Last Updated on July 10, 2021 by InfraExam
SY0-601 : CompTIA Security+ 2021 : Part 07
A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
- Open the document on an air-gapped network.
- View the document’s metadata for origin clues.
- Search for matching file hashes on malware websites.
- Detonate the document in an analysis sandbox.
A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?
Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?
- Red team
- White team
- Blue team
- Purple team
A security analyst discovers that a company’s username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
- Create DLP controls that prevent documents from leaving the network.
- Implement salting and hashing.
- Configure the web content filter to block access to the forum.
- Increase password complexity requirements.
Which of the following are requirements that must be configured for PCI DSS compliance? (Choose two.)
- Testing security systems and processes regularly
- Installing and maintaining a web proxy to protect cardholder data
- Assigning a unique ID to each person with computer access
- Encrypting transmission of cardholder data across private networks
- Benchmarking security awareness training for contractors
- Using vendor-supplied default passwords for system passwords
A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?
- Vulnerability feeds
- Trusted automated exchange of indicator information
- Structured threat information expression
- Industry information-sharing and collaboration groups
A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?
- DNS sinkholing
- DLP rules on the terminal
- An IP blacklist
- Application whitelisting
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:
– The legitimate website’s IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
– The forged website’s IP address appears to be 10.2.12.99, based on NetFlow records.
– All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP.
– DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?
- A reverse proxy was used to redirect network traffic.
- An SSL strip MITM attack was performed.
- An attacker temporarily poisoned a name server.
- An ARP poisoning attack was successfully executed.
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?
A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?
- A BPDU guard
- IP filtering
- A WIDS
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
- validate the vulnerability exists in the organization’s network through penetration testing.
- research the appropriate mitigation techniques in a vulnerability database.
- find the software patches that are required to mitigate a vulnerability.
- prioritize remediation of vulnerabilities based on the possible impact.
A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
- Spear phishing
- Evil twin
- DNS poisoning
A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?
- Order of volatility
- A log analysis
- A right-to-audit clause
A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
- Firewall whitelisting
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?
- Data encryption
- Data masking
- Data deduplication
- Data minimization
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?
- Create different accounts for each region, each configured with push MFA notifications.
- Create one global administrator account and enforce Kerberos authentication.
- Create different accounts for each region, limit their logon times, and alert on risky logins.
- Create a guest account for each region, remember the last ten passwords, and block password reuse.
A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?
A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:
– The devices will be used internationally by staff who travel extensively.
– Occasional personal use is acceptable due to the travel requirements.
– Users must be able to install and configure sanctioned programs and productivity suites.
– The devices must be encrypted.
– The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?
- Configuring an always-on VPN
- Implementing application whitelisting
- Requiring web traffic to pass through the on-premises content filter
- Setting the antivirus DAT update schedule to weekly
An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?
- Access to the organization’s servers could be exposed to other cloud-provider clients.
- The cloud vendor is a new attack vector within the supply chain.
- Outsourcing the code development adds risk to the cloud provider.
- Vendor support will cease when the hosting platforms reach EOL.
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:
- business continuity plan.
- communications plan.
- disaster recovery plan.
- continuity of operations plan.