Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: takeit60

SY0-601 CompTIA Security+ Exam 2021 Questions and Answers

Questions 4

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

Which of the following was most likely observed?

Options:

A.

DLL injection

B.

Session replay

C.

SQLi

D.

xss

Buy Now
Questions 5

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?

Options:

A.

A bol

B.

A fileless virus

C.

A logic bomb

D.

A RAT

Buy Now
Questions 6

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Buy Now
Questions 7

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

Options:

A.

Configuring signature-based antivirus to update every 30 minutes

B.

Enforcing S/MIME for email and automatically encrypting USB drives upon assertion

C.

Implementing application execution in a sandbox for unknown software

D.

Fuzzing new files for vulnerabilities if they are not digitally signed

Buy Now
Questions 8

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?

Options:

A.

Smart card

B.

PIN code

C.

Knowledge-based question

D.

Secret key

Buy Now
Questions 9

Server administrators want to configure a cloud solution so that computing memory and processor usage are maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

Options:

A.

Dynamic resource allocation

B.

High availability

C.

Segmentation

D.

Container security

Buy Now
Questions 10

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost

constant. Which of the following would best help prevent the malware from being installed on the computers?

Options:

A.

AUP

B.

NGFW

C.

DLP

D.

EDR

Buy Now
Questions 11

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Options:

A.

Using geographic diversity lo have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher bandwidth connections to meet the increased demand

D.

Configuring OoS properly on the VPN accelerators

Buy Now
Questions 12

When implementing automation with loT devices, which of the following should be considered first to keep the network secure?

Options:

A.

Z-Wave compatibility

B.

Network range

C.

Zigbee configuration

D.

Communication protocols

Buy Now
Questions 13

A security administrator received an alert for a user account with the following log activity:

Which of the following best describes the trigger for the alert the administrator received?

Options:

A.

Number of failed log-in attempts

B.

Geolocation

C.

Impossible travel time

D.

Time-based log-in attempt

Buy Now
Questions 14

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities?

Options:

A.

Segmentation

B.

Firewall allow list

C.

Containment

D.

Isolation

Buy Now
Questions 15

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

Options:

A.

Transit gateway

B.

Cloud hot site

C.

Edge computing

D.

DNS sinkhole

Buy Now
Questions 16

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

Options:

A.

An air gap

B.

A cold aisle

C.

Removable doors

D.

A hot aisle

E.

An loT thermostat

F.

A humidity monitor

Buy Now
Questions 17

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 18

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Buy Now
Questions 19

A security engineer must deploy two wireless routers in an office suite Other tenants in the office building should not be able to connect to this wireless network Which of the following protocols should the engineer implement to ensure the strongest encryption?

Options:

A.

WPS

B.

WPA2

C.

WAP

D.

HTTPS

Buy Now
Questions 20

Which of the following scenarios best describes a risk reduction technique?

Options:

A.

A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches

B.

A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred

D.

A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

Buy Now
Questions 21

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Buy Now
Questions 22

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Buy Now
Questions 23

A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com . All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

Options:

A.

head -500 www. compt ia.com | grep /logfiles/messages

B.

cat /logfiles/messages I tail -500 www.comptia.com

C.

tail -500 /logfiles/messages I grep www.cornptia.com

D.

grep -500 /logfiles/messages I cat www.comptia.cctn

Buy Now
Questions 24

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Options:

A.

Fog computing

B.

VM escape

C.

Software-defined networking

D.

Image forgery

E.

Container breakout

Buy Now
Questions 25

Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Buy Now
Questions 26

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646953 &amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

Options:

A.

SQLi

B.

CSRF

C.

Spear phishing

D.

API

Buy Now
Questions 27

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Options:

A.

A reverse proxy

B.

A decryption certificate

C.

A spill-tunnel VPN

D.

Load-balanced servers

Buy Now
Questions 28

A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

Options:

A.

Forward proxy

B.

HIDS

C.

Awareness training

D.

A jump server

E.

IPS

Buy Now
Questions 29

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 30

A threat actor used a sophisticated attack to breach a well-known ride-sharing. company. The threat actor posted on social media that this action was in response to the company's treatment of its drivers Which of the following best describes tm type of throat actor?

Options:

A.

Nation-slate

B.

Hacktivist

C.

Organized crime

D.

Shadow IT

Buy Now
Questions 31

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Options:

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Buy Now
Questions 32

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.

Facial recognition

B.

Six-digit PIN

C.

PKI certificate

D.

Smart card

Buy Now
Questions 33

Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions. Which of the following solutions is the company Implementing?

Options:

A.

Privileged access management

B.

SSO

C.

RADIUS

D.

Attribute-based access control

Buy Now
Questions 34

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

MOU

Buy Now
Questions 35

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.

Trusted Platform Module

B.

laaS

C.

HSMaas

D.

PaaS

Buy Now
Questions 36

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Buy Now
Questions 37

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 38

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.

Cross-site scripting

B.

SOL injection

C.

DNS poisoning

D.

Certificate forgery

Buy Now
Questions 39

Which of the following test helps to demonstrate integrity during a forensics investigation?

Options:

A.

Event logs

B.

Encryption

C.

Hashing

D.

Snapshots

Buy Now
Questions 40

Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to coiled network traffic between workstations throughout the network The analysts review the following logs:

The Layer 2 address table has hundreds of entries similar to the ones above Which of the following attacks has most likely occurred?

Options:

A.

SQL injection

B.

DNS spoofing

C.

MAC flooding

D.

ARP poisoning

Buy Now
Questions 41

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works best until a proper fix is released?

Options:

A.

Detective

B.

Compensating

C.

Deterrent

D.

Corrective

Buy Now
Questions 42

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding credit card statement with unusual purchases. Which of the following attacks took place?

Options:

A.

On-path attack

B.

Protocol poisoning

C.

Domain hijacking

D.

Bluejacking

Buy Now
Questions 43

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

Options:

A.

Account audits

B.

AUP

C.

Password reuse

D.

SSO

Buy Now
Questions 44

A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

Options:

A.

Hacktivists

B.

White-hat hackers

C.

Script kiddies

D.

Insider threats

Buy Now
Questions 45

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Buy Now
Questions 46

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker most likely attempting?

Options:

A.

A spear-phishing attach

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Buy Now
Questions 47

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

Which of the following is MOST likely occurring?

Options:

A.

Invalid trust chain

B.

Domain hijacking

C.

DNS poisoning

D.

URL redirection

Buy Now
Questions 48

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?

Options:

A.

A laaS

B.

PaaS

C.

XaaS

D.

SaaS

Buy Now
Questions 49

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Buy Now
Questions 50

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site 's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

Options:

A.

DoS attack

B.

ARP poisoning

C.

DNS spoofing

D.

NXDOMAIN attack

Buy Now
Questions 51

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Options:

A.

Incremental backups followed by differential backups

B.

Full backups followed by incremental backups

C.

Delta backups followed by differential backups

D.

Incremental backups followed by delta backups

E.

Full backup followed by different backups

Buy Now
Questions 52

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.

laC

B.

MSSP

C.

Containers

D.

SaaS

Buy Now
Questions 53

Which of the following conditions impacts data sovereignty?

Options:

A.

Rights management

B.

Criminal investigations

C.

Healthcare data

D.

International operations

Buy Now
Questions 54

Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

Options:

A.

Risk matrix

B.

Risk tolerance

C.

Risk register

D.

Risk appetite

Buy Now
Questions 55

Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

Options:

A.

File integrity monitoring

B.

Honeynets

C.

Tcpreplay

D.

Data loss prevention

Buy Now
Questions 56

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

•Must be able to differentiate between users connected to WiFi

•The encryption keys need to change routinely without interrupting the users or forcing reauthentication

•Must be able to integrate with RADIUS

•Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

Options:

A.

WPA2-Enterprise

B.

WPA3-PSK

C.

802.11n

D.

WPS

Buy Now
Questions 57

Which of the following incident response steps occurs before containment?

Options:

A.

Eradication

B.

Recovery

C.

Lessons learned

D.

Identification

Buy Now
Questions 58

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.

Memory, temporary filesystems. routing tables, disk, network storage

B.

Cache, memory, temporary filesystems. disk, archival media

C.

Memory, disk, temporary filesystems. cache, archival media

D.

Cache, disk, temporary filesystems. network storage, archival media

Buy Now
Questions 59

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

Options:

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Buy Now
Questions 60

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 61

Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

Options:

A.

Development

B.

Staging

C.

Production

D.

Test

Buy Now
Questions 62

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

Options:

A.

The S'MIME plug-m is not enabled.

B.

The SSL certificate has expired.

C.

Secure I MAP was not implemented.

D.

P0P3S is not supported.

Buy Now
Questions 63

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Buy Now
Questions 64

Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

Options:

A.

ISO 27701

B.

The Center for Internet Security

C.

SSAE SOC 2

D.

NIST Risk Management Framework

Buy Now
Questions 65

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

Options:

A.

data controller

B.

data owner.

C.

data custodian.

D.

data processor

Buy Now
Questions 66

After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

Options:

A.

loT sensor

B.

Evil twin

C.

Rogue access point

D.

On-path attack

Buy Now
Questions 67

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Options:

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Buy Now
Questions 68

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

Options:

A.

Establish chain of custody.

B.

Inspect the file metadata.

C.

Reference the data retention policy.

D.

Review the email event logs

Buy Now
Questions 69

A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?

Options:

A.

Containment

B.

Identification

C.

Recovery

D.

Preparation

Buy Now
Questions 70

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

C.

HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

D.

HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00

Buy Now
Questions 71

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

Options:

A.

Authentication protocol

B.

Encryption type

C.

WAP placement

D.

VPN configuration

Buy Now
Questions 72

You received the output of a recent vulnerability assessment.

Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce.

Remediation options may be selected multiple times, and some devices may require more than one remediation.

If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.

Options:

Buy Now
Questions 73

A retail company that is launching @ new website to showcase the company’s product line and other information for online shoppers registered the following URLs:

* www companysite com

* shop companysite com

* about-us companysite com

contact-us. companysite com

secure-logon company site com

Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

Options:

A.

A self-signed certificate

B.

A root certificate

C.

A code-signing certificate

D.

A wildcard certificate

E.

An extended validation certificate

Buy Now
Questions 74

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 75

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

Which of the following should the analyst recommend to disable?

Options:

A.

21/tcp

B.

22/tcp

C.

23/tcp

D.

443/tcp

Buy Now
Questions 76

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

Options:

A.

BYOD

B.

VDI

C.

COPE

D.

CYOD

Buy Now
Questions 77

A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the

company implement to prevent this type of attack from occurring In the future?

Options:

A.

IPsec

B.

SSL/TLS

C.

ONSSEC

D.

SMIME

Buy Now
Questions 78

A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?

Options:

A.

The Cyber Kill Chain

B.

The incident response process

C.

The Diamond Model of Intrusion Analysis

D.

MITRE ATT&CK

Buy Now
Questions 79

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physical move the PC to a separate internet pint of presence

B.

Create and apply micro segmentation rules.

C.

Emulate the malware in a heavily monitored DM Z segment.

D.

Apply network blacklisting rules for the adversary domain

Buy Now
Questions 80

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

Options:

A.

Race condition testing

B.

Proper error handling

C.

Forward web server logs to a SIEM

D.

Input sanitization

Buy Now
Questions 81

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

Options:

A.

A new firewall rule is needed to access the application.

B.

The system was quarantined for missing software updates.

C.

The software was not added to the application whitelist.

D.

The system was isolated from the network due to infected software

Buy Now
Questions 82

A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares Which of the following should the company implement?

Options:

A.

DLP

B.

CASB

C.

HIDS

D.

EDR

E.

UEFI

Buy Now
Questions 83

Which of the following controls would provide the BEST protection against tailgating?

Options:

A.

Access control vestibule

B.

Closed-circuit television

C.

Proximity card reader

D.

Faraday cage

Buy Now
Questions 84

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Options:

A.

Disable unneeded services.

B.

Install the latest security patches.

C.

Run a vulnerability scan.

D.

Encrypt all disks.

Buy Now
Questions 85

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Options:

A.

Birthday collision on the certificate key

B.

DNS hacking to reroute traffic

C.

Brute force to the access point

D.

A SSL/TLS downgrade

Buy Now
Questions 86

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?

Options:

A.

Vishing

B.

Phishing

C.

Spear phishing

D.

Whaling

Buy Now
Questions 87

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

Options:

A.

A biometric scanner

B.

A smart card reader

C.

APKItoken

D.

A PIN pad

Buy Now
Questions 88

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

Which ol the following types of attacks is being attempted and how can it be mitigated?

Options:

A.

XSS. mplement a SIEM

B.

CSRF. implement an IPS

C.

Directory traversal implement a WAF

D.

SQL infection, mplement an IDS

Buy Now
Questions 89

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?

Options:

A.

Phishing

B.

Vishing

C.

Smishing

D.

Spam

Buy Now
Questions 90

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

Options:

A.

privilege escalation

B.

footprinting

C.

persistence

D.

pivoting.

Buy Now
Questions 91

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are

being transmitted and stored more securely?

Options:

A.

Blockchain

B.

Salting

C.

Quantum

D.

Digital signature

Buy Now
Questions 92

Which Of the following security controls can be used to prevent multiple from using a unique card swipe and being admitted to a entrance?

Options:

A.

Visitor logs

B.

Faraday cages

C.

Access control vestibules

D.

Motion detection sensors

Buy Now
Questions 93

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

Options:

A.

NAC

B.

DLP

C.

IDS

D.

MFA

Buy Now
Questions 94

A security analyst reviews web server logs and finds the following string

gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

Options:

A.

Directory traversal

B.

CSRF

C.

Pass the hash

D.

SQL injection

Buy Now
Questions 95

A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time. Which of the following best describes the company's approach?

Options:

A.

Compensating controls

B.

Directive control

C.

Mitigating controls

D.

Physical security controls

Buy Now
Questions 96

A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  • Consistent power levels in case of brownouts or voltage spikes
  • A minimum of 30 minutes runtime following a power outage
  • Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

Options:

A.

Maintaining a standby, gas-powered generator

B.

Using large surge suppressors on computer equipment

C.

Configuring managed PDUs to monitor power levels

D.

Deploying an appropriately sized, network-connected UPS device

Buy Now
Questions 97

Which of the following is the correct order of evidence from most to least volatile in forensic analysis?

Options:

A.

Memory, disk, temporary filesystems, CPU cache

B.

CPU cache, memory, disk, temporary filesystems

C.

CPU cache, memory, temporary filesystems, disk

D.

CPU cache, temporary filesystems, memory, disk

Buy Now
Questions 98

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

Which of the following best describes the attack that is currently in progress?

Options:

A.

MAC flooding

B.

Evil twin

C.

ARP poisoning

D.

DHCP spoofing

Buy Now
Questions 99

A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?

Options:

A.

Shoulder surfing

B.

Watering hole

C.

Vishing

D.

Tailgating

Buy Now
Questions 100

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server

is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets

were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

Options:

A.

Install DLP software to prevent data loss.

B.

Use the latest version of software.

C.

Install a SIEM device.

D.

Implement MDM.

E.

Implement a screened subnet for the web server.

F.

Install an endpoint security solution.

G.

Update the website certificate and revoke the existing ones.

Buy Now
Questions 101

A security analyst receives an alert that indicates a user's device is displaying anomalous behavior The analyst suspects the device might be compromised Which of the following should the analyst to first?

Options:

A.

Reboot the device

B.

Set the host-based firewall to deny an incoming connection

C.

Update the antivirus definitions on the device

D.

Isolate the device

Buy Now
Questions 102

Which of Ihe following control types is patch management classified under?

Options:

A.

Deterrent

B.

Physical

C.

Corrective

D.

Detective

Buy Now
Questions 103

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Options:

A.

Walk-throughs

B.

Lessons learned

C.

Attack framework alignment

D.

Containment

Buy Now
Questions 104

A security analyst reviews web server logs and notices the following line:

104.35. 45.53 -

[22/May/2020:07 : 00:58 +0100] "GET . UNION ALL SELECT

user login, user _ pass, user email from wp users—— HTTP/I.I" 200 1072 http://www.example.com/wordpress/wp—admin/

Which of the following vulnerabilities is the attacker trying to exploit?

Options:

A.

SSRF

B.

CSRF

C.

xss

D.

SQLi

Buy Now
Questions 105

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

* Check-in/checkout of credentials

* The ability to use but not know the password

* Automated password changes

* Logging of access to credentials

Which of the following solutions would meet the requirements?

Options:

A.

OAuth 2.0

B.

Secure Enclave

C.

A privileged access management system

D.

An OpenID Connect authentication system

Buy Now
Questions 106

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Options:

A.

IP schema

B.

Application baseline configuration

C.

Standard naming convention policy

D.

Wireless LAN and network perimeter diagram

Buy Now
Questions 107

A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Buy Now
Questions 108

Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

Options:

A.

Compensating

B.

Deterrent

C.

Preventive

D.

Detective

Buy Now
Questions 109

A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be best to help the organization's executives determine their next course of action?

Options:

A.

An incident response plan

B.

A communication plan

C.

A disaster recovery plan

D.

A business continuity plan

Buy Now
Questions 110

An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to

be addressed. Which of the following is the MOST likely cause for the high number of findings?

Options:

A.

The vulnerability scanner was not properly configured and generated a high number of false positives

B.

Third-party libraries have been loaded into the repository and should be removed from the codebase.

C.

The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.

D.

The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.

Buy Now
Questions 111

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?

Options:

A.

Determine a quality CASB solution.

B.

Configure the DLP policies by user groups.

C.

Implement agentless NAC on boundary devices.

D.

Classify all data on the file servers.

Buy Now
Questions 112

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

Options:

A.

Plaintext

B.

Birthdat

C.

Brute-force

D.

Rainbow table

Buy Now
Questions 113

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

Options:

A.

Jamming

B.

BluJacking

C.

Disassoaatm

D.

Evil twin

Buy Now
Questions 114

An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider IS

used and the selected option is highly scalable?

Options:

A.

Self-signed certificate

B.

Certificate attributes

C.

Public key Infrastructure

D.

Domain validation

Buy Now
Questions 115

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Buy Now
Questions 116

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Options:

A.

Open permissions

B.

Improper or weak patch management

C.

Unsecure root accounts

D.

Default settings

Buy Now
Questions 117

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Options:

Buy Now
Questions 118

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the

company implement?

Options:

A.

PEAP

B.

PSK

C.

WPA3

D.

WPS

Buy Now
Questions 119

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the

following should the analyst recommend? (Select two).

Options:

A.

TACACS+

B.

RADIUS

C.

OAuth

D.

OpenlD

E.

Kerberos

F.

CHAP

Buy Now
Questions 120

A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

Options:

A.

Reconnaissance

B.

Impersonation

C.

Typosquatting

D.

Watering-hole

Buy Now
Questions 121

Given the following snippet of Python code:

Which of the following types of malware MOST likely contains this snippet?

Options:

A.

Logic bomb

B.

Keylogger

C.

Backdoor

D.

Ransomware

Buy Now
Questions 122

A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following

is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

Options:

A.

The time needed for the MRI vendor to upgrade the system would negatively impact patients.

B.

The MRI vendor does not support newer versions of the OS.

C.

Changing the OS breaches a support SLA with the MRI vendor.

D.

The IT team does not have the budget required to upgrade the MRI scanner.

Buy Now
Questions 123

A systems analyst is responsible for generating a new digital forensics chain -of- custody form Which of the following should the analyst include in this documentation? (Select two).

Options:

A.

The order of volatility

B.

A forensics NDA

C.

The provenance of the artifacts

D.

The vendor's name

E.

The date and time

F.

A warning banner

Buy Now
Questions 124

Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

Options:

A.

Public cloud

B.

Hybrid cloud

C.

Community cloud

D.

Private cloud

Buy Now
Questions 125

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.

Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

Options:

A.

NIDS

B.

MAC filtering

C.

Jump server

D.

IPSec

E.

NAT gateway

Buy Now
Questions 126

A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats.

Which of the following should the security operations center implement?

Options:

A.

theHarvester

B.

Nessus

C.

Cuckoo

D.

Sn1per

Buy Now
Questions 127

A security administrator Is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Select TWO).

Options:

A.

IPSec

B.

SFTP

C.

SRTP

D.

LDAPS

E.

S/MIME

F.

SSL VPN

Buy Now
Questions 128

Which of the following would satisfy three-factor authentication requirements?

Options:

A.

Password, PIN, and physical token

B.

PIN, fingerprint scan, and ins scan

C.

Password, fingerprint scan, and physical token

D.

PIN, physical token, and ID card

Buy Now
Questions 129

Which of the following allow access to remote computing resources, a operating system. and centrdized configuration and data

Options:

A.

Containers

B.

Edge computing

C.

Thin client

D.

Infrastructure as a service

Buy Now
Questions 130

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Options:

A.

Access control

B.

Syslog

C.

Session Initiation Protocol traffic logs

D.

Application logs

Buy Now
Questions 131

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?

Options:

A.

Nmap

B.

Wireshark

C.

Autopsy

D.

DNSEnum

Buy Now
Questions 132

A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected.

Which of the following would provide the best proof that customer data is being protected?

Options:

A.

SOC2

B.

CSA

C.

CSF

D.

1SO 31000

Buy Now
Questions 133

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the most likely cause of the issue?

Options:

A.

The vendor firmware lacks support.

B.

Zero-day vulnerabilities are being discovered.

C.

Third-party applications are not being patched.

D.

Code development is being outsourced.

Buy Now
Questions 134

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Options:

A.

Lessons learned

B.

Identification

C.

Simulation

D.

Containment

Buy Now
Questions 135

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Buy Now
Questions 136

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Buy Now
Questions 137

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.

Always-on

B.

Remote access

C.

Site-to-site

D.

Full tunnel

Buy Now
Questions 138

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unau-thorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers. Which of the following is the best course Of

action in this scenario?

Options:

A.

Update the host firewalls to block outbound Stv1B.

B.

Place the machines with the unapproved software in containment

C.

Place the unauthorized application in a Bocklist.

D.

Implement a content filter to block the unauthorized software communica-tion,

Buy Now
Questions 139

Which of the following will increase cryptographic security?

Options:

A.

High data entropy

B.

Algorithms that require less computing power

C.

Longer key longevity

D.

Hashing

Buy Now
Questions 140

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

Options:

A.

Redundancy

B.

RAID 1+5

C.

Virtual machines

D.

Full backups

Buy Now
Questions 141

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

Options:

A.

The business continuity plan

B.

The risk management plan

C.

The communication plan

D.

The incident response plan

Buy Now
Questions 142

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

Options:

A.

ISO

B.

PCI DSS

C.

SOC

D.

GDPR

E.

CSA

F.

NIST

Buy Now
Questions 143

A large retail store's network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach. Which of the following is the

most likely reason for this issue?

Options:

A.

Employee training

B.

Leadership changes

C.

Reputation

D.

Identity theft

Buy Now
Questions 144

A building manager is concerned about people going in and out of the office during non-working hours. Which of the following physical security controls would provide the best solution?

Options:

A.

Cameras

B.

Badges

C.

Locks

D.

Bollards

Buy Now
Questions 145

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be best to use to update and reconfigure the OS-level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 146

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

Options:

A.

A full inventory of all hardware and software

B.

Documentation of system classifications

C.

A list of system owners and their departments

D.

Third-party risk assessment documentation

Buy Now
Questions 147

A security administrator needs to inspect in-transit files on the enterprise network to search for PI I credit card data, and classification words Which of the following would be the best to use?

Options:

A.

IDS solution

B.

EDR solution

C.

HIPS software solution

D.

Network DLP solution

Buy Now
Questions 148

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 149

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Buy Now
Questions 150

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Buy Now
Questions 151

Which Of the following supplies non-repudiation during a forensics investiga-tion?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive With dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 152

Which of the following would be the best resource for a software developer who is looking to improve secure coding practices for web applications?

Options:

A.

OWASP

B.

Vulnerability scan results

C.

NIST CSF

D.

Third-party libraries

Buy Now
Questions 153

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 154

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Buy Now
Questions 155

An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for

analysis. Which of the following tools should the analyst use to further review the pcap?

Options:

A.

Nmap

B.

CURL

C.

Neat

D.

Wireshark

Buy Now
Questions 156

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

Options:

A.

DDoS

B.

Privilege escalation

C.

DNS poisoning

D.

Buffer overflow

Buy Now
Questions 157

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

Options:

A.

decrease the mean time between failures.

B.

remove the single point of failure.

C.

cut down the mean time to repair

D.

reduce the recovery time objective

Buy Now
Questions 158

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Buy Now
Questions 159

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 160

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Buy Now
Questions 161

To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request?

Options:

A.

laaS

B.

PaaS

C.

DaaS

D.

SaaS

Buy Now
Questions 162

A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

Options:

A.

Shoulder surfing

B.

Phishing

C.

Tailgating

D.

Identity fraud

Buy Now
Questions 163

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst most likely see in this packet capture?

Options:

A.

Session replay

B.

Evil twin

C.

Bluejacking

D.

ARP poisoning

Buy Now
Questions 164

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

Options:

A.

An external access point is engaging in an evil-Twin attack

B.

The signal on the WAP needs to be increased in that section of the building

C.

The certificates have expired on the devices and need to be reinstalled

D.

The users in that section of the building are on a VLAN that is being blocked by the firewall

Buy Now
Questions 165

Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

Options:

A.

General counsel

B.

Data owner

C.

Risk manager

D.

Chief Information Officer

Buy Now
Questions 166

Which of the following automation use cases would best enhance the security posture Of an organi-zation by rapidly updating permissions when employees leave a company Or change job roles inter-nally?

Options:

A.

Provisioning resources

B.

Disabling access

C.

APIs

D.

Escalating permission requests

Buy Now
Questions 167

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.

Soft token

B.

Smart card

C.

CSR

D.

SSH key

Buy Now
Questions 168

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Buy Now
Questions 169

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Buy Now
Questions 170

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Buy Now
Questions 171

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 172

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Options:

A.

Persistence

B.

Port scanning

C.

Privilege escalation

D.

Pharming

Buy Now
Questions 173

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Buy Now
Questions 174

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Buy Now
Questions 175

A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 176

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.

CVE

B.

SIEM

C.

SOAR

D.

CVSS

Buy Now
Questions 177

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Buy Now
Questions 178

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 179

Which of the following are common VoIP-associated vulnerabilities? (Select two).

Options:

A.

SPIM

B.

Vishing

C.

VLAN hopping

D.

Phishing

E.

DHCP snooping

F.

Tailgating

Buy Now
Questions 180

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2021
Last Update: Apr 16, 2024
Questions: 607
SY0-601 pdf

SY0-601 PDF

$32  $80
SY0-601 Engine

SY0-601 Testing Engine

$38  $95
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$52  $130