最新のSY0-601合格保証付き試験問題集の認定サンプル問題 [Q494-Q519]

最新のSY0-601合格保証付き試験問題集の認定サンプル問題

最新SY0-601テスト材料には有効なSY0-601テストエンジン

質問 # 494
A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform?

A. Fuzzing
B. Manual code review
C. Dynamic code analysis
D. Code signing

正解：C

質問 # 495
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

A. Wireshark
B. Nmap
C. Netcat
D. cURL

正解：A

質問 # 496
A security analyst needs to be able to search and correlate logs from multiple sources in a single tool Which of the following would BEST allow a security analyst to have this ability?

A. Log collectors
B. SOAR
C. SIEM
D. Network-attached storage

正解：C

解説：
SIEM event correlation is an essential part of any SIEM solution. It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss.

質問 # 497
A global pandemic is forcing a private organization to close some business units and reduce staffing at others.
Which of the following would be best to help the organization's executives determine their next course of action?

A. A business continuity plan
B. A communication plan
C. A disaster recovery plan
D. An incident response plan

正解：A

解説：
A business continuity plan (BCP) is a document that outlines how an organization will continue its critical functions during and after a disruptive event, such as a natural disaster, pandemic, cyberattack, or power outage. A BCP typically covers topics such as business impact analysis, risk assessment, recovery strategies, roles and responsibilities, communication plan, testing and training, and maintenance and review. A BCP can help the organization's executives determine their next course of action by providing them with a clear framework and guidance for managing the crisis and resuming normal operations.
References: https://www.comptia.org/certifications/security#examdetails
https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives
https://www.ready.gov/business-continuity-plan

質問 # 498
A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

A. CASB
B. DLP
C. EDR
D. UEFI
E. HIDS

正解：B

解説：
Explanation
Chmod removes the setuido permission, that is, it removes the S bit. Setuido is the specific permission, but it is removed with Chmod.
https://www.cbtnuggets.com/blog/technology/system-admin/linux-file-permissions-understanding-setuid-setgid-

質問 # 499
A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that someone could use removable media to install a rootkit Mich of the should the security engineer configure to BEST protect the kiosk computer?

A. Boot attestation
B. Measured boot
C. EDR
D. UEFI

正解：A

解説：
Explanation
Boot attestation is a security feature that enables the computer to verify the integrity of its operating system before it boots. It does this by performing a hash of the operating system and comparing it to the expected hash of the operating system. If the hashes do not match, the computer will not boot and the rootkit will not be allowed to run. This process is also known as measured boot or secure boot.
According to the CompTIA Security+ Study Guide, "Secure Boot is a feature of Unified Extensible Firmware Interface (UEFI) that ensures that code that is executed during the boot process has been authenticated by a cryptographic signature. Secure Boot prevents malicious code from running at boot time, thus providing assurance that the system is executing only code that is legitimate. This provides a measure of protection against rootkits and other malicious code that is designed to run at boot time."

質問 # 500
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process.
Which of the following methods would BEST accomplish this goal?

A. Encrypting the credit card information in transit
B. Hashing the credit card numbers upon entry
C. Tokenizing the credit cards in the database
D. Salting the magnetic strip information

正解：B

質問 # 501
An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A. BPA
B. MOU
C. NDA
D. SLA

正解：D

解説：
The Service Level Agreement (SLA) is a contract between the cloud service provider and the organization that stipulates the exact requirements for the cloud provider. It outlines the level of service that the provider must deliver, including the minimum uptime percentage, support response times, and the remedies and penalties for failing to meet the agreed-upon service levels.

質問 # 502
A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The fiieshare is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?

A. VDI and thin clients
B. Private cloud and DLP
C. Full drive encryption and thick clients
D. Fog computing and KVMs

正解：A

解説：
Virtual Desktop Infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request. VDI can be used to provide the desktop experience.
The computing hardware for VDI can be split into thin clients and thick clients:
- Thin clients are simple computers that can be accessed through a remote connection to a central server which provides the client all of its resources. Thin clients do not have hard drives so data isn't stored locally, and applications would also need to be accessed through a server.
Thin clients would work for this scenario since data can't be stored in the conference rooms and thin clients cant store data anyway.
- Thick clients are fully functional networked computers that have their OS, local storage, and handles their own processing. Just think company-provided desktop computers or laptops. They can connect to a server if they want, but can work independently as well. Since files can be stored locally on a thick client, they wouldn't work with the requirements of the scenario.

質問 # 503
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

解説：

質問 # 504
A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

A. Watering-hole
B. Impersonation
C. Typosquatting
D. Reconnaissance

正解：C

解説：
Typosquatting is a type of cyberattack that involves registering domains with deliberately misspelled names of well-known websites. The attackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes. Visitors may end up at these alternative websites by inadvertently mistyping the name of popular websites into their web browser or by being lured by a phishing scam. The attackers may emulate the look and feel of the legitimate websites and trick users into entering sensitive information or downloading malware.

質問 # 505
An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1).
Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.
(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

正解：

解説：

Explanation
A computer screen shot of a computer Description automatically generated with low confidence

質問 # 506
Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection.
Which of the following should administrator implement to protect the environment from this malware?

A. Install a definition-based antivirus.
B. Implement a heuristic behavior-detection solution.
C. Implement CASB to protect the network shares.
D. Implement an IDS/IPS

正解：B

解説：
Heuristic analysis is also one of the few methods capable of combating polymorphic viruses -- the term for malicious code that constantly changes and adapts. Heuristic analysis is incorporated into advanced security solutions offered by companies like Kaspersky Labs to detect new threats before they cause harm, without the need for a specific signature.
https://usa.kaspersky.com/resource- center/definitions/heuristic-analysis

質問 # 507
A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select two).

A. A humidity monitor
B. Removable doors
C. An air gap
D. A cold aisle
E. A hot aisle
F. An loT thermostat

正解：D、E

解説：
A cold aisle and a hot aisle are design strategies for data centers that aim to improve the cooling efficiency and reduce the energy consumption. They involve lining up server racks in alternating rows with cold air intakes facing one side (the cold aisle) and hot air exhausts facing the other side (the hot aisle). This prevents the mixing of hot and cold air and creates a more uniform temperature distribution. The cold aisles receive cold air from the cooling units, while the hot aisles return hot air to the cooling units. This improves the performance and reliability of the IT equipment and lowers the cooling costs. Reference: Hot and Cold-Aisle Containment - Advantages & Disadvantages - AKCP; Hot Aisle Containment vs. Cold Aisle Containment: Which is Better for the Data Center? - Upsite; Aisle Containment Systems FAQ for Hot & Cold Aisle Solutions - Cool Shield; Hot and Cold Aisle Containment Differences - AKCP Monitoring; What is Hot Aisle/Cold Aisle? - Definition from Techopedia

質問 # 508
During an incident response, a security analyst observes the following log entry on the web server.

Which of the following BEST describes the type of attack the analyst is experience?

A. Cross-site scripting
B. Directory traversal
C. Pass-the-hash
D. SQL injection

正解：B

解説：
../../../ is the clue that it's directory.

質問 # 509
hich of the following ofien operaics in a clent-server architecture to act aa a sendoe repombory, providing entenprise consumers access to structured threal Intelligence data?

A. TARII
B. OSINT
C. CIRT
D. STIX

正解：C

質問 # 510
A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.
Which of the following best describes the program the company is setting up?

A. Bug bounty
B. Penetration testing
C. Open-source intelligence
D. Red team

正解：A

解説：
A program that allows individuals to security test the company's internet-facing application and compensates researchers based on the vulnerabilities discovered is best described as a bug bounty program. A bug bounty program is an incentive-based program that rewards ethical hackers for finding and reporting security flaws in software or systems6.

質問 # 511
A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO).

A. The order of volatility
B. The vendor's name
C. The date and time
D. A checksum
E. The location of the artifacts
F. A warning banner

正解：A、C

質問 # 512
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following BEST describes this attack?

A. On-path
B. Evil twin
C. Domain hijacking
D. DNS poisoning

正解：D

質問 # 513
A security analyst is reviewing the following output from a system:

Which of the following is MOST likely being observed?

A. DNS poisoning
B. ARP palsoning
C. Denial of service
D. Man in the middle

正解：C

質問 # 514
A bakery has a secret recipe that it wants to protect. Which of the following objectives should be added to the company's security awareness training?

A. Phishing awareness
B. Business continuity planning
C. Risk analysis
D. Insider threat detection

正解：D

質問 # 515
Several employees have noticed other bystanders can clearly observe a terminal where passcodes are being entered.
Which of the following can be eliminated with the use of a privacy screen?

A. Spear phishing
B. Card cloning
C. Shoulder surfing
D. Impersonation attack

正解：C

質問 # 516
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A. Compensating controls
B. Risk transfer
C. Segmentation
D. Exception

正解：A

質問 # 517
The security administrator has installed a new firewall which implements an implicit DENY policy by default.

A. INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

Hot Area:

Section: Network Security

正解：

解説：
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default.
Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.
Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22 Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

質問 # 518
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst's findings, which of the following attacks is being executed?