• Home
  • Blogs
  • [Aug-2024] Verified CompTIA Exam Dumps with SY0-601 Exam Study Guide [Q335-Q353]

[Aug-2024] Verified CompTIA Exam Dumps with SY0-601 Exam Study Guide [Q335-Q353]

Share

[Aug-2024] Verified CompTIA Exam Dumps with SY0-601 Exam Study Guide

Best Quality CompTIA SY0-601 Exam Questions ExamPrepAway Realistic Practice Exams [2024]


The CompTIA SY0-601 test is the exam that candidates must pass in case they want to acquire the core knowledge of the cybersecurity domain to perform fundamental security functions.

 

NEW QUESTION # 335
A forensics investigator is examining a number of unauthorized payments that were reported on the 00mpany's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Which of the following will the forensics investigator MOST likely determine has occurred?

  • A. Broken authentication
  • B. SQL injection
  • C. XSS
  • D. XSRF

Answer: D


NEW QUESTION # 336
A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

  • A. dig 192.168.0.10
  • B. nmap -pl-65535 192.168.0.10
  • C. ping 192.168.0.10
  • D. curl -head http://192.168-0.10

Answer: B


NEW QUESTION # 337
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:


NEW QUESTION # 338
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

  • A. Inventory list
  • B. Classification
  • C. Proof of ownership
  • D. Certification

Answer: D


NEW QUESTION # 339
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator most likely use to confirm the suspicions?

  • A. DNSEnum
  • B. Wireshark
  • C. Nmap
  • D. Autopsy

Answer: C

Explanation:
Nmap is a tool that is used to scan IP addresses and ports in a network and to detect installed applications. Nmap can help a security administrator determine the services running on a server by sending various packets to the target and analyzing the responses. Nmap can also perform various tasks such as OS detection, version detection, script scanning, firewall evasion, and vulnerability scanning.


NEW QUESTION # 340
A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Which of the following BEST describes this kind of attack?

  • A. Request forgery
  • B. SQL injection
  • C. API
  • D. Directory traversal

Answer: A


NEW QUESTION # 341
A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?

  • A. NFC attack
  • B. Insider threat
  • C. RAT
  • D. Backdoor
  • E. Skimming

Answer: E


NEW QUESTION # 342
Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email?

  • A. Phishing
  • B. Spear phishing
  • C. Whaling
  • D. Vishing

Answer: A

Explanation:
"The email includes a link that requests a name, mobile phone number, address, and date of birth" its way to vague for it to be spear phishing.
If it was a spear phishing, then the attacker should already know his name and Joe just need to fill out mobile phone number, address, and date of birth.


NEW QUESTION # 343
Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?

  • A. SQL injection
  • B. Buffer overflow
  • C. Race condition
  • D. VM escape

Answer: B

Explanation:
A buffer overflow is a type of vulnerability that occurs when an attacker sends more data than a buffer can hold, causing the excess data to overwrite adjacent memory locations such as registers. It can allow an attacker to overwrite a register with a malicious address that changes the execution path and executes arbitrary code on the target system


NEW QUESTION # 344
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

  • A. SSO
  • B. MFA
  • C. TPM
  • D. IDS

Answer: B


NEW QUESTION # 345
A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?

  • A. The Diamond Model of Intrusion Analysis
  • B. MITRE ATT&CK
  • C. The Cyber Kill Chain
  • D. The incident response process

Answer: B

Explanation:
The researcher is most likely using the MITRE ATT&CK framework. MITRE ATT&CK is a globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. It helps security teams better understand and track adversaries by creating a named group, which aligns with the scenario described in the question. The framework is widely recognized and referenced in the cybersecurity industry, including in CompTIA Security+ study materials. Reference: 1. CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf 2. MITRE ATT&CK: https://attack.mitre.org/ MITRE ATT&CK is a knowledge base of adversary tactics, techniques, and procedures (TTPs) that are observed in real-world cyberattacks. MITRE ATT&CK provides a common framework and language for describing and analyzing cyber threats and their behaviors. MITRE ATT&CK also allows security researchers to create named groups that track specific adversaries based on their TTPs.
The other options are not correct because:
1. The Cyber Kill Chain is a model that describes the stages of a cyberattack from reconnaissance to exfiltration. The Cyber Kill Chain does not provide a way to create named groups based on adversary TTPs.
2. The incident response process is a set of procedures and guidelines that defines how an organization should respond to a security incident. The incident response process does not provide a way to create named groups based on adversary TTPs.
3. The Diamond Model of Intrusion Analysis is a framework that describes the four core features of any intrusion: adversary, capability, infrastructure, and victim. The Diamond Model of Intrusion Analysis does not provide a way to create named groups based on adversary TTPs.
According to CompTIA Security+ SY0-601 Exam Objectives 1.1 Compare and contrast different types of social engineering techniques:
"MITRE ATT&CK is a knowledge base of adversary tactics, techniques, and procedures (TTPs) that are observed in real-world cyberattacks. MITRE ATT&CK provides a common framework and language for describing and analyzing cyber threats and their behaviors."


NEW QUESTION # 346
A security analyst was called to Investigate a file received directly from a hardware manufacturer.
The analyst is trying to determine whether the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

  • A. Match the file names
  • B. Check the hash of the installation file
  • C. Verify the code-signing certificate
  • D. Verify the URL download location

Answer: B

Explanation:
The hardware manufacturer will post the hash of the file publicly, and anyone who receives a copy of that file will be able to run a checksum on the file themselves, and compare them to the official manufacturer-provided checksum. Hashing is almost always the correct answer in these type of questions. You'll see a lot of Github repositories using hashed checksums as well for verification, and I recently just installed Java onto my new computer. Java provided me with a hashed checksum for the setup executable.


NEW QUESTION # 347
An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

  • A. Manually remove the phishing emails when alerts arrive.
  • B. Ingest the alerts into a SIEM to correlate with delivered messages.
  • C. Delay all emails until the retroactive alerts are received.
  • D. Utilize a SOAR playbook to remove the phishing message.

Answer: D

Explanation:
Explanation
One possible way to address this type of alert in the future is to use a SOAR (Security Orchestration, Automation, and Response) playbook to automatically remove the phishing message from the inbox3. A SOAR playbook is a set of predefined actions that can be triggered by certain events or conditions. This can help reduce the response time and human error in dealing with phishing alerts.


NEW QUESTION # 348
An attacker is attempting, to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

Which of the following should the analyst recommend be enabled?

  • A. Username lockout
  • B. Obfuscation
  • C. Input validation
  • D. Error handling

Answer: A

Explanation:
When an attacker attempts to log in to a website with a username that does not exist, the website should display a message indicating that the username does not exist. This will prevent the attacker from knowing whether or not they have guessed a valid username.
If the website simply displays the message "Incorrect username or password," the attacker will be able to keep trying different usernames until they find one that works. This could allow the attacker to gain access to the website even if they do not know the correct password.
Username lockout is a security feature that prevents an attacker from trying to log in with a particular username too many times. If an attacker exceeds the lockout threshold, they will be temporarily blocked from trying to log in with that username. This will make it more difficult for the attacker to gain access to the website.
In this case, the analyst should recommend that the client enable username lockout to prevent the attacker from guessing valid usernames.


NEW QUESTION # 349
A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.
INSTRUCTIONS
Click on each firewall to do the following:
* Deny cleartext web traffic.
* Ensure secure management protocols are used. Please Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Answer:

Explanation:
See explanation below.
Explanation
Firewall 1:
DNS Rule - ANY --> ANY --> DNS --> PERMIT
HTTPS Outbound - 10.0.0.1/24 --> ANY --> HTTPS --> PERMIT
Management - ANY --> ANY --> SSH --> PERMIT
HTTPS Inbound - ANY --> ANY --> HTTPS --> PERMIT
HTTP Inbound - ANY --> ANY --> HTTP --> DENY
Firewall 2: No changes should be made to this firewall
Graphical user interface, application Description automatically generated

Firewall 3:
DNS Rule - ANY --> ANY --> DNS --> PERMIT
HTTPS Outbound - 192.168.0.1/24 --> ANY --> HTTPS --> PERMIT
Management - ANY --> ANY --> SSH --> PERMIT
HTTPS Inbound - ANY --> ANY --> HTTPS --> PERMIT
HTTP Inbound - ANY --> ANY --> HTTP --> DENY
Graphical user interface, application Description automatically generated


NEW QUESTION # 350
An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

  • A. Data protection officer
  • B. Backup administrator
  • C. Internal auditor
  • D. Data owner
  • E. Data custodian

Answer: E

Explanation:
A Data Custodian has administrative and/or operational responsibility over Institutional Data. In many cases, there will be multiple Data Custodians. An enterprise application may have teams of Data Custodians, each responsible for varying functions. A Data Custodian is responsible for the following: Implementing appropriate physical and technical safeguards to protect the confidentiality, integrity and availability of Institutional Data.


NEW QUESTION # 351
Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?

  • A. Containment
  • B. Recovery
  • C. Preparation
  • D. Identification

Answer: A

Explanation:
Containment is the phase where the incident response team tries to isolate and stop the spread of the incident1
2. Before containing the incident, the team should collect and preserve any evidence that may be useful for analysis and investigation12. This includes documenting the incident details, such as date, time, location, source, and impact12. It also includes establishing a chain of custody, which is a record of who handled the evidence, when, where, how, and why3. A chain of custody ensures the integrity and admissibility of the evidence in court or other legal proceedings3.


NEW QUESTION # 352
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better.

  • A. prioritize remediation of vulnerabilities based on the possible impact.
  • B. validate the vulnerability exists in the organization's network through penetration testing
  • C. research the appropriate mitigation techniques in a vulnerability database
  • D. find the software patches that are required to mitigate a vulnerability

Answer: A

Explanation:
Explanation
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat
https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System


NEW QUESTION # 353
......

Authentic Best resources for SY0-601: https://ucertify.examprepaway.com/CompTIA/braindumps.SY0-601.ete.file.html

Related Blogs

more
CompTIA SY0-601 Certification Practice Exam