• Home
  • Articles
  • [Feb 14, 2022] Get New SY0-601 Practice Test Questions Answers [Q172-Q196]

[Feb 14, 2022] Get New SY0-601 Practice Test Questions Answers [Q172-Q196]

Share

[Feb 14, 2022] Get New SY0-601 Practice Test Questions Answers 

SY0-601 Dumps and Exam Test Engine

NEW QUESTION 172
A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective?

  • A. SAML
  • B. PAP
  • C. SSO
  • D. OAuth

Answer: D

 

NEW QUESTION 173
An organization has various applications that contain sensitive data hosted in the cloud. The company's leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the concern?

  • A. CASB
  • B. UTM
  • C. SWG
  • D. ISFW

Answer: A

Explanation:
Explanation
Once the full extent of cloud usage is revealed, the CASB then determines the risk level associated with each by determining what the application is, what sort of data is within the app, and how it is being shared.
https://www.mcafee.com/enterprise/en-au/security-awareness/cloud/what-is-a-casb.html A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.[1] A CASB can offer a variety of services such as monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware. https://en.wikipedia.org/wiki/Cloud_access_security_broker

 

NEW QUESTION 174
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

Which of the following network attacks is the researcher MOST likely experiencing?

  • A. MAC cloning
  • B. Man-in-the-middle
  • C. ARP poisoning
  • D. Evil twin

Answer: B

 

NEW QUESTION 175
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst's findings, which of the following attacks is being executed?

  • A. Credential harvesting
  • B. Keylogger
  • C. Brute-force
  • D. Spraying

Answer: D

 

NEW QUESTION 176
Given the following logs:

Which of the following BEST describes the type of attack that is occurring?

  • A. Password spraying
  • B. Rainbow table
  • C. Pass-the-hash
  • D. Dictionary

Answer: A

 

NEW QUESTION 177
A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:
Which of the following describes the method that was used to compromise the laptop?

  • A. An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook
  • B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file
  • C. An attacker was able to phish user credentials successfully from an Outlook user profile
  • D. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

Answer: D

 

NEW QUESTION 178
A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation.
An incident responder learns the following information:
* The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs.
* All purchase connections were encrypted, and the company uses an SSL inspection proxy for the
* inspection of encrypted traffic of the hardwired network.
* Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected.
Which of the following is the MOST likely root cause?

  • A. HTTPS sessions are being downgraded to insecure cipher suites
  • B. The payment providers are insecurely processing credit card charges
  • C. The adversary has not yet established a presence on the guest WiFi network
  • D. The SSL inspection proxy is feeding events to a compromised SIEM

Answer: B

 

NEW QUESTION 179
After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

  • A. Risk acceptance
  • B. Risk mitigation
  • C. Risk avoidance
  • D. Risk transference

Answer: D

 

NEW QUESTION 180
A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

  • A. An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook
  • B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file
  • C. An attacker was able to phish user credentials successfully from an Outlook user profile
  • D. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

Answer: D

 

NEW QUESTION 181
Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?

  • A. A BPA
  • B. An SLA
  • C. An ARO
  • D. An MOU

Answer: B

Explanation:
Explanation
Most SLA include a monetary penalty if the vendor is unable to meet the agreed-upon expectations

 

NEW QUESTION 182
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 183
A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?

  • A. Password-spraying
  • B. Brute-force
  • C. Rainbow table
  • D. Dictionary

Answer: A

 

NEW QUESTION 184
A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

  • A. DLP
  • B. CASB
  • C. SWG
  • D. SIEM

Answer: B

Explanation:
A cloud access security broker is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies

 

NEW QUESTION 185
A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?

  • A. SAE
  • B. WEP
  • C. WPS
  • D. MSCHAP

Answer: B

 

NEW QUESTION 186
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 187
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 188
A company uses wireless tor all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?

  • A. A BPDU guard
  • B. A WIDS
  • C. WPA-EAP
  • D. IP filtering

Answer: C

Explanation:
Explanation
"EAP is in wide use. For example, in IEEE 802.11 (WiFi) the WPA and WPA2 standards have adopted IEEE
802.1X (with various EAP types) as the canonical authentication mechanism."
https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
The Wi-Fi Alliance added EAP-FAST (along with EAP-TLS and EAP-TTLS) to its list of supported protocols for WPA/WPA2 in 2010. Source: https://jaimelightfoot.com/blog/comptia-security-wireless-security/ "EAP has been expanded into multiple versions." * "The Wi-Fi Alliance added PEAP to its list of supported protocols for WPA/WPA2/WPA3." * "The Wi-Fi Alliance added EAP-FAST to its list of supported protocols for WPA/WPA2/WPA3." * "The Wi-Fi Alliance added EAP-TTLS to its list of supported protocols for WPA/WPA2/WPA3." Excerpt From: Wm. Arthur Conklin. "CompTIA Security+ All-in-One Exam Guide (Exam SY0-601))."

 

NEW QUESTION 189
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following output:

Based on the analyst's findings, which of the following attacks is being executed?

  • A. Credential harvesting
  • B. Keylogger
  • C. Brute-force
  • D. Spraying

Answer: D

 

NEW QUESTION 190
Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

  • A. Pharming
  • B. Spam
  • C. Whaling
  • D. Invoice scam

Answer: A

 

NEW QUESTION 191
An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?

  • A. An external security assessment
  • B. A red-team engagement
  • C. A bug bounty program
  • D. A tabletop exercise

Answer: D

 

NEW QUESTION 192
A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

  • A. An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook
  • B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file
  • C. An attacker was able to phish user credentials successfully from an Outlook user profile
  • D. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

Answer: D

 

NEW QUESTION 193
Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

  • A. DaaS
  • B. SaaS
  • C. IaaS
  • D. PaaS

Answer: C

 

NEW QUESTION 194
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?

  • A. Bluejacking
  • B. Session replay
  • C. ARP poisoning
  • D. Evil twin

Answer: D

 

NEW QUESTION 195
A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

  • A. Implementation of corrective controls
  • B. Implementation of deterrent controls
  • C. Implementation of detective controls
  • D. Implementation of preventive controls

Answer: B

 

NEW QUESTION 196
......


Conclusion

Whether you are chasing for a promotion or looking to get a better paying job, passing SY0-601 exam and earning the CompTIA Security+ badge is the best move for your professional growth. This will help you become a certified security specialist and elevate your career to the next level.

 

2022 New DumpsTorrent SY0-601 PDF Recently Updated Questions: https://examsboost.dumpstorrent.com/SY0-601-exam-prep.html

Related Articles

more
CompTIA SY0-601 Certification Practice Exam

Copyright © 2026 DumpsTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy