[Dec 23, 2021] New 2021 CompTIA SY0-601 Exam Dumps with PDF from ExamcollectionPass (Updated 455 Questions) [Q165-Q186]

Share

New 2021 SY0-601 exam questions Welcome to download the newest ExamcollectionPass SY0-601 PDF dumps (455  Q&As)

P.S. Free 2021 CompTIA Security+ SY0-601  dumps are available on Google Drive shared by ExamcollectionPass

NEW QUESTION 165
A security analyst is hardening a network infrastructure. The analyst is given the following requirements;
*Preserve the use of public IP addresses assigned to equipment on the core router.
*Enable "in transport 'encryption protection to the web server with the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Select TWO).

  • A. Configure VLANs on the core router
  • B. Configure NAT on the core router
  • C. Configure AES encryption on the web server
  • D. Enable 3DES encryption on the web server
  • E. Enable TLSv2 encryption on the web server
  • F. Configure BGP on the core router

Answer: A,D

 

NEW QUESTION 166
An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools Which of the following should the security team do to prevent this from Happening in the future?

  • A. Trigger a SIEM alert whenever the native OS tools are executed by the user
  • B. Implement HIPS to block Inbound and outbound SMB ports 139 and 445.
  • C. Disable the built-in OS utilities as long as they are not needed for functionality.
  • D. Configure the AV to quarantine the native OS tools whenever they are executed

Answer: C

 

NEW QUESTION 167
A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN? (Select TWO).

  • A. The user's laptop was quarantined because it missed the latest patch update.
  • B. The user's account was put on a legal hold.
  • C. Due to foreign travel, the user's laptop was isolated from the network.
  • D. The laptop is still configured to connect to an international mobile network operator.
  • E. The VPN client was blacklisted.
  • F. The user in unable to authenticate because they are outside of the organization's mobile geofencing configuration.

Answer: A,C

 

NEW QUESTION 168
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

  • A. EDR
  • B. NIPS
  • C. HIDS
  • D. DLP

Answer: A

 

NEW QUESTION 169
A user enters a password to log in to a workstation and is then prompted to enter an authentication code.
Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

  • A. Something you can do
  • B. Something you are
  • C. Something you know
  • D. Something you have
  • E. Someone you are
  • F. Somewhere you are

Answer: D

 

NEW QUESTION 170
A security analyst has received several reports of an issue on an internal web application. Users stale they are having to provide their credential twice lo log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several loos the analyst decades to run some commands on the gateway and obtains the following output Internet address

Which of the following BEST describes the attack the company is experiencing?

  • A. MAC flooding
  • B. ARP poisoning
  • C. DNS hijacking
  • D. URL redirection

Answer: B

 

NEW QUESTION 171
A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ''Special privileges assigned to new login.'' Several of these messages did not have a valid logon associated with the user before these privileges were assigned.
Which of the following attacks is MOST likely being detected?

  • A. Pass-the-hash
  • B. Buffer overflow
  • C. Cross-site scripting
  • D. Session replay

Answer: A

Explanation:
Explanation
https://www.beyondtrust.com/resources/glossary/pass-the-hash-pth-attack

 

NEW QUESTION 172
Which of the following holds staff accountable while escorting unauthorized personnel?

  • A. Visitor logs
  • B. Badges
  • C. Locks
  • D. Cameras

Answer: B

 

NEW QUESTION 173
Which of the following relets to applications and systems that are used within an organization without consent or approval?

  • A. Dark web
  • B. Insider threats
  • C. OSINT
  • D. Shadow IT

Answer: D

 

NEW QUESTION 174
To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?

  • A. laaS
  • B. SaaS
  • C. MaaS
  • D. PaaS

Answer: D

 

NEW QUESTION 175
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

  • A. GDPR
  • B. NIST
  • C. ISO 31000
  • D. PCI DSS

Answer: A

 

NEW QUESTION 176
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patch routine. Which of the following steps should also be taken to harden the smart switch?

  • A. Install a cable lock on the switch
  • B. Place the switch In a Faraday cage.
  • C. Change the default password for the switch.
  • D. Set up an air gap for the switch.

Answer: C

 

NEW QUESTION 177
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional dat a. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

  • A. Man-in-the-middle
  • B. Evil twin
  • C. MAC cloning
  • D. ARP poisoning

Answer: A

Explanation:
the message is basically saying the known_hosts that your client uses has a tuple that no longer matches this server, usually because the server is presenting a new key to the client, though it could be the same key on a new ip also. Which could be the result of a MITM attack. (key changed) https://serverfault.com/questions/193631/ssh-into-a-box-with-a-frequently-changed-ip (ip changed) https://stackabuse.com/how-to-fix-warning-remote-host-identification-has-changed-on-mac-and-linux/

 

NEW QUESTION 178
The IT department's on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

  • A. Prevent data exposure queries.
  • B. Limit the use of third-party libraries.
  • C. Submit the application to QA before releasing it.
  • D. Obfuscate the source code.

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 179
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

  • A. Threat hunting
  • B. A packet capture
  • C. A user behavior analysis
  • D. Credentialed vulnerability scanning

Answer: A

 

NEW QUESTION 180
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 181
A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

  • A. hping
  • B. openssl
  • C. tcpdump
  • D. netcat

Answer: B

 

NEW QUESTION 182
The lessons-learned analysis from a recent incident reveals that an administrative office worker received a call from someone claiming to be from technical support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program was actually a backdoor that an attacker could later use to remote control the worker's PC. Which of the following would be BEST to help prevent this type of attack in the future?

  • A. Segmentation
  • B. Application whitelisting
  • C. Quarantine
  • D. Data loss prevention

Answer: B

 

NEW QUESTION 183
The cost of 'movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer <CSO) has several concerns about proprietary data being exposed once the interconnections are established. Which of the following security features should the network administrator implement lo prevent unwanted data exposure to users in partner laboratories?

  • A. DLP running on hosts to prevent file transfers between networks
  • B. NAC that permits only data-transfer agents to move data between networks
  • C. VPN with full tunneling and NAS authenticating through the Active Directory
  • D. VLAN zoning with a file-transfer server in an external-facing zone

Answer: A

 

NEW QUESTION 184
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:
http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL:
http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?

  • A. Object deference
  • B. Cross-site request forgery
  • C. Pass-the-hash
  • D. Session replay

Answer: B

 

NEW QUESTION 185
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

Which of the following is the router experiencing?

  • A. Memory leak
  • B. DDoS attack
  • C. Buffer overflow
  • D. Resource exhaustion

Answer: D

 

NEW QUESTION 186
......

SY0-601 exam questions from ExamcollectionPass dumps: https://www.examcollectionpass.com/CompTIA/SY0-601-practice-exam-dumps.html (455  Q&As)

Free 2021 CompTIA Security+ SY0-601 dumps are available on Google Drive shared by ExamcollectionPass: https://drive.google.com/open?id=16rlx2VDec2GwV_sBLPQGrHhrIMV8B0qM