CompTIA Security+ Exam 2021 SY0-601 Dumps Updated Questions V12.02

1. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

Instructions: The firewall will process the rules in a top-down manner in order as a first match. The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

2. A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure .

Which of the following technologies will the coffee shop MOST likely use in place of PSK?

3. A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet .

Which of the following is the BEST solution to protect these designs?

4. A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced .

Which of the following MOST likely occurred?

5. A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees .

Which of the following controls should the company consider using as part of its IAM strategy? (Select TWO).

6. A systems analyst is responsible for generating a new digital forensics chain-of-custody form.

Which of the following should the analyst Include in this documentation? (Select TWO).

7. An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model.

Which of the following BEST describes the configurations the attacker exploited?

8. An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely .

Which of the following is the organization experiencing?

9. A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message .

Which of the following is the MOST likely cause of the issue?

10. A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area .

Which of the following would MOST likely have prevented this breach?

11. A security analyst is reviewing the following attack log output:

Which of the following types of attacks does this MOST likely represent?

12. A security analyst is configuring a large number of new company-issued laptops.

The analyst received the following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

13. Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

14. A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform .

Which of the following is the BEST approach to implement the desired solution?

15. A security assessment determines DES and 3DES at still being used on recently deployed production servers .

Which of the following did the assessment identify?

16. A network administrator has been asked to design a solution to improve a company's security posture.

The administrator is given the following, requirements?

• The solution must be inline in the network

• The solution must be able to block known malicious traffic

• The solution must be able to stop network-based attacks

Which of the following should the network administrator implement to BEST meet these requirements?

17. An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims .

Which of the following is the attacker MOST likely attempting?

18. A security analyst is investigating an incident to determine what an attacker was able to do

on a compromised laptop.

The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

19. Which of the following algorithms has the SMALLEST key size?

20. A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Which of the following BEST describes this kind of attack?

21. A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string .

Which of the following techniques BEST explains this action?

22. A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment .

Which of the following recommendations would BEST address the CSO’s concern?

23. An attacker is attempting, to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password. the logon screen displays the following message:

Which of the following should the analyst recommend be enabled?

24. A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred .

Which of the following is the analyst MOST likely seeing?

A)

B)

C)

D)

25. A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.

Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

26. A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports.

Which erf the following attacks in happening on the corporate network?

27. A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues .

Which of the following would be the BEST resource for determining the order of priority?

28. A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO) .

Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

29. A company has determined that if its computer-based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment .

Which of the following must be less than 12 hours to maintain a positive total cost of ownership?

30. An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button .

Which of the following would MOST likely contain that information?

31. A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime .

Which of the following would BEST meet this objective? (Choose two.)

32. The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk .

Which of the following would be BEST to mitigate CEO’s concern? (Select TWO).

33. Given the following logs:

Which of the following BEST describes the type of attack that is occurring?

34. An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF. MOM. HIPS, and CASB systems .

Which of the following is the BEST way to improve the situation?

35. A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, while reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

36. A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string.

Which of the following would be BEST to use to accomplish the task? (Select TWO).

37. Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

38. A symmetric encryption algorithm Is BEST suited for:

39. A company's Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks.

Which of the following would be BEST for the security manager to use in a threat mode?

40. In which of the following common use cases would steganography be employed?

41. A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet .

Which of the following should the analyst implement to authenticate the entire packet?

42. A security operations analyst is using the company's SIEM solution to correlate alerts .

Which of the following stages of the incident response process is this an example of?

43. A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources .

Which of the following will the CISO MOST likely recommend to mitigate this risk?

44. Some laptops recently went missing from a locked storage area that is protected by keyless RFID-enabled locks. There is no obvious damage to the physical space. The security manager identifies who unlocked the door, however, human resources confirms the employee was on vacation at the time of the incident .

Which of the following describes what MOST likely occurred?

45. An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments .

Which of the following BEST explains the appliance’s vulnerable state?

46. A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard .

Which of the following types of controls should be used to reduce the risk created by this scenario?

47. A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague .

Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

48. A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems .

Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?

49. A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours .

Which of the following attacks was MOST likely used?

50. Which of the following would a European company interested in implementing a technical, hands-on set of security standards MOST likely choose?

51. A malicious actor recently penetration a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server .

Which of the following files should be given to the forensics firm?

52. A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures .

Which of the following RAID levels meets this requirements?

53. A security analyst has been reading about a newly discovered cyber attack from a known threat actor .

Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

54. A small company that does not have security staff wants to improve its security posture .

Which of the following would BEST assist the company?

55. A500 is implementing an insider threat detection program. The primary concern is that users may be accessing confidential data without authorization .

Which of the fallowing should be deployed to detect a potential insider threat?

56. A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models.

When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

57. Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

58. A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked .

Which of the following would BEST these requirement?

59. A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots .

Which of the following is the BEST defense against this scenario?

60. A security auditor is reviewing vulnerability scan data provided by an internal security team .

Which of the following BEST indicates that valid credentials were used?

61. During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode.

Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

62. An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day.

The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

63. In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts.

In which of the following incident response phases is the security engineer currently operating?

64. Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

65. A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The Oss are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery .

Which of the following resiliency techniques will provide these capabilities?

66. After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company.

Which of the following risk management strategies is the manager adopting?

67. To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving .

Which of the following cloud models would BEST meet the needs of the organization?

68. A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location.

Which of the following would BEST meet the architect's objectives?

69. A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them .

Which of the following is the MOST likely cause of this issue?

70. Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

71. A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic .

Which of the following log sources would be BEST to show the source of the unusual traffic?