Get The Most Updated SY0-601 Dumps To Complete CompTIA Security+ Certification

1. Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection.

Which of the following should administrator implement to protect the environment from this malware?

2. A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic.

Which of the following log sources would be BEST to show the source of the unusual traffic?

3. Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

4. A security analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization's new API to bypass a driver to perform privilege escalation on the organization's web servers. Upon looking at the API, the security analyst realizes the particular API call was to a legacy system running an outdated OS.

Which of the following is the MOST likely attack type?

5. A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process.

Which of the following methods would BEST accomplish this goal?

6. An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them.

Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

7. An organization is concerned that its hosted web servers are not running the most updated version of the software.

Which of the following would work BEST to help identify potential vulnerabilities?

8. A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The file-sharing service is the same one used by company staff as one of its approved third-party applications. After further investigation, the security team

determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from reoccurring but does not want to impact existing business processes.

Which of the following would BEST meet the CSO's objectives?

9. A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices.

Which of the following solutions would BEST support the policy?

10. A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems.

Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?

11. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly.

Which of the following technologies should the IT manager use when implementing MFA?

12. A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer.

Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

13. A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs.

Which of the following should the university use to BEST protect these assets deployed in the facility?

14. Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is

configured to use WPA3, AES, WPS, and RADIUS.

Which of the following should the analyst disable to enhance the access point security?

15. A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols.

A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

16. A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network.

Which of the following would be BEST to help mitigate this concern?

17. A company needs to centralize its logs to create a baseline and have visibility on its security events.

Which of the following technologies will accomplish this objective?

18. A security auditor is reviewing vulnerability scan data provided by an internal security team.

Which of the following BEST indicates that valid credentials were used?

19. An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft.

Which of the following would be the MOST acceptable?

20. An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications.

Which of the following BEST represents the type of testing that will occur?

21. An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day.

The only recent log entry regarding the user's computer is the following:

Which of the following is the MOST likely cause of the issue?

22. HOTSPOT

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

23. A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all white boars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

24. A company uses specially configured workstations tor any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced.

Which of the following MOST likely occurred?

25. The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers.

Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

26. An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload.

Which of the following services would BEST meet the criteria?

27. Which of the following describes the ability of code to target a hypervisor from inside

28. A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release.

Which of the following BEST describes the tasks the developer is conducting?

29. Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

30. Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

31. Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff.

Which of the following would MOST likely help mitigate this issue?

32. A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers.

Which of the following frameworks should the management team follow?

33. Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

34. A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices.

Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

35. A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots.

Which of the following is the BEST defense against this scenario?

36. DRAG DROP

A security engineer is setting up passwordless authentication for the first time.

INSTRUCTIONS

Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

37. A security operations analyst is using the company's SIEM solution to correlate alerts.

Which of the following stages of the incident response process is this an example of?

38. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)

39. A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.

Which of the following will the CISO MOST likely recommend to mitigate this risk?

40. Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

41. A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set.

Which of the following recommendations would BEST prevent this from reoccurring?

42. After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session.

Which of the following types of attacks has occurred?

43. A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The Oss are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery.

Which of the following resiliency techniques will provide these capabilities?

44. A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard.

Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

45. A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words.

Which of the following would be the BEST to use?

46. Which of the following BEST explains the difference between a data owner and a data custodian?

47. A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports.

Which erf the following attacks in happening on the corporate network?

48. An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.

Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

49. A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet.

Which of the following should the analyst implement to authenticate the entire packet?

50. An organization is developing a plan in the event of a complete loss of critical systems and data.

Which of the following plans is the organization MOST likely developing?

51. A security administrator is trying to determine whether a server is vulnerable to a range of attacks.

After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

52. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing.

Which of the following should the CISO read and understand before writing the policies?

53. A user is concerned that a web application will not be able to handle unexpected or random input without crashing.

Which of the following BEST describes the type of testing the user should perform?

54. Given the following logs:

Which of the following BEST describes the type of attack that is occurring?

55. A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day.

Which of the following would MOST likely show where the malware originated?

56. Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

57. An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions.

Which of the following sources of information would BEST support this solution?

58. A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted.

Which of the following resiliency techniques was applied to the network to prevent this attack?

59. An attacker is exploiting a vulnerability that does not have a patch available.

Which of the following is the attacker exploiting?

60. A security analyst needs to perform periodic vulnerably scans on production systems.

Which of the following scan types would produce the BEST vulnerability scan report?

61. A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels.

Which of the following access control schemes would be BEST for the company to implement?

62. In which of the following common use cases would steganography be employed?

63. Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

64. A security administrator is setting up a SIEM to help monitor for notable events across the enterprise.

Which of the following control types does this BEST represent?

65. A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has Just informed investigators that other log files are available for review.

Which of the following did the administrator MOST likely configure that will assist the investigators?

66. A Chief Executive Officer (CEO) is dissatisfied with the level of service from the company's new service provider. The service provider is preventing the CEO. from sending email from a work account to a personal account.

Which of the following types of service providers is being used?

67. A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic.

Which of the following would be BEST to solve this issue?

68. A hospital's administration is concerned about a potential loss of patient data that is stored on tablets. A security administrator needs to implement controls to alert the SOC any time the devices are near exits.

Which of the following would BEST achieve this objective?

69. A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control.

Which of the following BEST describes this process?

70. A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds,.

Which of the following cryptographic techniques would BEST meet the requirement?

71. A company is designing the layout of a new datacenter so it will have an optimal environmental temperature.

Which of the following must be included? (Select TWO)

72. A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously.

Which of the following RAID configurations should the administration use?

73. After entering a username and password, and administrator must gesture on a touch screen.

Which of the following demonstrates what the administrator is providing?

74. To further secure a company’s email system, an administrator is adding public keys to DNS records in the company’s domain.

Which of the following is being used?

75. Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee’s workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.

Which of the following is MOST likely causing the malware alerts?

76. An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly.

Which of the following should the engineer select to meet these requirements?

77. While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device.

Given the table below:

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

78. A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks.

The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

79. Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

80. A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure.

Which of the following technologies will the coffee shop MOST likely use in place of PSK?

81. Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers'

accounts.

Which of the following should be implemented to prevent similar situations in the future?

82. In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts.

In which of the following incident response phases is the security engineer currently operating?

83. A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message.

Which of the following is the MOST likely cause of the issue?

84. A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet.

Which of the following is the BEST solution to protect these designs?

85. A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage.

Which of the following is MOST likely the cause?

86. An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information.

One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

87. Preconfigure the client for an incoming guest.

The guest AD credentials are:

User: guest01

Password: guestpass

88. A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message.

Which of the following actions MOST likely supports an investigation for fraudulent submission?

89. In which of the following risk management strategies would cybersecurity insurance be used?

90. A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support.

Which of the following should the administrator employ to meet these criteria?

meet these criteria?

91. After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical.

Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

92. Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

93. An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

94. Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

95. Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective.

Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

96. A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks.

Which of the following would BEST meet the CSO's objectives?

97. When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?