Dependable SY0-601 Exam Dumps to Become CompTIA Certified [Q526-Q541]

Dependable SY0-601 Exam Dumps to Become CompTIA Certified

Get Ready with SY0-601 Exam Dumps (2024)

NEW QUESTION # 526
Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts.
Which of the following would mitigate the issue?

• A. Complexity requirements
• B. Shared accounts
• C. Acceptable use policy
• D. Password history

Answer: D

NEW QUESTION # 527
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS -
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

NEW QUESTION # 528
A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

• A. ARP poisoning
• B. Denial of service
• C. Command injection
• D. MAC flooding

Answer: B

NEW QUESTION # 529
A store receives reports that shoppers' credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.
The attackers are using the targeted shoppers' credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

• A. Identity theft
• B. RFID cloning
• C. Shoulder surfing
• D. Card skimming

Answer: D

Explanation:
The attackers are using card skimming to steal shoppers' credit card information, which they use to make online purchases. References:
* CompTIA Security+ Study Guide Exam SY0-601, Chapter 5

NEW QUESTION # 530
During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet.
Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

• A. Block unneeded TCP 445 connections
• B. Install AV on the affected server
• C. Check for any recent SMB CVEs
• D. Deploy a NIDS in the affected subnet

Answer: A

Explanation:
Blocking unneeded TCP 445 connections should be performed FIRST as it would prevent the SMB vulnerability from being used.

NEW QUESTION # 531
A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

• A. Block SMTP access from the Internet
• B. Block HTTPS access from the Internet
• C. Block SSH access from the Internet.
• D. Allow DNS access from the internet.

Answer: C

NEW QUESTION # 532
An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)

• A. POP, IMAP
• B. TFTP FTP
• C. Telnet SSH
• D. SFTP FTPS
• E. TLS, SSL
• F. Login, rlogin
• G. SNMPv2 SNMPv3
• H. HTTP, HTTPS
• I. SNMPv1, SNMPv2

Answer: C,G,H

NEW QUESTION # 533
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

• A. A firewall
• B. A USB data blocker
• C. A device pin
• D. Biometrics

Answer: B

NEW QUESTION # 534
A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:
IPv4 Address ............ 10.0.0.87
Subnet Mask ............. 255.255.255.0
Default Gateway ......... 10.0.0.1
Internet Address Physical Address
10.10.255.255 ff-ff-ff-ff-ff-ff
10.0.0.1 aa-aa-aa-aa-aa-aa
10.0.0.254 aa-aa-aa-aa-aa-aa
244.0.0.2 01-00-5e-00-00-02
Based on the IoCs, which of the following was the most likely attack used to compromise the network communication?

• A. ARP poisoning
• B. Command injection
• C. Denial of service
• D. MAC flooding

Answer: A

Explanation:
ARP poisoning is a type of attack that modifies the ARP cache on a network device. The ARP cache is a table that stores the IP addresses and MAC addresses of other devices on the network. When a device needs to send a packet to another device, it looks up the MAC address of the destination device in its ARP cache. If the MAC address is not in the cache, the device sends an ARP request to the destination device. The destination device responds to the ARP request with its MAC address.
In ARP poisoning, the attacker sends spoofed ARP messages to the victim device. The spoofed ARP messages contain the attacker's MAC address as the source MAC address and the victim's IP address as the destination IP address. When the victim device receives the spoofed ARP messages, it updates its ARP cache to associate the attacker's MAC address with the victim's IP address.
Now, when the victim device needs to send a packet to another device, it will use the attacker's MAC address as the destination MAC address. The attacker can then intercept the packet and read or modify its contents.
In the given scenario, the network analyst found that the ARP cache on the internal host was poisoned. The attacker's MAC address was associated with the victim's IP address. This means that the attacker was able to intercept network traffic from the victim device.

NEW QUESTION # 535
A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

NEW QUESTION # 536
An organization is developing an authentication service for use at the entry and exit ports of country borders.
The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

• A. Vein
• B. Fingerprint
• C. Retina
• D. Facial
• E. Voice
• F. Gait

Answer: D,F

NEW QUESTION # 537
A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report.
Which of the following describes the administrator's activities?

• A. Continuous monitoring
• B. Continuous deployment
• C. Continuous validation
• D. Continuous integration

Answer: C

Explanation:
Continuous validation is a process that involves performing regular and automated tests to verify the security and functionality of a system or an application. Continuous validation can help identify and remediate vulnerabilities, bugs, or misconfigurations before they cause any damage or disruption. The security administrator's activities of performing weekly vulnerability scans on all cloud assets and providing a detailed report are examples of continuous validation.

NEW QUESTION # 538
As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

• A. HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00
• B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022
• C. HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
• D. HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

Answer: C

Explanation:
Explanation
PKI certificates are digital certificates that use public key infrastructure (PKI) to verify the identity and authenticity of a sender and a receiver of data . PKI certificates can be used to secure web applications with HTTPS, which is a protocol that encrypts and protects the data transmitted over the internet1.
One of the properties of PKI certificates is the domain name, which is the name of the website or web application that the certificate is issued for . The domain name can be either a specific name, such as app1.comptia.org, or a wildcard name, such as *.comptia.org2. A wildcard name means that the certificate can be used with multiple subdomains of a domain, such as payment.comptia.org or contact.comptia.org2.
Another property of PKI certificates is the validity period, which is the time span during which the certificate is valid and can be used3. The validity period is determined by the certificate authority (CA) that issues the certificate, and it usually ranges from one to three years3. The validity period can be checked by looking at the valid from and valid to dates on the certificate3.
Based on these properties, the certificate that will meet the requirements of rotating annually and only containing wildcards at the secondary subdomain level is A. HTTPS://*.comptia.org, Valid from April 10
00:00:00 2021 - April 8 12:00:00 2022. This certificate has a wildcard character (*) at the secondary subdomain level, which means it can be used with any subdomain of comptia.org2. It also has a validity period of one year, which means it needs to be rotated annually3.

NEW QUESTION # 539
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance's vulnerable state?

• A. The device uses weak encryption ciphers.
• B. The appliance requires administrative credentials for the assessment.
• C. The system was configured with weak default security settings.
• D. The vendor has not supplied a patch for the appliance.

Answer: D

NEW QUESTION # 540
A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.
The task list shows the following results

Which of the following is MOST likely the issue?

• A. Spyware
• B. Keylogger
• C. RAT
• D. PUP

Answer: A

Explanation:
Spyware is malicious software that can cause a computer to slow down or freeze. It can also cause the mouse pointer to disappear. The task list shows an application named "spyware.exe" running, indicating that spyware is likely the issue. References:
* CompTIA Security+ Certification Exam Objectives 6.0: Given a scenario, analyze indicators of compromise and determine the type of malware.
* CompTIA Security+ Study Guide, Sixth Edition, pages 125-126

NEW QUESTION # 541
......

Download Exam SY0-601 Practice Test Questions with 100% Verified Answers: https://www.actualtests4sure.com/SY0-601-test-questions.html

Realistic SY0-601 Dumps are Available for Instant Access: https://drive.google.com/open?id=1rzd0P5JomVPdozZYlSL4foA1sK38dsg0