[Dec 07, 2021] Ultimate SY0-601 Guide to Prepare Free Latest CompTIA Practice Tests Dumps
Get Top-Rated CompTIA SY0-601 Exam Dumps Now
Threats, Attacks, and Vulnerabilities (24%)
- In a given scenario, evaluate the possible indicators connected with application attacks;
- Given a specific scenario, evaluate the possible indicators connected with attacks on the network;
- Compare and contrast various types of social engineering methods;
- Describe various threat actors, intelligence sources, and vectors;
CompTIA Security+ Exam Certification Details:
| Exam Code | SY0-601 |
| Number of Questions | 90 |
| Passing Score | 750 / 900 |
| Duration | 90 mins |
| Sample Questions | CompTIA Security+ Sample Questions |
| Exam Price | $349 (USD) |
| Schedule Exam | CompTIA Marketplace Pearson VUE |
NEW QUESTION 212
Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.)
- A. Included third-party libraries
- B. Outdated anti-malware software
- C. Use of penetration-testing utilities
- D. Weak passwords
- E. Vendors/supply chain
- F. Unsecure protocols
Answer: A,E
NEW QUESTION 213
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?
- A. An air gap
- B. A demilitarized zone
- C. A Faraday cage
- D. A shielded cable
Answer: A
NEW QUESTION 214
An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from
9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?
- A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly
- B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.
- C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly.
- D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.
Answer: A
NEW QUESTION 215
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION 216
A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective?
- A. NST CSF
- B. MTRE ATT$CK
- C. OWASP
- D. A table exercise
Answer: D
NEW QUESTION 217
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A)
B)
C)
D)
- A. Option B
- B. Option D
- C. Option C
- D. Option A
Answer: A
NEW QUESTION 218
A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
Which of the following will the forensics investigator MOST likely determine has occurred?
- A. CSRF
- B. SQL injection
- C. XSS
- D. XSRF
Answer: A
NEW QUESTION 219
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?
- A. Nmap
- B. Netcat
- C. cURL
- D. Wireshark
Answer: D
NEW QUESTION 220
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:
To better understand what is going on, the analyst runs a command and receives the following output:
Based on the analyst's findings, which of the following attacks is being executed?
- A. Credential harvesting
- B. Keylogger
- C. Brute-force
- D. Spraying
Answer: D
Explanation:
Explanation
If a user tries to authenticate with a wrong password, the domain controller who handles the authentication request will increment an attribute called badPwdCount. As you can see in the image, the badpwdcount attribute for the user states that many passwords were used to try to log in without success. Password spraying is an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.
https://www.coalfire.com/the-coalfire-blog/march-2019/password-spraying-what-to-do-and-how-to-avoid-it
https://doubleoctopus.com/security-wiki/threats-and-tools/password-spraying/
NEW QUESTION 221
Which of the following are requirements that must be configured for PCI DSS compliance? (Choose two.)
- A. Benchmarking security awareness training for contractors
- B. Using vendor-supplied default passwords for system passwords
- C. Encrypting transmission of cardholder data across private networks
- D. Testing security systems and processes regularly
- E. Installing and maintaining a web proxy to protect cardholder data
- F. Assigning a unique ID to each person with computer access
Answer: C,E
NEW QUESTION 222
A security assessment determines DES and 3DES are still being used on recently deployed production servers. Which of the following did the assessment identify?
- A. Weak encryption
- B. Open permissions
- C. Default settings
- D. Unsecure protocols
Answer: A
NEW QUESTION 223
An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?
- A. nslookup -port=80 comtia.org
- B. Nc -1 -v comptia, org -p 80
- C. Hping3 -s comptia, org -p 80
- D. nmp comptia, org -p 80 -aV
Answer: D
NEW QUESTION 224
A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?
- A. Password-spraying
- B. Brute-force
- C. Rainbow table
- D. Dictionary
Answer: A
Explanation:
Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts. https://us-cert.cisa.gov/ncas/current-activity/2019/08/08/acsc-releases-advisory-password-spraying-attacks#:~:text=Password%20spraying%20is%20a%20type,rapid%20or%20frequent%20account%20lockouts.
NEW QUESTION 225
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance's vulnerable state?
- A. The system was configured with weak default security settings.
- B. The device uses weak encryption ciphers.
- C. The vendor has not supplied a patch for the appliance.
- D. The appliance requires administrative credentials for the assessment.
Answer: C
NEW QUESTION 226
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION 227
A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?
- A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
- B. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.
- C. Implement nightly full backups every Sunday at 8:00 p.m.
- D. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
Answer: D
NEW QUESTION 228
While investigating a data leakage incident, a security analyst reviews access control to cloud-hosted dat a. The following information was presented in a security posture report.
Based on the report, which of the following was the MOST likely attack vector used against the company?
- A. Potentially unwanted programs
- B. Supply chain
- C. Logic bomb
- D. Spyware
Answer: D
NEW QUESTION 229
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?
- A. Data masking
- B. Data minimization
- C. Data deduplication
- D. Data encryption
Answer: A
NEW QUESTION 230
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?
- A. The read team
- B. The NOC team
- C. The CIRT
- D. The vulnerability management team
Answer: B
NEW QUESTION 231
Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?
- A. Pulverizing
- B. Incinerating
- C. Degaussing
- D. Shredding
Answer: D
Explanation:
Another form of physical destruction, shredding may be the most secure and cost-effective way to destroy electronic data in any media that contain hard drives or solid state drives and have reached their end-of-life. It's also very effective for optical drives, smartphones, tablets, motherboards, thumb drives and credit card swipe devices, to name a few.
Shredding is a great way to destroy data if you have a large data enterprise center or a large stockpile of old hard drives and media that you want to destroy. It's very secure, fast and efficient. Shredding reduces electronic devices to pieces no larger than 2 millimeters. If you work in a high-security environment with high-security data, shredding should be your number one choice as it guarantees that all data is obliterated.
https://dataspan.com/blog/what-are-the-different-types-of-data-destruction-and-which-one-should-you-use/
NEW QUESTION 232
A company was recently breached Part of the company's new cybersecurity strategy is to centralize the logs from all security devices Which of the following components forwards the logs to a central source?
- A. Log collector
- B. Log enrichment
B Log aggregation - C. Log parser
Answer: C
NEW QUESTION 233
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)
- A. Scheduled penetration testing
- B. Network-attached storage
- C. Off-site backups
- D. NIC teaming
- E. Dual power supply
- F. Automatic OS upgrades
Answer: C,E
Explanation:
Explanation
https://searchdatacenter.techtarget.com/definition/resiliency
NEW QUESTION 234
An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com.
The attacker's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe?
- A. Impersonation
- B. Information elicitation
- C. Typo squatting
- D. Watering-hole attack
Answer: D
NEW QUESTION 235
......
CompTIA SY0-601: Exam Topics
The CompTIA SY0-601 exam covers the following domains:
Within this topic, the IT professionals should be able to compare as well as contrast various types of social engineering methodologies; analyze possible indicators to define the attack type according to a particular scenario; analyze possible indicators related to network attacks according to a particular scenario; analyze possible indicators related to application attacks; explain various threat vectors, actors, as well as intelligence sources, etc.
This subject area covers important environments of organizations such as growth strategies on hybrid networks and reliance on Cloud. The test takers should be able to build a strong cybersecurity posture and understand virtual security and provide security to application and automation concepts. Within domain, the applicants should possess the ability to design a secure platform for an automation process.
This section includes the ability to administer identification, management accessibility, PKI, wireless security, and cryptography. In addition, the specialists should be able to identify and implement the best security measures for devices such as cellphones and Clouds.
This area includes the security as well as evaluation of the response methods, such as detection, digital forensics of any incident, and mitigation. The examinees should also be able to detect the influx of cyberattacks and respond accordingly with the help of basic techniques to control the security system. Additionally, they should be able to manage the security of the organization to protect valuable information.
Passing Key To Getting SY0-601 Certified Exam Engine PDF: https://exam-labs.exam4tests.com/SY0-601-pdf-braindumps.html