. A packet capture
B. A user behavior analysis
C. Threat hunting
D. Credentialed vulnerability scanning
Answer: C
NEW QUESTION 95
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via
SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:
Which of the following network attacks is the researcher MOST likely experiencing?
A. MAC cloning
B. Evil twin
C. Man-in-the-middle
D. ARP poisoning
Answer: C
NEW QUESTION 99
Which of the following algorithms has the SMALLEST key size?
A. DES
B. Twofish
C. RSA
D. AES
Answer: B
A. SED
B. HSM
C. DLP
D. TPM
Answer: A
A. validate the vulnerability exists in the organization's network through penetration testing
B. research the appropriate mitigation techniques in a vulnerability database
C. find the software patches that are required to mitigate a vulnerability
D. prioritize remediation of vulnerabilities based on the possible impact.
Answer: D
Answer: C
A. CASB
B. SWG
C. Containerization
D. Automated failover
Answer: C
A. Disallow new hires from using mobile devices for six months
B. Select four devices for the sales department to use in a CYOD model
C. Implement BYOD for the sates department while leveraging the MDM
Answer: C
A. Spear phishing
B. Whaling
C. Phishing
D. Vishing
Answer: C
Answer: C
A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat
Answer: B
A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum
Answer: A
A. data controller.
B. data owner
C. data custodian.
D. data processor
Answer: D
A. Load balancing
B. Incremental backups
C. UPS
D. RAID
E. Dual power supply
F. NIC teaming
Answer: AD
ineffective. Which of the following would BEST detect the presence of a rootkit in the future?
A. FDE
B. NIDS
C. EDR
D. DLP
Answer: C
Which of the following BEST describes the type of attack the analyst is experience?
A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
Answer: B
A. Multifactor authentication
B. Something you can do
C. Biometric
D. Two-factor authentication
Answer: D
Answer: A
Answer: C
A. Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag
B. Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy
C. Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches
D. Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy
evidence
Answer: D
A. iPSec
B. Always On
C. Split tunneling
D. L2TP
Answer: B
A. DLP
B. HIDS
C. EDR
D. NIPS
Answer: C
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Answer: B
A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery
Answer: B
A. SOAR playbook
B. Security control matrix
C. Risk management framework
D. Benchmarks
Answer: D
A. Identification
B. Preparation
C. Eradiction
D. Recovery
E. Containment
Answer: E
A. Obfuscation
B. Integrity
C. Non-repudiation
D. Blockchain
Answer: A
Answer: BD
Answer: A
Answer: D
A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization
Answer: B
A.
Answer: A
Explanation:
See explanation below.
Explanation
Firewall 1:
Firewall 3:
Answer: B
A. SSO would simplify username and password management, making it easier for hackers to pass guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of system if the provider goes offline.
Answer: D
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat
Answer: D
A. Acceptance
B. Mitigation
C. Avoidance
D. Transference
Answer: D
A. SIEM
B. DLP
C. CASB
D. SWG
Answer: C
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Answer: B
A. Phishing
B. Whaling
C. Typo squatting
D. Pharming
Answer: B
Answer: A
A. RA1D 0
B. RAID1
C. RAID 5
D. RAID 10
Answer: C
A. Predictability
B. Key stretching
C. Salting
D. Hashing
Answer: C
A. Physical
B. Detective
C. Corrective
D. Technical
Answer: A
Answer: A
A. MTBF
B. RPO
C. RTO
D. MTTR
Answer: C
A. Incident response
B. Communications
C. Disaster recovery
D. Data retention
Answer: C
A. OWASP
B. Vulnerability scan results
C. NIST CSF
D. Third-party libraries
Answer: A
Answer: C
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should
the administrator configure?
A. A captive portal
B. PSK
C. 802.1X
D. WPS
Answer: C
Answer: B
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis
B. Restrict administrative privileges and patch ail systems and applications.
C. Rebuild all workstations and install new antivirus software
D. Implement application whitelisting and perform user application hardening
Answer: A
Answer: B
A. Screen locks
B. Application management
C. Geofencing
D. Containerization
Answer: D
A. The end user purchased and installed a PUP from a web browser
B. A bot on the computer is brute forcing passwords against a website
C. A hacker is attempting to exfiltrate sensitive data
D. Ransomware is communicating with a command-and-control server.
Answer: A
Relate Links
https://www.exambible.com/SY0-601-exam/
Contact us
We are proud of our high-quality customer service, which serves you around the clock 24/7.
Viste - https://www.exambible.com/