Massive Halloween Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

SY0-601 Questions and Answers

Question # 4

A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

A.

Monitoring large data transfer transactions in the firewall logs

B.

Developing mandatory training to educate employees about the removable media policy

C.

Implementing a group policy to block user access to system files

D.

Blocking removable-media devices and write capabilities using a host-based security tool

Full Access
Question # 5

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.)

A.

Alarms

B.

Signage

C.

Lighting

D.

Mantraps

E.

Fencing

F.

Sensors

Full Access
Question # 6

Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff. Which of the following would MOST likely help mitigate this issue?

A.

DNSSEC and DMARC

B.

DNS query logging

C.

Exact mail exchanger records in the DNS

D.

The addition of DNS conditional forwarders

Full Access
Question # 7

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better.

A.

validate the vulnerability exists in the organization's network through penetration testing

B.

research the appropriate mitigation techniques in a vulnerability database

C.

find the software patches that are required to mitigate a vulnerability

D.

prioritize remediation of vulnerabilities based on the possible impact.

Full Access
Question # 8

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a:

A.

business continuity plan

B.

communications plan.

C.

disaster recovery plan.

D.

continuity of operations plan

Full Access
Question # 9

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:

  • www.company.com (main website)
  • contactus.company.com (for locating a nearby location)
  • quotes.company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed

Full Access
Question # 10

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

A.

A firewall

B.

A device pin

C.

A USB data blocker

D.

Biometrics

Full Access
Question # 11

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

A.

Investigation

B.

Containment

C.

Recovery

D.

Lessons learned

Full Access
Question # 12

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A.

The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B.

The document is a backup file if the system needs to be recovered.

C.

The document is a standard file that the OS needs to verify the login credentials.

D.

The document is a keylogger that stores all keystrokes should the account be compromised.

Full Access
Question # 13

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

  • Check-in/checkout of credentials
  • The ability to use but not know the password
  • Automated password changes
  • Logging of access to credentials

Which of the following solutions would meet the requirements?

A.

OAuth 2.0

B.

Secure Enclave

C.

A privileged access management system

D.

An OpenID Connect authentication system

Full Access
Question # 14

An organization’s help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue

persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

A.

DNS cache poisoning

B.

Domain hijacking

C.

Distributed denial-of-service

D.

DNS tunneling

Full Access
Question # 15

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A.

DLP

B.

HIDS

C.

EDR

D.

NIPS

Full Access
Question # 16

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

A.

Predictability

B.

Key stretching

C.

Salting

D.

Hashing

Full Access
Question # 17

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

A.

An air gap

B.

A Faraday cage

C.

A shielded cable

D.

A demilitarized zone

Full Access
Question # 18

While checking logs, a security engineer notices a number of end users suddenly downloading files with the

.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

A.

A RAT was installed and is transferring additional exploit tools.

B.

The workstations are beaconing to a command-and-control server.

C.

A logic bomb was executed and is responsible for the data transfers.

D.

A fireless virus is spreading in the local network environment.

Full Access
Question # 19

A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?

A.

S/MIME

B.

DLP

C.

IMAP

D.

HIDS

Full Access
Question # 20

Which of the following BEST explains the difference between a data owner and a data custodian?

A.

The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

B.

The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

C.

The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data

D.

The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data

Full Access
Question # 21

A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should the administrator configure?

A.

A captive portal

B.

PSK

C.

802.1X

D.

WPS

Full Access
Question # 22

A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?

A.

AH

B.

ESP

C.

SRTP

D.

LDAP

Full Access
Question # 23

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

A.

A spear-phishing attack

B.

A watering-hole attack

C.

Typo squatting

D.

A phishing attack

Full Access
Question # 24

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

A.

The data protection officer

B.

The data processor

C.

The data owner

D.

The data controller

Full Access
Question # 25

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A.

Recovery

B.

Identification

C.

Lessons learned

D.

Preparation

Full Access
Question # 26

Which of the following control sets should a well-written BCP include? (Select THREE)

A.

Preventive

B.

Detective

C.

Deterrent

D.

Corrective

E.

Compensating

F.

Physical

G.

Recovery

Full Access
Question # 27

A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

A.

Secure cookies

B.

Input validation

C.

Code signing

D.

Stored procedures

Full Access
Question # 28

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?

A.

Dictionary

B.

Credential-stuffing

C.

Password-spraying

D.

Brute-force

Full Access
Question # 29

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message Which of the following actions MOST likely supports an investigation for fraudulent submission?

A.

Establish chain of custody

B.

Inspect the file metadata

C.

Reference the data retention policy

D.

Review the email event logs

Full Access
Question # 30

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

A.

Document the collection and require a sign-off when possession changes.

B.

Lock the device in a safe or other secure location to prevent theft or alteration.

C.

Place the device in a Faraday cage to prevent corruption of the data.

D.

Record the collection in a blockchain-protected public ledger.

Full Access
Question # 31

The website http://companywebsite.com requires users to provide personal Information, Including security question responses, for registration. Which of the following would MOST likely cause a data breach?

A.

Lack of input validation

B.

Open permissions

C.

Unsecure protocol

D.

Missing patches

Full Access
Question # 32

A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

A.

# iptables -t mangle -X

B.

# iptables -F

C.

# iptables -Z

D.

# iptables -P INPUT -j DROP

Full Access
Question # 33

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

A.

Use password hashing.

B.

Enforce password complexity.

C.

Implement password salting.

D.

Disable password reuse.

Full Access
Question # 34

A user recently attended an exposition and received some digital promotional materials The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open Which of the following is MOST likely the cause of the reported issue?

A.

There was a drive-by download of malware

B.

The user installed a cryptominer

C.

The OS was corrupted

D.

There was malicious code on the USB drive

Full Access
Question # 35

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

A.

An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.

B.

An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.

C.

Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox

D.

Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

Full Access
Question # 36

A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Select TWO)

A.

DNSSEC

B.

Reverse proxy

C.

VPN concentrator

D.

PKI

E.

Active Directory

F.

RADIUS

Full Access
Question # 37

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

A.

An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

B.

An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

Full Access
Question # 38

A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed on the recent so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

A.

WPA-EAP

B.

WEP-TKIP

C.

WPA-PSK

D.

WPS-PIN

Full Access
Question # 39

The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern?

A.

install a smart meter on the staff WiFi.

B.

Place the environmental systems in the same DHCP scope as the staff WiFi.

C.

Implement Zigbee on the staff WiFi access points.

D.

Segment the staff WiFi network from the environmental systems network.

Full Access
Question # 40

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

• The devices will be used internationally by staff who travel extensively.

• Occasional personal use is acceptable due to the travel requirements.

• Users must be able to install and configure sanctioned programs and productivity suites.

• The devices must be encrypted

• The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benefit to the security posture of the devices?

A.

Configuring an always-on VPN

B.

Implementing application whitelisting

C.

Requiring web traffic to pass through the on-premises content filter

D.

Setting the antivirus DAT update schedule to weekly

Full Access
Question # 41

A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

A.

Automated information sharing

B.

Open-source intelligence

C.

The dark web

D.

Vulnerability databases

Full Access
Question # 42

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

A.

Check the SIEM for failed logins to the LDAP directory.

B.

Enable MAC filtering on the switches that support the wireless network.

C.

Run a vulnerability scan on all the devices in the wireless network

D.

Deploy multifactor authentication for access to the wireless network

E.

Scan the wireless network for rogue access points.

F.

Deploy a honeypot on the network

Full Access
Question # 43

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Select TWO).

A.

Offboarding

B.

Mandatory vacation

C.

Job rotation

D.

Background checks

E.

Separation of duties

F.

Acceptable use

Full Access
Question # 44

Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

A.

Testing security systems and processes regularly

B.

Installing and maintaining a web proxy to protect cardholder data

C.

Assigning a unique ID to each person with computer access

D.

Encrypting transmission of cardholder data across private networks

E.

Benchmarking security awareness training for contractors

F.

Using vendor-supplied default passwords for system passwords

Full Access
Question # 45

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

A.

Production

B.

Test

C.

Staging

D.

Development

Full Access
Question # 46

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

A.

Password history

B.

Account expiration

C.

Password complexity

D.

Account lockout

Full Access
Question # 47

Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

A.

Joe used Who is to produce this output.

B.

Joe used cURL to produce this output.

C.

Joe used Wireshark to produce this output

D.

The organization has adequate information available in public registration.

E.

The organization has too much information available in public registration.

F.

The organization has too little information available in public registration

Full Access
Question # 48

Which of the following should a data owner require all personnel to sign to legally protect intellectual property?

A.

An NDA

B.

An AUP

C.

An ISA

D.

An MOU

Full Access
Question # 49

A web server administrator has redundant servers and needs to ensure failover to the secondary server when the primary server goes down. Which of the

following should the administrator implement to avoid disruption?

A.

NIC teaming

B.

High availability

C.

Dual power supply

D.

laaS

Full Access
Question # 50

A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

A.

MAC address filtering

B.

802.1X

C.

Captive portal

D.

WPS

Full Access
Question # 51

Which of the following types of attacks is specific to the individual it targets?

A.

Whaling

B.

Pharming

C.

Smishing

D.

Credential harvesting

Full Access
Question # 52

Which of the following represents a biometric FRR?

A.

Authorized users being denied access

B.

Users failing to enter the correct PIN

C.

The denied and authorized numbers being equal

D.

The number of unauthorized users being granted access

Full Access
Question # 53

An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain

high-quality video conferencing while minimizing latency when connected to the VPN?

A.

Using geographic diversity to have VPN terminators closer to end users

B.

Utilizing split tunneling so only traffic for corporate resources is encrypted

C.

Purchasing higher-bandwidth connections to meet the increased demand

D.

Configuring QoS properly on the VPN accelerators

Full Access
Question # 54

A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

A.

Allow DNS access from the internet.

B.

Block SMTP access from the Internet

C.

Block HTTPS access from the Internet

D.

Block SSH access from the Internet.

Full Access
Question # 55

The spread of misinformation surrounding the outbreak of a novel virus on election day ted to eligible voters choosing not to take the risk of going to the polls This is an example of:

A.

prepending.

B.

an influence campaign

C.

a watering-hole attack

D.

intimidation

E.

information elicitation

Full Access
Question # 56

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on

the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

meet these criteria?

A.

Implement NAC.

B.

Implement an SWG.

C.

Implement a URL filter.

D.

Implement an MDM.

Full Access
Question # 57

A security researching is tracking an adversary by noting its attack and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

A.

The Diamond Model of intrusion Analysis

B.

The Cyber Kill Chain\

C.

The MITRE CVE database

D.

The incident response process

Full Access
Question # 58

A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the

application?

A.

Repository transaction logs

B.

Common Vulnerabilities and Exposures

C.

Static code analysis

D.

Non-credentialed scans

Full Access
Question # 59

Which of the following is the correct order of volatility from MOST to LEAST volatile?

A.

Memory, temporary filesystems, routing tables, disk, network storage

B.

Cache, memory, temporary filesystems, disk, archival media

C.

Memory, disk, temporary filesystems, cache, archival media

D.

Cache, disk, temporary filesystems, network storage, archival media

Full Access
Question # 60

A forensics investigator is examining a number of unauthorized payments that were reported on the 00mpany’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Which of the following will the forensics investigator MOST likely determine has occurred?

A.

SQL injection

B.

Broken authentication

C.

XSS

D.

XSRF

Full Access
Question # 61

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

A.

Implementation of preventive controls

B.

Implementation of detective controls

C.

Implementation of deterrent controls

D.

Implementation of corrective controls

Full Access
Question # 62

Which of the following holds staff accountable while escorting unauthorized personnel?

A.

Locks

B.

Badges

C.

Cameras

D.

Visitor logs

Full Access
Question # 63

Which of the following is a difference between a DRP and a BCP?

A.

A BCP keeps operations running during a disaster while a DRP does not.

B.

A BCP prepares for any operational interruption while a DRP prepares for natural disasters

C.

A BCP is a technical response to disasters while a DRP is operational.

D.

A BCP Is formally written and approved while a DRP is not.

Full Access
Question # 64

ON NO: 435

A security analyst is Investigating a malware incident at a company. The malware Is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in /logfiles/messages.

Which of the following commands would be BEST for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 65

An organization is building backup sever moms in geographically diverse locations. The Chief information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing sewer room, Which of the following should the systems engineer consider’?

A.

Purchasing hardware from different vendors

B.

Migrating workloads to public cloud infrastructure

C.

Implementing a robust patch management solution

D.

Designing new detective security controls

Full Access
Question # 66

An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)

A.

SFTP FTPS

B.

SNMPv2 SNMPv3

C.

HTTP, HTTPS

D.

TFTP FTP

E.

SNMPv1, SNMPv2

F.

Telnet SSH

G.

TLS, SSL

Full Access
Question # 67

During an investigation, a security manager receives notification from local authorities mat company proprietary data was found on a former employees home computer, The former employee’s corporate workstation has since been repurposed, and the data on the hard drive has been overwritten Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

A.

Properly configured hosts with security logging

B.

Properly configured endpoint security tool with darting

C.

Properly configured SIEM with retention policies

D.

Properly configured USB blocker with encryption

Full Access
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 27 Oct 2021