Propel your academic aspirations skyward, backed by the formidable arsenal of the SY0-601 dumps. Sculpted with care to reflect the diverse nuances of the syllabus, the SY0-601 dumps extend a myriad of practice questions, reinforcing a comprehensive command. Whether the streamlined clarity of PDFs captivates or the vibrant interactivity of the VCE format intrigues, the SY0-601 dumps stand ready. An integrated study guide, a hallmark of the SY0-601 dumps, aids in deciphering complex paradigms, ensuring thoroughness. Rooted deeply in the efficacy of these tools, we vehemently endorse our 100% Pass Guarantee.
Take on the SY0-601 exam with determination and the support of our top-tier SY0-601 VCE and PDF Braindumps
Question 1:
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations.
Which of the following would address the CSO\’s concerns?
A. SPF
B. DMARC
C. SSL
D. DKIM
E. TLS
Correct Answer: E
DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication. Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence
Question 2:
Which of the following actions would be recommended to improve an incident response process?
A. Train the team to identify the difference between events and incidents
B. Modify access so the IT team has full access to the compromised assets
C. Contact the authorities if a cybercrime is suspected
D. Restrict communication surrounding the response to the IT team
Correct Answer: A
The Preparation (initial phase) involves correct data events are being logged, the reporting of potential incidents is happening and personnel training. Nothing in B, C and D is referring to that.
Question 3:
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?
A. SIEM
B. CASB
C. UTM
D. DLP
Correct Answer: B
Microsoft has a straightforward definition and it includes DLP. “is a security policy enforcement point positioned between enterprise users and cloud service providers” https://www.microsoft.com/en-us/security/business/security-101/what-is-acloud-access- security-broker-casb A cloud access security broker (CASB) works by securing data flowing to and from in- house IT architectures and cloud vendor environments using an organization\’s security policies. CASBs protect enterprise systems against cyberattacks through malware prevention and provide data security through encryption, making data streams unreadable to outside parties. CASBs were created with one thing in mind: protecting proprietary data stored in external, third-party media. CASBs deliver capabilities not generally available in traditional controls such as secure web gateways (SWGs) and enterprise firewalls. CASBs provide policy and governance concurrently across multiple cloud services and provide granular
visibility into and control over user activities. https://www.forcepoint.com/cyber- edu/casb-cloud-access-security-broker
Question 4:
The Chief Technology Officer of a local college would like visitors to utilize the school\’s Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?
A. Requiring all new. on-site visitors to configure their devices to use WPS
B. Implementing a new SSID for every event hosted by the college that has visitors
C. Creating a unique PSK for every visitor when they arrive at the reception area
D. Deploying a captive portal to capture visitors\’ MAC addresses and names
Correct Answer: D
Deploying a captive portal to capture visitors\’ MAC addresses and names: A captive portal forces all users trying to access the Internet over Wi-Fi to view a special web page and take action, usually authentication or acceptance of terms and conditions, before they can get connected. In this scenario, by capturing visitors\’ names along with their device\’s MAC address, the college can associate network activity with specific individuals.
Question 5:
A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?
A. logger
B. Metasploit
C. tcpdump
D. netstat
Correct Answer: D
Question 6:
Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:
1.
There must be visibility into how teams are using cloud-based services.
2.
The company must be able to identify when data related to payment cards is being sent to the cloud.
3.
Data must be available regardless of the end user\’s geographic location
4.
Administrators need a single pane-of-glass view into traffic and trends.
Which of the following should the security analyst recommend?
A. Create firewall rules to restrict traffic to other cloud service providers.
B. Install a DLP solution to monitor data in transit.
C. Implement a CASB solution.
D. Configure a web-based content filter.
Correct Answer: C
All things point to CLOUD which equals CASB private cloud solution. The security team has received the following requirements:
1.
how teams are using cloud-based services.
2.
identify when data related to payment cards is being sent to the cloud.
3.
single pane-of-glass view into traffic and trends.
Question 7:
To further secure a company\’s email system, an administrator is adding public keys to DNS records in the company\’s domain Which of the following is being used?
A. PFS
B. SPF
C. DMARC
D. DNSSEC
Correct Answer: D
1.
DNSSEC
2.
Domain Name System Security Extensions
3.
Validate DNS responses
4.
Origin authentication, data integrit
Question 8:
A company that provides an online streaming service made its customers\’ personal data including names and email addresses publicly available in a cloud storage service. As a result, the company experienced an increase m the number of requests to delete user accounts. Which of the following best describes the consequence of tins data disclosure?
A. Regulatory tines
B. Reputation damage
C. Increased insurance costs
D. Financial loss
Correct Answer: B
Reputation damage Short Reputation damage is the loss of trust or credibility that a company suffers when its customers\’ personal data is exposed or breached. This can lead to customer dissatisfaction, loss of loyalty, and requests to delete user accounts. References: https://www.comptia.org/content/guides/what-is-cybersecurity
Question 9:
Several large orders of merchandise were recently purchased on an e-commerce company\’s website. The totals for each of the transactions were negative values, resulting in credits on the customers\’ accounts.
Which of the following should be implemented to prevent similar situations in the future?
A. Ensure input validation is in place to prevent the use of invalid characters and values.
B. Calculate all possible values to be added together and ensure the use of the proper integer in the code.
C. Configure the web application firewall to look for and block session replay attacks.
D. Make sure transactions that are submitted within very short time periods are prevented from being processed.
Correct Answer: A
Question 10:
A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?
A. HIDS
B. AV
C. NGF-W
D. DLP
Correct Answer: A
The security engineer should select a Host Intrusion Detection System (HIDS) to address the concern. HIDS monitors and analyzes the internals of a computing system, such as key files and network traffic, for any suspicious activity. Unlike antivirus software (AV), which relies on known signatures of malware, HIDS can detect anomalies, policy violations, and previously undefined attacks by monitoring system behavior and the network traffic of the device.
References:
1.
CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf
2.
Scarfone, K., and Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-94. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf
Question 11:
An application owner has requested access for an external application to upload data from the central internal website without providing credentials at any point. Which of the following authentication methods should be configured to allow this type of integration access?
A. OAuth
B. SSO
C. TACACS+
D. Kerberos
Correct Answer: B
Question 12:
An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com.
The attacker\’s intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users.
Which of the following social-engineering attacks does this describe?
A. Information elicitation
B. Type squatting
C. Impersonation
D. Watering-hole attack
Correct Answer: B
It\’s really the only logical answer. Everything else is more plausible to eliminate.
Information elicitation is done directly in-person, meaning it\’s typically conversational in nature.
Impersonation centers around PERSONS, not websites. You can\’t impersonate websites; you can only create similar-looking ones.
Water-hole attacks are performed on third-party websites one suspects the targeted organization uses; this can\’t be the case here if the attacker created the website themselves.
That leaves typosquatting. While it doesn\’t explicitly say it\’s a misspelling of another website, we can\’t outright rule out that possibility either. It\’s literally the only applicable answer for creating a website that imitates a legitimate one, after all,
and it implies it\’s not the original site by saying it\’s emulating the “look and feel of a legitimate website.”
Either way, it\’s ridiculously ambiguous. I\’m hoping CompTIA weights answers so that not ALL of them award zero points.
Question 13:
A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider?
A. Hashing
B. Salting
C. Lightweight cryptography
D. Steganography
Correct Answer: B
Question 14:
A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?
A. Key escrow
B. A self-signed certificate
C. Certificate chaining
D. An extended validation certificate
Correct Answer: B
Internal certificates don\’t need to be signed by a public CA ? Your company is the only one going to use it
1.
No need to purchase trust for devices that already trust you
2.
Build your own CA ?Issue your own certificates signed by your own CA
3.
Install the CA certificate/trusted chain on all devices
4.
They\’ll now trust any certificates signed by your internal CA
5.
Works exactly like a certificate you purchased
Question 15:
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
A. The key length of the encryption algorithm
B. The encryption algorithm\’s longevity
C. A method of introducing entropy into key calculations
D. The computational overhead of calculating the encryption key
Correct Answer: B
SY0-601 Student guide, “In another sense, longevity is the consideration of how long data must be kept secure. If you assume that a ciphertext will be exposed at some point, how long must that ciphertext resist cryptanalysis? For example, imagine an NSA operative\’s laptop is stolen. The thief cannot hope to break the encryption with current computing resources, but how long must that encryption mechanism continue to protect the data? If advances in cryptanalysis will put it at risk within 5 years, or 10 years, or 20 years, could a more secure algorithm have been chosen?”