Last Updated on July 10, 2021 by InfraExam
SY0-601 : CompTIA Security+ 2021 : Part 06
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive’s accounts. Which of the following security practices would have addressed the issue?
- A non-disclosure agreement
- Least privilege
- An acceptable use policy
A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: “Special privileges assigned to new logon.” Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?
- Buffer overflow
- Cross-site scripting
- Session replay
A systems administrator needs to implement an access control scheme that will allow an object’s access policy to be determined by its owner. Which of the following access control schemes BEST fits the requirements?
- Role-based access control
- Discretionary access control
- Mandatory access control
- Attribute-based access control
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?
- Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
- Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
- Implement nightly full backups every Sunday at 8:00 p.m.
- Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.
An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization’s security and customer privacy. Which of the following would be BEST to address the CIO’s concerns?
- Disallow new hires from using mobile devices for six months.
- Select four devices for the sales department to use in a CYOD model.
- Implement BYOD for the sales department while leveraging the MDM.
- Deploy mobile devices using the COPE methodology.
A malicious actor recently penetrated a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?
A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:
- loss of proprietary information.
- damage to the company’s reputation.
- social engineering.
- credential exposure.
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:
- data controller.
- data owner.
- data custodian.
- data processor.
A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue?
- An external access point is engaging in an evil-twin attack.
- The signal on the WAP needs to be increased in that section of the building.
- The certificates have expired on the devices and need to be reinstalled.
- The users in that section of the building are on a VLAN that is being blocked by the firewall.
A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?
- RAID 0
- RAID 1
- RAID 5
- RAID 10
A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers. Which of the following would be MOST suitable for training the developers?
- A capture-the-flag competition
- A phishing simulation
- Physical security training
- Basic awareness training
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?
- Create an OCSP
- Generate a CSR.
- Create a CRL.
- Generate a .pfx file.
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?
- The data protection officer
- The data processor
- The data owner
- The data controller
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
- Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
- Restrict administrative privileges and patch all systems and applications.
- Rebuild all workstations and install new antivirus software.
- Implement application whitelisting and perform user application hardening.
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine their next course of action?
- An incident response plan
- A communications plan
- A disaster recovery plan
- A business continuity plan
Which of the following describes the ability of code to target a hypervisor from inside a guest OS?
- Fog computing
- VM escape
- Software-defined networking
- Image forgery
- Container breakout
After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?
- The public ledger
- The NetFlow data
- A checksum
- The event log
During an incident response, a security analyst observes the following log entry on the web server:
Which of the following BEST describes the type of attack the analyst is experiencing?
- SQL injection
- Cross-site scripting
- Directory traversal
Which of the following ISO standards is certified for privacy?
- ISO 9001
- ISO 27002
- ISO 27701
- ISO 31000