Freecram - CompTIA.SY0-601.v2023-09-19.q212 Question 1/212 A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries: Which of the following password attacks is taking place? A. Dictionary B. Brute-force C. Rainbow table D. Spraying Question 2/212 Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze? A. Access control B. Syslog C. Session Initiation Protocol traffic logs D. Application logs Question 3/212 A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three). A. Install a SIEM device. B. Install an endpoint security solution. C. Deploy additional network sensors. D. Use the latest version of software. E. Install DLP software to prevent data loss. F. Implement a screened subnet for the web server. G. Implement MDM. H. Update the website certificate and revoke the existing ones. Question 4/212 As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops The review yielded the following results. The exception process and policy have been correctly followed by the majority of users A small number of users did not create tickets for the requests but were granted access All access had been approved by supervisors. Valid requests for the access sporadically occurred across multiple departments. Access, in most cases, had not been removed when it was no longer needed Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame? A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices Question 5/212 An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two). A. ISO B. PCI DSS C. SOC D. GDPR E. CSA F. NIST Question 6/212 An attacker is targeting a company. The attacker notices that the company's employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees' devices will also become infected. Which of the following techniques is the attacker using? A. Watering-hole attack B. Pretexting C. Typosquatting D. Impersonation Question 7/212 An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur? A. Jamming B. Bluesnarfing C. Evil twin D. Rogue access point Question 8/212 A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose? A. MAC filtering B. Anti-malware C. Translation gateway D. VPN Question 9/212 Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS) Hostname: ws01 Domain: comptia.org IPv4: 10.1.9.50 IPV4: 10.2.10.50 Root: home.aspx DNS CNAME:homesite. Instructions: Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column. 1. commonName - ws01.comptia.org 2. extendedKeyUsage - OSCP; URI:http://oscp.pki.comptia.org 3. policyIdentifier - serverAuth 4. SubjAltName - DNS Name=*compita.org Question 10/212 A security administrator examines the ARP table of an access switch and sees the following output: Which of the following is a potential threat that is occurring on this access switch? A. DDoSonFa02 port B. MAG flooding on Fa0/2 port C. ARP poisoning on Fa0/1 port D. DNS poisoning on port Fa0/1 Question 11/212 A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage Which of the following is most likely the cause? A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage. C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives. D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory. Question 12/212 An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO) A. MAC filtering B. Zero trust segmentation C. Network access control D. Access control vestibules E. Guards F. Bollards Question 13/212 A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and storage-efficient way that has no impact on production systems. Which of the following backup types should the operator use? A. Tape B. Full C. Image D. Snapshot Question 14/212 A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection? A. Kerberos B. SSL/TLS C. IPSec D. SSH Question 15/212 A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred? A. A spraying attack was used to determine which credentials to use B. A packet capture tool was used to steal the password C. A remote-access Trojan was used to install the malware D. A directory attack was used to log in as the server administrator Question 16/212 Which of the following best describes when an organization Utilizes a read-to-use application from a cloud provider? A. IaaS B. SaaS C. PaaS D. XaaS Question 17/212 Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff? A. Shadow IT B. Hacktivist C. Insider threat D. script kiddie