Forge a distinguished academic path, enriched by the comprehensive depth of the SY0-601 dumps. Perfectly congruent with the multifarious demands of the syllabus, these SY0-601 dumps radiate a rich assortment of practice questions, underscoring a holistic grasp. Be it the systematic allure of PDFs or the interactive allure of the VCE format, the SY0-601 dumps are your go-to resource. A tailored study guide, a cornerstone of the SY0-601 dumps, amplifies the academic panorama, focusing on pivotal areas. With an unwavering trust in the caliber of our offerings, we champion our 100% Pass Guarantee with unyielding conviction.
Lay the groundwork for SY0-601 triumph with our complimentary VCE resources, updated with recent questions
Question 1:
An organization\’s Chief Security Officer (CSO) wants to validate the business\’s involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?
A. An external security assessment
B. A bug bounty program
C. A tabletop exercise
D. A red-team engagement
Correct Answer: C
Reference: https://www.redlegg.com/solutions/advisory-services/tabletop-exercise-pretty-much-everything-you-need-to-know
Question 2:
A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Choose two.)
A. Passphrase
B. Time-based one-time password
C. Facial recognition
D. Retina scan
E. Hardware token
F. Fingerprints
Correct Answer: BE
Question 3:
After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?
A. loT sensor
B. Evil twin
C. Rogue access point
D. On-path attack
Correct Answer: C
Question 4:
A Chief Information Security Officer wants to ensure the organization is validating and checking the Integrity of zone transfers. Which of the following solutions should be implemented?
A. DNSSEC
B. LOAPS
C. NGFW
D. DLP
Correct Answer: A
Domain Name System Security Extensions (DNSSEC) is a set of specifications that extend the DNS protocol by adding cryptographic authentication
Question 5:
A security analyst is reviewing web-application logs and finds the following log:
Which of the following attacks is being observed?
A. Directory traversal
B. XSS
C. CSRF
D. On-path attack
Correct Answer: A
Question 6:
Which of the following can best protect against an employee inadvertently installing malware on a company system?
A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list
Correct Answer: D
CompTIA Security+ emphasizes the importance of application control and whitelisting as a strong security practice. An application allow list ensures that only approved and authorized applications can run on a system, effectively preventing the execution of unauthorized or potentially malicious software. This practice aligns with the principle of minimizing attack surfaces and reducing the risk of malware infections caused by inadvertently installing unapproved software.
While the principle of least privilege (Option C) is also an important security principle, it focuses on restricting user permissions to the minimum necessary level. Application allow lists provide more direct protection against unauthorized software execution in the context of malware prevention.
Question 7:
A security analyst is investigating a phishing email that contains a malicious document directed to the company\’s Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
A. Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
B. Install a sandbox to run the malicious payload in a safe environment
C. Perform a traceroute to identify the communication path
D. Use netstat to check whether communication has been made with a remote host
Correct Answer: B
Question 8:
An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com.
The attacker\’s intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users.
Which of the following social-engineering attacks does this describe?
A. Information elicitation
B. Type squatting
C. Impersonation
D. Watering-hole attack
Correct Answer: B
It\’s really the only logical answer. Everything else is more plausible to eliminate.
Information elicitation is done directly in-person, meaning it\’s typically conversational in nature.
Impersonation centers around PERSONS, not websites. You can\’t impersonate websites; you can only create similar-looking ones.
Water-hole attacks are performed on third-party websites one suspects the targeted organization uses; this can\’t be the case here if the attacker created the website themselves.
That leaves typosquatting. While it doesn\’t explicitly say it\’s a misspelling of another website, we can\’t outright rule out that possibility either. It\’s literally the only applicable answer for creating a website that imitates a legitimate one, after all,
and it implies it\’s not the original site by saying it\’s emulating the “look and feel of a legitimate website.”
Either way, it\’s ridiculously ambiguous. I\’m hoping CompTIA weights answers so that not ALL of them award zero points.
Question 9:
In which of the following risk management strategies would cybersecurity insurance be used?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
Correct Answer: A
Anything that talks about a company needing insurance will almost always be risk Transference.
Question 10:
Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?
A. Hashing
B. Salting
C. Integrity
D. Digital signature
Correct Answer: A
File verification, also known as hashing, is the process of checking that a file you have on your machine is identical to the source file… When you hash a file, you are left with a checksum, a random alpha numeric string with a set length. Hashing a file doesn\’t encrypt the file and you can\’t take a checksum and run it back through an algorithm to get the original source file.
Question 11:
An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?
A. Document the collection and require a sign-off when possession changes.
B. Lock the device in a safe or other secure location to prevent theft or alteration.
C. Place the device in a Faraday cage to prevent corruption of the data.
D. Record the collection in a blockchain-protected public ledger
Correct Answer: A
Question 12:
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company\’s network. The company\’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:
Which of the following attacks MOST likely occurred?
A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-forcea
Correct Answer: C
Password-spraying is an attack method where an attacker tries a few common or easily guessable passwords against multiple usernames. Instead of attempting numerous passwords for a single user (as in a brute-force attack), the attacker spreads out login attempts across many accounts using a small set of common passwords. They hope that at least one of these attempts will result in a successful login.
We can see multiple failed login attempts (audit failures) for different usernames (USER1, USER2, USER3, USER4) with variations of “UNKNOWN USERNAME OR BAD PASSWORD.” This indicates that the attacker attempted to log in with different usernames using a limited set of passwords. When they succeeded in gaining access to USER4 (“SUCCESSFUL LOGON”), it suggested that one of the username and password combinations used in the password-spraying attempt was correct.
Question 13:
A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?
A. Enforcing encryption
B. Deploying GPOs
C. Removing administrative permissions
D. Applying MDM software
Correct Answer: D
MDM stands for Mobile Device Management, is software that assists in the implementation of the process of managing, monitoring, and securing several mobile devices such as tablets, smartphones, and laptops used in the organization to access the corporate information.
Question 14:
A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?
A. Use password hashing.
B. Enforce password complexity.
C. Implement password salting.
D. Disable password reuse.
Correct Answer: B
Question 15:
An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following solutions should the organization implement to reduce the likelihood of future data breaches?
A. MDM
B. MAM
C. VDI
D. DLP
Correct Answer: A
D)DLP won\’t prevent data being recovered from a stolen/lost phone.
A) MDM would have the data encrypted or the ability to have it wiped remotely.