Sy0 601

PDFExamDumps
http://www.pdfexamdumps.com
IT 認證考試題庫-高品質通過率 100%的考試題庫
最新SY0-601題庫的PDF版是廣大考生必選對象-是通過 SY0-601 考試的保障
IT Certification Guaranteed, The Easy Way!
Exam : SY0-601
Title : CompTIA Security+ Exam
Vendor : CompTIA
Version : DEMO
SY0-601, SY0-601 認證題庫, SY0-601 考古題 1

https://www.pdfexamdumps.com/SY0-601_valid-braindumps.html
NO.1 A major political party experienced a server breach. The hacker then publicly posted stolen
internal communications concerning campaign strategies to give the opposition party an advantage.
Which of the following BEST describes these threat actors?
A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats
Answer: B
Explanation:
State actor - A type of threat actor that is supported by the resources of its host country's military and
security services.
NO.2 A nationwide company is experiencing unauthorized logins at all hours of the day. The logins
appear to originate from countries in which the company has no employees.
Which of the following controls should the company consider using as part of its IAM strategy?
(Choose two.)
A. A complex password policy
B. Geolocation
C. An impossible travel policy
D. Self-service password reset
E. Geofencing
F. Time-based logins
Answer: EF
Explanation:
Time-based authentication is a special procedure to prove an individual's identity and authenticity on
appearance simply by detecting its presence at a scheduled time of day or within a scheduled time
interval and on a distinct location.
Geo-Fencing, as the name suggests, lets IT administrators restrict the usage of corporate devices to
certain regions such as office premises etc. This is done by creating virtual fences called geofence,
based on real-world geographical region. Geo-fencing can be ideally used in enterprises with
stringent compliance standards which require corporate devices containing sensitive data to remain
within the organization's premises at all times. MDM lets you define security policies based on the
virtual perimeter created as a geofence, ensuring there is no unauthorized corporate data access.
NO.3 The Chief Information Security Officer wants to put security measures in place to protect PH.
The organization needs to use its existing labeling and classification system to accomplish this goal.
Which of the following would most likely be configured to meet the requirements?
A. Tokenization
B. S/MIME
C. DLP
D. MFA
Answer: C
Explanation:
Data Loss Prevention (DLP) is the security measure that would most likely be configured to meet the
SY0-601, SY0-601 認證題庫, SY0-601 考古題 2

requirements of protecting Personally Identifiable Information (PII) while using the organization's
existing labeling and classification system.
NO.4 A company has installed badge readers for building access but is finding unauthorized
individuals roaming the hallways. Which of the following is the most likely cause?
A. Shoulder surfing
B. Phishing
C. Tailgating
D. Identity fraud
Answer: C
NO.5 A security administrator is setting up a SIEM to help monitor for notable events across the
enterprise. Which of the following control types does this BEST represent?
A. Preventive
B. Compensating
C. Corrective
D. Detective
Answer: D
NO.6 Hotspot Question

You received the output of a recent vulnerability assessment.
Review the assessment and scan output and determine the appropriate remediation(s) for each
device.
Remediation options may be selected multiple times, and some devices may require more than one
remediation.
If at any time you would like to bring bade the initial state to the simulation, please click me Reset All
button.
SY0-601, SY0-601 認證題庫, SY0-601 考古題 3

Answer:
SY0-601, SY0-601 認證題庫, SY0-601 考古題 4

NO.7 Callers speaking a foreign language are using company phone numbers to make unsolicited
phone calls to a partner organization. A security analyst validates through phone system logs that the
calls are occurring and the numbers are not being spoofed. Which of the following is the most likely
explanation?
A. The executive team is traveling internationally and trying to avoid roaming charges.
B. The company's SIP server security settings are weak.
C. Disgruntled employees are making calls to the partner organization.
D. The service provider has assigned multiple companies the same numbers.
Answer: B
Explanation:
The company's SIP server security settings are weak. This can allow unauthorize callers to use the
company's phone numbers to make unsolicited phone calls to the partner organization, or to
intercept or modify the SIP messages. Therefore, the security analyst should check the SIP server
security settings and make sure they are up to date and follow the best practices for SIP secuirty.
NO.8 Several universities are participating m a collaborative research project and need to share
compute and storage resources.
SY0-601, SY0-601 認證題庫, SY0-601 考古題 5

Which of the following cloud deployment strategies would BEST meet this need?
A. Community
B. Private
C. Public
D. Hybrid
Answer: A
NO.9 A security analyst is reviewing packet capture data from a compromised host on the network.
In the packet capture, the analyst locates packets that contain large amounts of text. Which of the
following is most likely installed on the compromised host?
A. Keylogger
B. Spyware
C. Trojan
D. Ransomware
Answer: A
Explanation:
A keylogger is a type of malware that records keystrokes made on a computer keyboard. This would
allow an attacker to capture any text entered by the user, which could be included in the captured
packets.
NO.10 A user would like to install software and features that are not available with a mobile device's
default software. Which of the following would all the user to install unauthorized software and
enable new features?
A. SQLi
B. Cross-site scripting
C. Jailbreaking
D. Side loading
Answer: C
NO.11 A company is implementing a new SIEM to log and send alerts whenever malicious activity is
blocked by its antivirus and web content filters.
Which of the following is the primary use case for this scenario?
A. Implementation of preventive controls
B. Implementation of detective controls
C. Implementation of deterrent controls
D. Implementation of corrective controls
Answer: B
NO.12 To further secure a company's email system, an administrator is adding public keys to DNS
records in the company's domain Which of the following is being used?
A. PFS
B. SPF
C. DMARC
SY0-601, SY0-601 認證題庫, SY0-601 考古題 6

D. DNSSEC
Answer: D
NO.13 Which of the following types of disaster recovery plan exercises requires the least
interruption to IT operations?
A. Parallel
B. Full-scale
C. Tabletop
D. Simulation
Answer: C
NO.14 A company moved into a new building next to a sugar mill. Cracks have been discovered in
the walls of the server room, which is located on the same side as the sugar mill loading docks. The
cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server
room, causing extreme humidification problems and equipment failure. Which of the following BEST
describes the type of threat the organization faces?
A. Foundational
B. Man-made
C. Environmental
D. Natural
Answer: A
NO.15 Which of the following types of attacks is specific to the individual it targets?
A. Whaling
B. Pharming
C. Smishing
D. Credential harvesting
Answer: A
Explanation:
What Is a Whaling Attack?
A whaling attack is a type of phishing attack where a particularly important person in the organization
is targeted. It hinges on the cyber criminal pretending to be a senior member of the organization to
gain the trust of the intended target. Once trust is gained, the attacker can prod the target for
information that helps them access sensitive areas of the network, passwords, or other user account
information.
https://www.fortinet.com/resources/cyberglossary/whaling-attack
NO.16 Which of the following is a reason why an organization would define an AUP?
A. To define the lowest level of privileges needed for access and use of the organization's resources
B. To define the set of rules and behaviors for users of the organization's IT systems
C. To define the intended partnership between two organizations
D. To define the availability and reliability characteristics between an IT provider and consumer
Answer: B
SY0-601, SY0-601 認證題庫, SY0-601 考古題 7

NO.17 Which of the following is a difference between a DRP and a BCP?

A. A BCP keeps operations running during a disaster while a DRP does not.
B. A BCP prepares for any operational interruption while a DRP prepares for natural disasters
C. A BCP is a technical response to disasters while a DRP is operational.
D. A BCP Is formally written and approved while a DRP is not.
Answer: C
NO.18 During a wireless network scan at a data center the IT security team discovered Wi-Fi signals
broadcasting from an unknown device. Which of the following best describes the cause of the
incident?
A. Domain hijacking
B. On-path attack
C. Rogue access point
D. Jamming
Answer: C
NO.19 A company recently enhanced mobile device configuration by implementing a set of security
controls biometrics context-aware authentication and full device encryption. Even with these settings
in place, an unattended phone was used by a malicious actor to access corporate data.
Which of the following additional controls should be put in place first?
A. GPS tagging
B. Remote wipe
C. Screen lock timer
D. SEAndroid
Answer: B
Explanation:
Remote wipe allows an authorized user to remotely erase all data from a lost or stolen mobile device,
thereby preventing unauthorized access to corporate data. Even with security controls such as
biometrics, context-aware authentication, and full device encryption in place, a lost or stolen device
can be a significant risk if it contains sensitive corporate data. Therefore, remote wipe is a critical
control to have in place to mitigate the risk of data breaches resulting from lost or stolen devices.
NO.20 Which of the following in a forensic investigation should be priorities based on the order of
volatility? (Choose two.)
A. Page files
B. Event logs
C. RAM
D. Cache
E. Stored files
F. HDD
Answer: CD
Explanation:
The IETF and the Order of Volatility
The Internet Engineering Task Force (IETF) released a document titled, Guidelines for Evidence
SY0-601, SY0-601 認證題庫, SY0-601 考古題 8

Collection and Archiving. It is also known as RFC 3227. This document explains that the collection of
evidence should start with the most volatile item and end with the least volatile item.
So, according to the IETF, the Order of Volatility is as follows:
1. Registers, Cache
2. Routing Table, ARP Cache, Process Table, Kernel Statistics, Memory
3. Temporary File Systems
4. Disk
5. Remote Logging and Monitoring Data that is Relevant to the System in Question
6. Physical Configuration, Network Topology
7. Archival Media
NO.21 A security analyst is investigating multiple hosts that are communicating to external IP
addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional
antivirus software. Which of the following types of malware is MOST likely infecting the hosts?
A. A RAT
B. Ransomware
C. Logic bomb
D. A worm
Answer: C
NO.22 A network analyst is setting up a wireless access point for a home office in a remote, rural
location. The requirement is that users need to connect to the access point securely but do not want
to have to remember passwords.
Which of the following should the network analyst enable to meet the requirement?
A. MAC address filtering
B. 802.1X
C. Captive portal
D. WPS
Answer: D
NO.23 A security proposal was set up to track requests for remote access by creating a baseline of
the users' common sign-in properties. When a baseline deviation is detected, an MFA challenge will
be triggered. Which of the following should be configured in order to deploy the proposal?
A. Context-aware authentication
B. Simultaneous authentication of equals
C. Extensive authentication protocol
D. Agentless network access control
Answer: A
Explanation:
Context-Aware authentication - An access control scheme that verifies an object's identity based on
various environmental factors, like time, location, and behavior.
NO.24 An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The
employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a
technician inspects the laptop and realizes it has been compromised by malware. Which of the
SY0-601, SY0-601 認證題庫, SY0-601 考古題 9

following types of social engineering attacks has occurred?

A. Smishing
B. Baiting
C. Tailgating
D. Pretexting
Answer: B
Explanation:
USB Baiting: Leaving infected USB drives in a location where the target is likely to find them, hoping
that the person will plug the USB drive into their computer out of curiosity.
NO.25 A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a
new ERP system for the company. The CISO categorizes the system, selects the controls that apply to
the system, implements the controls, and then assesses the success of the controls before
authorizing the system. Which of the following is the CISO using to evaluate the environment for this
new ERP system?
A. The Diamond Model of Intrusion Analysis
B. CIS Critical Security Controls
C. NIST Risk Management Framework
D. ISO 27002
Answer: C
Explanation:
NIST RMF has a simple 7 step process:
1. Essential activities to prepare the organization to manage security and privacy risks
2. Categorize the system and information processed, stored, and transmitted based on an impact
analysis
3. Select the set of NIST SP 800-53 controls to protect the system based on risk assessment(s)
4. Implement the controls and document how controls are deployed
5. Assess to determine if the controls are in place, operating as intended, and producing the desired
results
6. Senior official makes a risk-based decision to authorize the system (to operate)
7. Continuously monitor control implementation and risks to the system.
The actions of the CISO correspond to that process.
NO.26 Which of the following controls is used to make an organization initially aware of a data
compromise?
A. Protective
B. Preventative
C. Corrective
D. Detective
Answer: D
Explanation:
Detective control identifies security events that have already occurred. Intrusion detection systems
are detective controls.
Preventative Controls - acts to eliminate or reduce the likelihood that an attack can succeed. A
SY0-601, SY0-601 認證題庫, SY0-601 考古題 10

preventative control operates before an attack can take place. They are comparing the configurations
to a secure guideline to ensure no gaps. Meaning they are pre-emptively hardening their systems
against future attack vectors.
Corrective Controls - controls that remediate security issues that have already occurred.
Restoring backups after a ransomware attack is an example of a corrective control.
NO.27 An organization's corporate offices were destroyed due to a natural disaster, so the
organization is now setting up offices in a temporary work space. Which of the following will the
organization MOST likely consult?
A. The business continuity plan
B. The disaster recovery plan
C. The communications plan
D. The incident response plan
Answer: B
Explanation:
Disaster recovery is prepping to recover the IT operations after a disaster has occurred.
Business continuity is ensure the IT operations are working DURING a disaster.
NO.28 An organization is having difficulty correlating events from its individual AV, EDR, DLP, SWG,
WAF, MDM, HIPS, and CASB systems. Which of the following is the best way to improve the
situation?
A. Remove expensive systems that generate few alerts.
B. Modify the systems to alert only on critical issues.
C. Utilize a SIEM to centralize logs and dashboards.
D. Implement a new syslog/NetFlow appliance.
Answer: C
NO.29 An incident analyst finds several image files on a hard disk. The image files may contain
geolocation coordinates. Which of the following best describes the type of information the analyst is
trying to extract from the image files?
A. Log data
B. Metadata
C. Encrypted data
D. Sensitive data
Answer: B
Explanation:
In the case of image files, metadata may include various details such as the camera model, date and
time the photo was taken, and geolocation coordinates (latitude and longitude) if the camera
supports GPS.
NO.30 A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS.

Which of the following must be part of the security architecture to achieve AAA? (Select TWO)
A. DNSSEC
B. Reverse proxy
SY0-601, SY0-601 認證題庫, SY0-601 考古題 11

C. VPN concentrator
D. PKI
E. Active Directory
F. RADIUS
Answer: DF
NO.31 A new plug-and-play storage device was installed on a PC in the corporate environment.
Which of the following safeguards will BEST help to protect the PC from malicious files on the storage
device?
A. Change the default settings on the PC.
B. Define the PC firewall rules to limit access.
C. Encrypt the disk on the storage device.
D. Plug the storage device in to the UPS
Answer: C
Explanation:
Encrypting the disk on the drive could work because if the files on the storage drive is encrypted that
means the data will be in a format that can't be used by other devices anyway. The PC is in a
corporate environment so they're likely using Active Directory where they can implement a GPO to
encrypt removable drives when plugged in to a PC using BitLocker.
NO.32 A network engineer created two subnets that will be used for production and development
servers. Per security policy, production and development servers must each have a dedicated
network that cannot communicate with one another directly.
Which of the following should be deployed so that server administrators can access these devices?
A. VLANS
B. Internet proxy servers
C. NIDS
D. Jump servers
Answer: D
Explanation:
A jump server, jump host or jump box is a system on a network used to access and manage devices in
a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar
security zones and provides a controlled means of access between them.
NO.33 A security engineer needs to build a solution to satisfy regulatory requirements that state
certain critical servers must be accessed using MFA. However, the critical servers are older and are
unable to support the addition of MFA.
Which of the following will the engineer MOST likely use to achieve this objective?
A. A forward proxy
B. A stateful firewall
C. A jump server
D. A port tap
Answer: C
SY0-601, SY0-601 認證題庫, SY0-601 考古題 12

NO.34 A cybersecurity manager has scheduled biannual meetings with the IT team and department
leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the
manager presents a scenario and injects additional information throughout the session to replicate
what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and
its staff. Which of the following describes what the manager is doing?
A. Developing an incident response plan
B. Building a disaster recovery plan
C. Conducting a tabletop exercise
D. Running a simulation exercise
Answer: C
NO.35 A security analyst must determine if either SSH or Telnet is being used to log in to servers.
Which of the following should the analyst use?
A. logger
B. Metasploit
C. tcpdump
D. netstat
Answer: D
SY0-601, SY0-601 認證題庫, SY0-601 考古題 13


Sy0 601

Uploaded by

Copyright:

Available Formats

Sy0 601

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sy0 601

Uploaded by

Copyright:

Available Formats

PDFExamDumps

Title : CompTIA Security+ Exam

SY0-601, SY0-601 認證題庫, SY0-601 考古題 1

SY0-601, SY0-601 認證題庫, SY0-601 考古題 2

NO.6 Hotspot Question

SY0-601, SY0-601 認證題庫, SY0-601 考古題 3

SY0-601, SY0-601 認證題庫, SY0-601 考古題 4

SY0-601, SY0-601 認證題庫, SY0-601 考古題 5

SY0-601, SY0-601 認證題庫, SY0-601 考古題 6

SY0-601, SY0-601 認證題庫, SY0-601 考古題 7

NO.17 Which of the following is a difference between a DRP and a BCP?

SY0-601, SY0-601 認證題庫, SY0-601 考古題 8

SY0-601, SY0-601 認證題庫, SY0-601 考古題 9

following types of social engineering attacks has occurred?

SY0-601, SY0-601 認證題庫, SY0-601 考古題 10

NO.30 A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS.

SY0-601, SY0-601 認證題庫, SY0-601 考古題 11

SY0-601, SY0-601 認證題庫, SY0-601 考古題 12

SY0-601, SY0-601 認證題庫, SY0-601 考古題 13

You might also like