Pass CompTIA Security+ SY0-601 Exam with Latest SY0-601 Exam Dumps V20.02 With Accurate Questions and Answers

1. A SOC operator is analyzing a log file that contains the following entries:

2. A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries.

Which of the following would be the MOST prudent course of action?

3. Field workers in an organization are issued mobile phones on a daily basis All the work is performed within one city and the mobile phones are not used for any purpose other than work. The organization does not want these pnones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the pnones do not need to be reissued every day Qven the conditions described, which of the following technologies would BEST meet these requirements'

4. Which biometric error would allow an unauthorized user to access a system?

5. A technician enables full disk encryption on a laptop that will be taken on a business tnp.

Which of the following does this process BEST protect?

6. Which of the following will increase cryptographic security?

7. During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet.

Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

8. A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users.

Which of the following technologies meets the requirement?

9. Which of the following is assured when a user signs an email using a private key?

10. After returning from a conference, a user's laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard .

Which of the following attack vectors was exploited to install the hardware?

11. A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on-premises infrastructure blueprint and only wants to pay for additional compute power required.

Which of the following solutions would BEST meet the needs of the company?

12. A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department.

Which of the following account types Is MOST appropriate for this purpose?

13. Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

14. HOTSPOT

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

15. A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers.

Which of the following is the BEST remediation strategy?

16. A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement.

Which of the following tools if available on the server, will provide the MOST useful information for the next assessment step?

17. Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?

18. The board of doctors at a company contracted with an insurance firm to limit the organization’s liability.

Which of the following risk management practices does the BEST describe?

19. A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials.

Which of the following controls was being violated?

20. An IT manager is estimating the mobile device budget for the upcoming year Over the last five years, the number of devices that were replaced due to loss damage or theft steadily increased by 10%.

Which of the following would BEST describe the estimated number of devices to be replaced next year?

21. Preconfigure the client for an incoming guest.

The guest AD credentials are:

User: guest01

Password: guestpass

22. Which of the following is a known security nsk associated with data archives that contain financial information?

23. CORRECT TEXT

An incident has occurred in the production environment.

Analyze the command outputs and identify the type of compromise.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

24. A company is auditing the manner in which its European customers' personal information is handled.

Which of the following should the company consult?

25. A company recently experienced a significant data loss when proprietary Information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An Investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage.

Which of the following is the BEST mitigation strategy to prevent this from happening in the future?

26. After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:

27. A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports.

Which of the following attacks in happening on the corporate network?

28. As part of a security compliance assessment, an auditor performs automated vulnerability scans.

In addition, which of the following should the auditor do to complete the assessment?

29. An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate.

Which of the following should the company do FIRST?

30. Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstation throughout the network.

The analysts review the following logs:

The layer 2 address table has hundred of entries similar to the ones above.

Which of the following attacks has MOST likely occurred?

31. A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details.

Which of the following BEST describes this technique?

32. Business partners are working on a Security mechanism lo validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign encrypt, and decrypt transaction files.

Which of the following is the BEST solution to adopt?

33. A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls.

Which of the following should be implemented to BEST address the CSO's concerns? {Select TWO)

34. A security incident has been resolved.

Which of the following BEST describes the importance of the final phase of the incident response plan?

35. Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

36. DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way.

Which of the following options BEST fulfils the architect’s requirements?

37. Which of the following terms describes a broad range of information that is sensitive to a specific organization?

38. An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled.

Which of the following can be used to accomplish this task?

39. After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server.

Which of the following firewall policies would be MOST secure for a web server?

A)

B)

C)

D)

40. An administrator is experiencing issues when trying to upload a support file to a vendor A pop-up message reveals that a payment card number was found in the file, and the file upload was Mocked.

Which of the following controls is most likely causing this issue and should be checked FIRST?

41. An organization has developed an application that needs a patch to fix a critical vulnerability.

In which of the following environments should the patch be deployed LAST?

42. A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1.

A search of the WAF logs reveals the following output:

Which of the following is MOST likely occurring?

43. A company wants to improve end users experiences when they tog in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website.

Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

44. An organization has activated an incident response plan due to a malware outbreak on its network. The organization has brought in a forensics team that has identified an internet-facing Windows server as the likely point of initial compromise. The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code.

Which of the following actions would be BEST to prevent reinfection from the initial infection vector?

45. Which of the following is a benefit of including a risk management framework into an organization's security approach?

46. An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely.

Which of the following should the organization consider before implementation? (Select TWO).

47. Which of the following is the MOST effective control against zero-day vulnerabilities?

48. The Chief Compliance Officer from a bank has approved a background check policy for all new hires.

Which of the following is the policy MOST likely protecting against?

49. Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the internet No business emails were Identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts.

Which of Ihe following would mitigate the issue?

50. Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

51. An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access.

Which of the following should the organization use to compare biometric solutions?

52. The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data.

Which of the following would be BEST for the third-party vendor to provide to the CISO?

53. Which of the following describes the continuous delivery software development methodology?

54. The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident.

Which of the following incident response processes is the CISO requesting?

55. A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal behavior is detected.

Which of the following is the security analyst MOST likely implementing?

56. An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases.

Which of the following attacks took place?

57. An administrator needs to protect user passwords and has been advised to hash the passwords.

Which of the following BEST describes what the administrator is being advised to do?

58. Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations.

Which of the following will the company MOST likely reference for guidance during this change?

59. A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website.

The malicious actor posted an entry in an attempt to trick users into cltckmg the following:

Which of the following was MOST likely observed?

60. An organization would like to give remote workers the ability to use applications hosted inside the corporate network Users will be allowed to use their personal computers or they will be provided organization assets Either way no data or applications will be installed locally on any user systems.

Which of the following mobile solutions would accomplish these goals?

61. An ofgantzation has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five-year cost of the insurance policy. The organization is enabling risk

62. Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

63. Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

64. Digital signatures use asymmetric encryption. This means the message is encrypted with:

65. Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities.

After further investigation, a security analyst notices the following

• All users share workstations throughout the day

• Endpoint protection was disabled on several workstations throughout the network.

• Travel times on logins from the affected users are impossible

• Sensitive data is being uploaded to external sites

• All use account passwords were forced lo be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?

66. Which of the following would BEST provide detective and corrective controls for thermal regulation?

67. A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows

• Critical fileshares will remain accessible during and after a natural disaster

• Frve percent of hard disks can fail at any given time without impacting the data.

• Systems will be forced to shut down gracefully when battery levels are below 20%.

Which of the following are required to BEST meet these objectives? (Select THREE)

68. Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

69. Which of the following components can be used to consolidate and forward inbound Internet traffic to multiple cloud environments though a single firewall?

70. A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution.

In order to reslnct PHI documents which of the following should be performed FIRST?

71. A forensic analyst needs to prove that data has not been tampered with since it was collected.

Which of the following methods will the analyst MOST likely use?

72. A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found.

Which of the following attacks was MOST likely used to cause the data toss?

73. The Chief Information Security Officer directed a nsk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.

Which of the following is the BEST security solution to reduce this risk?

74. After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext across the network to access network devices over port 23.

Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configuring network devices?

75. An organization wants to participate in threat intelligence information sharing with peer groups.

Which of the following would MOST likely meet the organizations requirement?

76. During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server Following an investigation, the

company realizes it is still vulnerable because outbound traffic is not restricted and the adversary is able to maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?

77. An organization maintains several environments in which patches are developed and tested before deployed to an operation status.

Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

78. Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

79. A junior security analyst iss conducting an analysis after passwords were changed on multiple accounts without users' interaction.

The SIEM have multiple login entries with the following text:

Which of the following is the MOST likely attack conducted on the environment?

80. An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets. The park's owner values customers above all and would prefer customers' convenience over security

For this reason which of the following features should the security team prioritize FIRST?

81. A tax organization is working on a solution to validate the online submission of documents. The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely.

Which of the following is the BEST certificate for these requirements?

82. A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation which improves conditions, but performance degrades again after a few days.

The administrator runs an anarysis tool and sees the following output:

The administrator terminates the timeAttend.exe observes system performance over the next few days, and notices that the system performance does not degrade.

Which of the following issues is MOST likely occurring?

83. Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a Security analyst for further review.

The security analyst reviews the following metrics:

Which of the following is MOST likely the result of the security analyst's review?

84. A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing Employees who travel need their accounts protected without the nsk of blocking legitimate login requests that may be made over new sign-in properties.

Which of the following security controls can be implemented?

85. A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen: Please use a combination of numbers, special characters, and letters in the password field.

Which of the following concepts does this message describe?

86. CORRECT TEXT

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

INSTRUCTIONS

Click on each firewall to do the following:

✑ Deny cleartext web traffic.

✑ Ensure secure management protocols are used. Please Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

87. A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs.

Which of the following would mitigate the manager's concerns?

88. A security analyst is designing the apocopate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget.

Which of the following would BEST meet the requirements?

89. Which of the following statements BEST describes zero-day exploits'?

90. A company labeled some documents with the public sensitivity classification.

This means the documents can be accessed by:

91. An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps.

Which of the following control types has the organization implemented?

92. A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL. https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com.

Which of the following describes this attack?

93. During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings.

Which of the following should be the client's NEXT step to mitigate the issue''

94. A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices.

Which of the following can be implemented?

95. DRAG DROP

An attack has occurred against a company.

INSTRUCTIONS

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker’s tablet and reviewing the output. (Answer Area 1).

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.

(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

96. An organization has hired a ted team to simulate attacks on its security posture.

Which of the following will the blue team do after detecting an loC?

97. A security analyst receives an alert from trie company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192 168.3426.

Which of the following describes this type of alert?