Master 2024 Latest The Questions CompTIA Security+ and Pass SY0-601 Real Exam!
Penetration testers simulate SY0-601 exam PDF
NEW QUESTION # 125
A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text.
Which of the following would mitigate the damage done by this type of data exfiltration in the future?
- A. Implement salting and hashing
- B. Create DLP controls that prevent documents from leaving the network
- C. Configure the web content filter to block access to the forum.
- D. Increase password complexity requirements
Answer: B
NEW QUESTION # 126
A security analyst is reviewing web-application logs and finds the following log:
Which of the following attacks is being observed?
- A. CSRF
- B. On-path attack
- C. XSS
- D. Directory traversal
Answer: D
NEW QUESTION # 127
An organization would like to give remote workers the ability to use applications hosted inside the corporate network Users will be allowed to use their personal computers or they will be provided organization assets Either way no data or applications will be installed locally on any user systems Which of the following mobile solutions would accomplish these goals?
- A. MDM
- B. UTM
- C. VDI
- D. COPE
Answer: C
Explanation:
Explanation
MDM would require something to be installed. VDI, virtual desktop infrastructure, would allow employees to use run apps on the company network without installing locally.
NEW QUESTION # 128
An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?
- A. Data processor
- B. Data proton officer
- C. Data controller
- D. Data custodian
Answer: B
NEW QUESTION # 129
A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the
break room only have 512KB of storage. Which of the following is MOST likely the cause?
- A. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.
- B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.
- C. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage.
- D. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.
Answer: A
NEW QUESTION # 130
The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?
- A. TACACS+
- B. SAML
- C. Password vaults
- D. OAuth
Answer: A
Explanation:
TACACS+ is a protocol used for remote authentication, authorization, and accounting (AAA) that can be used to replace shared passwords on routers and switches. It provides a more secure method of authentication that allows for centralized management of access control policies. Reference: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 6
NEW QUESTION # 131
A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.
Which of the following will the CISO MOST likely recommend to mitigate this risk?
- A. Implement a challenge response test on all end-user queries
- B. Upgrade the bandwidth available into the datacenter
- C. Implement a hot-site failover location
- D. Switch to a complete SaaS offering to customers
Answer: C
NEW QUESTION # 132
A user contacts the help desk to report the following:
- Two days ago, a pop-up browser window prompted the user for a name
and password after connecting to the corporate wireless SSID. This had
never happened before, but the user entered the information as
requested.
- The user was able to access the Internet but had trouble accessing
the department share until the next day.
- The user is now getting notifications from the bank about
unauthorized transactions.
Which of the following attack vectors was MOST likely used in this scenario?
- A. Rogue access point
- B. ARP poisoning
- C. Evil twin
- D. DNS poisoning
Answer: A
NEW QUESTION # 133
A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?
- A. A worm
- B. A RAT
- C. Ransomware
- D. Logic bomb
Answer: D
NEW QUESTION # 134
You received the output of a recent vulnerability assessment.
Review the assessment and scan output and determine the appropriate remedialion(s} 'or each dewce.
Remediation options may be selected multiple times, and some devices may require more than one remediation.
If at any time you would like to biing bade the initial state ot the simulation, please dick me Reset All button.
Answer:
Explanation:
Explanation
Graphical user interface, application, website, Teams Description automatically generated
Graphical user interface, text, application Description automatically generated
NEW QUESTION # 135
While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:
Which of the following attack types best describes the root cause of the unusual behavior?
- A. Buffer overflow
- B. SQL injection
- C. Server-side request forgery
- D. Improper error handling
Answer: B
Explanation:
SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input12. A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system3.
According to the pseudocode given in the question, the application takes a user input for display name and concatenates it with a SQL query to update the user's profile. This is a vulnerable practice that allows an attacker to inject malicious SQL code into the query and execute it on the database. For example, an attacker could enter something like this as their display name:
John'; DROP TABLE users; --
This would result in the following SQL query being executed:
UPDATE profile SET displayname = 'John'; DROP TABLE users; --' WHERE userid = 1; The semicolon (;) terminates the original update statement and starts a new one that drops the users table. The double dash (-) comments out the rest of the query. This would cause a catastrophic loss of data for the application.
NEW QUESTION # 136
A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?
- A. Data owner
- B. Data processor
- C. Data steward
- D. Data collector
Answer: D
Explanation:
A data collector is a person or entity that collects personal data from individuals for a specific purpose. A data collector may or may not be the same as the data controller or the data processor, depending on who determines the purpose and means of processing the data and who actually processes the data.
NEW QUESTION # 137
A security engineer needs to select a primary authentication source for use with a client application. The application requires the user to log in with a username, password, and, when needed, a challenge response. Which of the follwing solutions BEST meets this requirement?
- A. LDAP
- B. RADIUS
- C. PSK
- D. PAP
Answer: A
NEW QUESTION # 138
Security analysts are conducting an investigation of an attack that occurred inside the organization's network.
An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:
The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?
- A. SQL injection
- B. ARP poisoning
- C. MAC flooding
- D. DNS spoofing
Answer: C
NEW QUESTION # 139
A manufacturer creates designs for very high security products that are required to be protected and controlled
- A. Session replay
- B. ARP poisoning
- C. Bluejacking
- D. Evil twin
Answer: D
NEW QUESTION # 140
A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?
- A. The application logs
- B. The syslog server
- C. Memory dumps
- D. The log retention policy
Answer: B
Explanation:
Explanation
A syslog server is a centralized log management system that collects, stores, and manages syslog messages generated by various network devices, servers, applications, and other sources. A syslog server can assist the investigators in this case because it can provide an alternative source of log files that may contain evidence of the incident. The privileged user may have deleted the local log files on the server, but not the remote log files on the syslog server. Therefore, the investigators can access the syslog server and analyze the log messages related to the user's activities and actions
NEW QUESTION # 141
A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?
- A. Shoulder surfing
- B. Information elicitation
- C. Dumpster diving
- D. Credential harvesting
Answer: C
Explanation:
Crosscut shredders are used to destroy paper documents and reduce the risk of data leakage through dumpster diving. Dumpster diving is a method of retrieving sensitive information from paper waste by searching through discarded documents.
Reference:
CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 2
NEW QUESTION # 142
An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model Which of the following BEST describes the configurations the attacker exploited?
- A. Open permissions
- B. Unsecure protocols
- C. Weak encryption
- D. Default settings
Answer: D
NEW QUESTION # 143
A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?
- A. NGF-W
- B. DLP
- C. HIDS
- D. AV
Answer: C
Explanation:
The security engineer should select a Host Intrusion Detection System (HIDS) to address the concern. HIDS monitors and analyzes the internals of a computing system, such as key files and network traffic, for any suspicious activity. Unlike antivirus software (AV), which relies on known signatures of malware, HIDS can detect anomalies, policy violations, and previously undefined attacks by monitoring system behavior and the network traffic of the device.
Reference:
1. CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf
2. Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-94. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf
NEW QUESTION # 144
A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?
- A. Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag
- B. Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy evidence
- C. Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy
- D. Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches
Answer: C
Explanation:
"To obtain a forensically sound image from nonvolatile storage, you need to ensure that nothing you do alters data or metadata (properties) on the source disk or file system. A write blocker assures this process by preventing any data on the disk or volume from being changed by filtering write commands at the driver and OS level. Data acquisition would normally proceed by attaching the target device to a forensics workstation or field capture device equipped with a write blocker." For purposes of knowing, https://security.opentext.com/tableau/hardware/details/t8u write blockers like this are the most popular hardware blockers
NEW QUESTION # 145
......
Penetration testers simulate SY0-601 exam: https://www.prepawaytest.com/CompTIA/SY0-601-practice-exam-dumps.html
Bestselling On-The-Job Reference Exam Questions: https://drive.google.com/open?id=1RM_MAmUjaKfIo1rgnPE1Wl1nKLXSO4up