New CompTIA SY0-601 Dumps & Questions Updated on 2024 [Q318-Q335]

Rate this post

New CompTIA SY0-601 Dumps & Questions Updated on 2024

Dumps to Pass your SY0-601 Exam with 100% Real Questions and Answers

Q318. An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the Incident could have been prevented?

The vulnerability scan output

The security logs

The baseline report

The correlation of events

Q319. An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps Which of the following control types has the organization implemented?

Compensating

Corrective

Preventive

Detective

Q320. After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device’s firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

privilege escalation

footprinting

persistence

pivoting.

Q321. Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

The key length of the encryption algorithm

The encryption algorithm’s longevity

A method of introducing entropy into key calculations

The computational overhead of calculating the encryption key

Q322. Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

To track the status of patching installations

To find shadow IT cloud deployments

To continuously the monitor hardware inventory

To hunt for active attackers in the network

Q323. An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?

NGFW

Pagefile

NetFlow

RAM

Q324. An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access.
Which of the following should the organization use to compare biometric solutions?

FRR

Difficulty of use

Cost

FAR

CER

Q325. Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Q326. A security analyst is investigating network issues between a workstation and a company server. The workstation and server occasionally experience service disruptions, and employees are forced to reconnect to the server. In addition, some reports indicate sensitive information is being leaked from the server to the public.
The workstation IP address is 192.168.1.103, and the server IP address is 192.168.1.101.
The analyst runs arp -a On a separate workstation and obtains the following results:
Which of the following is most likely occurring?

Evil twin attack

Domain hijacking attack

On-path attack

MAC flooding attack

Q327. A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

RA1D 0

RAID1

RAID 5

RAID 10

Q328. Which of the following describes where an attacker can purchase DDoS or ransomware services?

Threat intelligence

Open-source intelligence

Vulnerability database

Dark web

Q329. A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator finds the following output:
Time: 12/25 0300
From Zone: Untrust
To Zone: DMZ
Attacker: externalip.com
Victim: 172.16.0.20
To Port: 80
Action: Alert
Severity: Critical
When examining the PCAP associated with the event, the security administrator finds the following information:
<script> alert (“Click here for important information regarding your
account! http://externalip.com/account.php”); </script>
Which of the following actions should the security administrator take?

Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic.

Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.

Implement a host-based firewall rule to block future events of this type from occurring.

Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts.

Q330. A company recently experienced a significant data loss when proprietary Information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An Investigation confirmed the corporate network was not breached, but documents were downloaded from an employee’s COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

User training

CASB

MDM

DLP

Q331. A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks When of the following should the engineer implement?

An air gap

A hot site

A VLAN

A screened subnet

Q332. A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would most likely have prevented this breach?

A firewall

A device pin

A USB data blocker

Biometrics

Q333. During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?

the forensic investigator forgot to run a checksum on the disk image after creation

the chain of custody form did not note time zone offsets between transportation regions

the computer was turned off, and a RAM image could not be taken at the same time

the hard drive was not properly kept in an antistatic bag when it was moved.

Q334. Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints?

Firewall

SIEM

IPS

Protocol analyzer

Q335. A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator’s activities?

Continuous deployment

Continuous integration

Data owners

Data processor