• Home
  • Articles
  • [Oct-2022] CompTIA SY0-601 Dumps – Reduce Your Chance of Failure in SY0-601 Exam [Q112-Q136]

[Oct-2022] CompTIA SY0-601 Dumps – Reduce Your Chance of Failure in SY0-601 Exam [Q112-Q136]

Share

[Oct-2022] CompTIA SY0-601 Dumps – Reduce Your Chance of Failure in SY0-601 Exam

To help you achieve your ultimate goal, we suggest the actual CompTIA SY0-601 dumps for your CompTIA Security+ Exam exam preparation to use as your guideline.

NEW QUESTION 112
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 113
Data exftitration analysis indicates that an attacker managed to download system configuration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server Which of the following attacks explains what occurred? (Select TWO)

  • A. SQL injection
  • B. Directory traversal
  • C. Request forgery
  • D. Privilege escalation
  • E. Cross-site scnpting
  • F. Pass-the- hash

Answer: A,F

 

NEW QUESTION 114
As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

  • A. Implementing rules in the NGFW
  • B. Creating a playbook within the SOAR
  • C. Publishing a new CRL with revoked certificates
  • D. Updating the DLP hash database

Answer: B

 

NEW QUESTION 115
A company has drafted an insider-threat policy that prohibits the use of external storage devices.
Which of the following would BEST protect the company from data exfiltration via removable media?

  • A. Monitoring large data transfer transactions in the firewall logs
  • B. Implementing a group policy to block user access to system files
  • C. Developing mandatory training to educate employees about the removable media policy
  • D. Blocking removable-media devices and write capabilities using a host-based security tool

Answer: D

 

NEW QUESTION 116
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

  • A. State actors
  • B. Semi-authorized hackers
  • C. Script kiddies
  • D. Advanced persistent threats

Answer: A

 

NEW QUESTION 117
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

  • A. Remote wipe
  • B. Mobile device management
  • C. Full-device encryption
  • D. Biometrics

Answer: B

 

NEW QUESTION 118
A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Which of the following will the forensics investigator MOST likely determine has occurred?

  • A. SQL injection
  • B. XSS
  • C. Broken authentication
  • D. XSRF

Answer: D

 

NEW QUESTION 119
During an incident response, a security analyst observes the following log entry on the web server.
Which of the following BEST describes the type of attack the analyst is experience?

  • A. SQL injection
  • B. Directory traversal
  • C. Pass-the-hash
  • D. Cross-site scripting

Answer: D

 

NEW QUESTION 120
A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs:

Which of the following should the company use to secure its website rf the company is concerned with convenience and cost?

  • A. A code-signing certificate
  • B. An extended validation certificate
  • C. A root certificate
  • D. A self-signed certificate
  • E. A wildcard certificate

Answer: C

 

NEW QUESTION 121
A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

  • A. A dictionary attack
  • B. A rainbow table attack
  • C. A password-spraying attack
  • D. A keylogger attack

Answer: A

 

NEW QUESTION 122
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4
  • F. 5

Answer: B,F

 

NEW QUESTION 123
A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?

  • A. SRTP
  • B. LDAP
  • C. AH
  • D. ESP

Answer: D

 

NEW QUESTION 124
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

  • A. Autopsy
  • B. DNSEnum
  • C. Nmap
  • D. Wireshark

Answer: C

Explanation:
Explanation
https://nmap.org/book/man-version-detection.html
NMAP scans running services and can tell you what services are running

 

NEW QUESTION 125
The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots It uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?

  • A. A fileless virus
  • B. Cryptographic manipulation
  • C. Baseline modification
  • D. Tainted training data

Answer: D

 

NEW QUESTION 126
A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing. Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

  • A. Enforce MFA when an account request reaches a risk threshold.
  • B. implement geofenoing to only allow access from headquarters
  • C. Enforce time-based login requests trial align with business hours
  • D. Shift the access control scheme to a discretionary access control

Answer: A

 

NEW QUESTION 127
Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture?
(Select TWO).

  • A. The organization has adequate information available in public registration.
  • B. Joe used Wireshark to produce this output
  • C. Joe used Who is to produce this output.
  • D. Joe used cURL to produce this output.
  • E. The organization has too little information available in public registration
  • F. The organization has too much information available in public registration.

Answer: A,C

 

NEW QUESTION 128
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

  • A. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
  • B. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
  • C. The most common set of MDM configurations will become the effective set of enterprise mobile security controls.
  • D. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

Answer: A

 

NEW QUESTION 129
A SOC is implementing an in sider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat?

  • A. A honeyfile
  • B. DLP
  • C. ADMZ
  • D. File integrity monitoring

Answer: A

 

NEW QUESTION 130
The security administrator has installed a new firewall which implements an implicit DENY policy by default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

Answer:

Explanation:

Explanation
Graphical user interface Description automatically generated with medium confidence

Graphical user interface Description automatically generated

Section: Network Security
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default.Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port
22Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.
References:Stewart,
James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

NEW QUESTION 131
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

  • A. An injection attack is being conducted against a user authentication system.
  • B. A service account password may have been changed, resulting in continuous failed logins within the application.
  • C. A replay attack is being conducted against the application.
  • D. A credentialed vulnerability scanner attack is testing several CVEs against the application.

Answer: B

 

NEW QUESTION 132
While checking logs, a security engineer notices a number of end userssuddenly downloading files with the
.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external emailcontaining an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

  • A. The workstations are beaconing to a command-and-control server.
  • B. A RAT was installed and is transferring additional exploit tools.
  • C. Alogic bomb was executed and is responsible for the data transfers.
  • D. A fireless virus is spreading in the local network environment.

Answer: B

 

NEW QUESTION 133
After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

  • A. Something you can do
  • B. Biometrics
  • C. Multifactor authentication
  • D. Two-factor authentication

Answer: A

 

NEW QUESTION 134
A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:

  • A. all members of the department that created the documents
  • B. only the company's employees and those listed in the document
  • C. employees of other companies and the press
  • D. only the individuals listed in the documents

Answer: B

 

NEW QUESTION 135
A forensic analyst needs to prove that data has not been tampered with since it was collected Which of the following methods will the analyst MOST likely use?

  • A. Ensure proper procedures for chain of custody are being followed
  • B. Encrypt the collected data using asymmetric encryption
  • C. Look for tampenng on the evidence collection bag
  • D. Calculate the checksum using a hashing algorithm

Answer: D

 

NEW QUESTION 136
......

Accurate & Verified Answers As Seen in the Real Exam here: https://certificationsdesk.examslabs.com/CompTIA/CompTIA-Security/best-SY0-601-exam-dumps.html

Related Articles

more
CompTIA SY0-601 Certification Practice Exam