検証済みのSY0-601テスト問題集と解答で正確な1061問
CompTIA SY0-601テストエンジンPDFで全問無料問題集
質問 # 94
A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?
- A. WAF
- B. NIDS
- C. ACLs
- D. HIPS
正解:B
質問 # 95
A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?
- A. EDR
- B. FDE
- C. NIDS
- D. DLP
正解:A
質問 # 96
A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has Just informed investigators that other log files are available for review.
Which of the following did the administrator MOST likely configure that will assist the investigators?
- A. The log retention policy
- B. The application logs
- C. Memory dumps
- D. The syslog server
正解:D
質問 # 97
A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious.
The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?
- A. Disable email alerting and review the SIEM directly.
- B. Adjust the data flow from authentication sources to the SIEM.
- C. Adjust the sensitivity levels of the SIEM correlation engine.
- D. Utilize behavioral analysis to enable the SIEM's learning mode.
正解:D
質問 # 98
A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months.
The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter.
Which of the following solutions would BEST support the organization's strategy?
- A. FIM
- B. EDR
- C. DLP
- D. UTM
正解:D
質問 # 99
A scurity analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:
* Ensure mobile devices can be tracked and wiped.
* Confirm mobile devices are encrypted.
Which of the following should the analyst enable on all the devices to meet these requirements?
- A. A Geofencing
- B. Geotagging
- C. Geolocation
- D. Biometric authentication
正解:A
質問 # 100
An organization has various applications that contain sensitive data hosted in the cloud. The company's leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the concern?
- A. CASB
- B. SWG
- C. UTM
- D. ISFW
正解:A
解説:
Once the full extent of cloud usage is revealed, the CASB then determines the risk level associated with each by determining what the application is, what sort of data is within the app, and how it is being shared. https://www.mcafee.com/enterprise/en-au/security-awareness/cloud/what-is-a-casb.html
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.[1] A CASB can offer a variety of services such as monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware. https://en.wikipedia.org/wiki/Cloud_access_security_broker
質問 # 101
On which of the following is the live acquisition of data for forensic analysis MOST dependent?
(Choose two.)
- A. Data accessibility
- B. Value and volatility of data
- C. Right-to-audit clauses
- D. Data retention legislation
- E. Cryptographic or hash algorithm
- F. Legal hold
正解:B、C
質問 # 102
A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following test describe the controls the team implemented? (Select two).
- A. Physical
- B. Managerial
- C. Compensating
- D. Technical
- E. Detective
- F. Corrective
- G. Deterrent
正解:C、D
質問 # 103
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?
- A. Hybrid
- B. Private
- C. Public
- D. Community
正解:A
解説:
Hybrid cloud since internal network and cloud computing is combined.
Private cloud = A cloud infrastructure setup and intended specifically for one client/customer.
Community Cloud = A cloud infrastructure shared by organizations within the same industry.
"Communitizes" the costs of cloud computing to reduce the cost burden per entity. Such as banking organizations going in together on a community cloud platform designed specifically for the banking industries cloud computing needs.
Hybrid = A mixed model where computing, storage, and applications are both on-premise and in the cloud, as well as utilizing more than one cloud service. Most organizations are a hybrid cloud.
Public = Any cloud service offered to the general public. Ranging from Google Drive, Microsoft Azure, Amazon Web Services, and Microsoft OneNote.
質問 # 104
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
- A. Lessons learned
- B. Containment
- C. Detection
- D. Analysis
正解:D
質問 # 105
An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload. Which of the following attacks did the analyst observe?
- A. Injection
- B. Request forgeries
- C. Replay attack
- D. Privilege escalation
正解:B
解説:
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.[2] There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.[3] In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.
質問 # 106
Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?
- A. ssh
- B. ping
- C. nmap
- D. tracert
正解:C
解説:
Explanation
Tracert is a command-line tool that shows the route that packets take to reach a destination on a network1. It also displays the time it takes for each hop along the way . By using tracert, you can see if there is a router or firewall that is blocking or slowing down the traffic between the internal workstation and the specific server1.
質問 # 107
A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources. Which of the following should the security team do? (Refer the answer from CompTIA SY0-601 Security+ documents or guide at comptia.org)
- A. Implement domain hijacking.
- B. Create heat maps.
- C. Check for channel overlaps.
- D. Identify rogue access points.
正解:D
解説:
Explanation
Based on CompTIA SY0-601 Security+ guide, the answer to the question is A. Identify rogue access points.
To secure the wireless perimeter of its physical facilities, the corporate security team should focus on identifying rogue access points, which are unauthorized access points that have been set up by employees or outsiders to bypass security controls. By identifying and removing these rogue access points, the team can ensure that only authorized users can access corporate resources through the wireless network.
https://www.comptia.org/training/books/security-sy0-601-study-guide
質問 # 108
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:
Which of the following is the router experiencing?
- A. DDoS attack
- B. Buffer overflow
- C. Resource exhaustion
- D. Memory leak
正解:C
質問 # 109
Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?
- A. Chain of custody
- B. Artifacts
- C. Event log
- D. Legal hold
正解:A
質問 # 110
A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?
- A. UEFI
- B. CASB
- C. DLP
- D. HIDS
- E. EDR
正解:C
解説:
Chmod removes the setuido permission, that is, it removes the S bit. Setuido is the specific permission, but it is removed with Chmod. https://www.cbtnuggets.com/blog/technology/system-admin/linux-file-permissions-understanding-setuid-setgid-and-the-sticky-bit
質問 # 111
A security analyst is using OSINT to gather information to verify whether company data is available publicly.
Which of the following is the BEST application for the analyst to use?
- A. Nessus
- B. Nmap
- C. theHarvester
B Cuckoo
正解:C
解説:
Explanation
TheHarvester is a reconnaissance tool that is used to gather information about a target organization, such as email addresses, subdomains, and IP addresses. It can also be used to gather information about a target individual, such as email addresses, phone numbers, and social media profiles. TheHarvester is specifically designed for OSINT (Open-Source Intelligence) and it can be used to discover publicly available information about a target organization or individual.
質問 # 112
A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?
- A. SaaS
- B. laC
- C. Containers
- D. MSSP
正解:B
解説:
Infrastructure as Code
Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
質問 # 113
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:
Which of the following network attacks is the researcher MOST likely experiencing?
- A. ARP poisoning
- B. MAC cloning
- C. Evil twin
- D. Man-in-the-middle
正解:D
質問 # 114
An attacker replaces a digitally signed document with another version that foes unnoticed. Upon reviewing the document's contents, the author notices some additional verbaige that was not originally in the document but can't validate an integrity issue. Which of the following attacks was used?
- A. Prepending
- B. Collision
- C. Cryptomalware
- D. Phising
正解:B
質問 # 115
A company has limited storage available and online presence that cannot for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space?
- A. Implement nightly full backups every Sunday at 8:00 p.m
- B. Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00
- C. Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m
- D. Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations.
正解:C
質問 # 116
An organization is building a new headquarters and has placed fake cameras around the building in an attempt to discourage potential intruders. Which of the following kinds of controls describes this security method?
- A. Directive
- B. Deterrent
- C. Detective
- D. Corrective
正解:B
解説:
A deterrent control is a type of security control that is designed to discourage potential intruders from attempting to access or harm a system or network. A deterrent control relies on the perception or fear of negative consequences rather than the actual enforcement of those consequences. A deterrent control can also be used to influence the behavior of authorized users by reminding them of their obligations and responsibilities. An example of a deterrent control is placing fake cameras around the building, as it can create the illusion of surveillance and deter potential intruders from trying to break in. Other examples of deterrent controls are warning signs, security guards, or audit trails. References:
* https://www.ibm.com/topics/security-controls
* https://www.f5.com/labs/learning-center/what-are-security-controls
質問 # 117
A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).
- A. NIPS
- B. NIDS
- C. HSM
- D. HIDS
- E. Stateless firewall
- F. NAC
- G. WAF
正解:A、G
質問 # 118
A security analyst discovers that a company username and password database was posted on an internet forum.
The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
- A. Create DLP controls that prevent documents from leaving the network
- B. Increase password complexity requirements
- C. Configure the web content filter to block access to the forum.
- D. Implement salting and hashing
正解:A
質問 # 119
......
100%合格率保証付きの素晴らしいSY0-601試験問題PDF:https://www.jpntest.com/shiken/SY0-601-mondaishu
手に入れよう!最新SY0-601認定有効な試験問題集解答:https://drive.google.com/open?id=14M879wAu8JeSYxeXo4ZYXzAc3gt8tt0t