Freecram - CompTIA.SY0-601.v2023-09-19.q212
Question 1/212
A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews
the web server logs and finds the following entries:
Which of the following password attacks is taking place?
A. Dictionary
B. Brute-force
C. Rainbow table
D. Spraying
Question 2/212
Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team.
Which of the following would be MOST appropriate for the IT security team to analyze?
A. Access control
B. Syslog
C. Session Initiation Protocol traffic logs
D. Application logs
Question 3/212
A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations.
Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable
from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched.
Which of the following should be done to prevent an attack like this from happening again? (Select three).
A. Install a SIEM device.
B. Install an endpoint security solution.
C. Deploy additional network sensors.
D. Use the latest version of software.
E. Install DLP software to prevent data loss.
F. Implement a screened subnet for the web server.
G. Implement MDM.
H. Update the website certificate and revoke the existing ones.
Question 4/212
As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific
users the ability to use USB storage devices on their laptops The review yielded the following results.
The exception process and policy have been correctly followed by the majority of users
A small number of users did not create tickets for the requests but were granted access
All access had been approved by supervisors.
Valid requests for the access sporadically occurred across multiple departments.
Access, in most cases, had not been removed when it was no longer needed Which of the following should the company do to
ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?
A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval
B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request
C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team
D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage
devices
Question 5/212
An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal
controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer
map the existing controls' (Select two).
A. ISO
B. PCI DSS
C. SOC
D. GDPR
E. CSA
F. NIST
Question 6/212
An attacker is targeting a company. The attacker notices that the company's employees frequently access a particular website. The
attacker decides to infect the website with malware and hopes the employees' devices will also become infected. Which of the
following techniques is the attacker using?
A. Watering-hole attack
B. Pretexting
C. Typosquatting
D. Impersonation
Question 7/212
An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an
unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?
A. Jamming
B. Bluesnarfing
C. Evil twin
D. Rogue access point
Question 8/212
A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security
solutions should the administrator choose?
A. MAC filtering
B. Anti-malware
C. Translation gateway
D. VPN
Question 9/212
Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)
Hostname: ws01
Domain: comptia.org
IPv4: 10.1.9.50
IPV4: 10.2.10.50
Root: home.aspx
DNS CNAME:homesite.
Instructions:
Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong
in the corresponding row in the right hand column.
1. commonName - ws01.comptia.org
2. extendedKeyUsage - OSCP; URI:http://oscp.pki.comptia.org
3. policyIdentifier - serverAuth
4. SubjAltName - DNS Name=*compita.org
Question 10/212
A security administrator examines the ARP table of an access switch and sees the following output:
Which of the following is a potential threat that is occurring on this access switch?
A. DDoSonFa02 port
B. MAG flooding on Fa0/2 port
C. ARP poisoning on Fa0/1 port
D. DNS poisoning on port Fa0/1
Question 11/212
A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also
reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is
most likely the cause?
A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of
storage
B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's
allow list, temporarily restricting the drives to 512KB of storage.
C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to
repartition the drives.
D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials
from memory.
Question 12/212
An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which
of the following should be the first lines of defense against such an attack? (Select TWO)
A. MAC filtering
B. Zero trust segmentation
C. Network access control
D. Access control vestibules
E. Guards
F. Bollards
Question 13/212
A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and storage-efficient way that has no
impact on production systems. Which of the following backup types should the operator use?
A. Tape
B. Full
C. Image
D. Snapshot
Question 14/212
A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK
and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?
A. Kerberos
B. SSL/TLS
C. IPSec
D. SSH
Question 15/212
A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the
investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?
A. A spraying attack was used to determine which credentials to use
B. A packet capture tool was used to steal the password
C. A remote-access Trojan was used to install the malware
D. A directory attack was used to log in as the server administrator
Question 16/212
Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider?
A. IaaS
B. SaaS
C. PaaS
D. XaaS
Question 17/212
Which of the following describes business units that purchase and implement scripting software without approval from an
organization's technology Support staff?
A. Shadow IT
B. Hacktivist
C. Insider threat
D. script kiddie