試験準備には欠かさない!SY0-601問題解答でSY0-601試験問題集
リアルCompTIA SY0-601試験問題 [更新されたのは2024年]
質問 # 273
Which of the following represents a biometric FRR?
- A. Users failing to enter the correct PIN
- B. The number of unauthorized users being granted access
- C. Authorized users being denied access
- D. The denied and authorized numbers being equal
正解:C
質問 # 274
A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:
<a href-"https://www.company.com/payto.do?routing=00001111&accc=22223334&amount-250">Click here to unsubscribe</a> Which of the following will the forensics investigator MOST likely determine has occurred?
- A. XSRF
- B. CSRF
- C. XSS
- D. SQL injection
正解:A
質問 # 275
Which Of the following will provide the best physical security countermeasures to Stop intruders? (Select two).
- A. Alarm
- B. Lighting
- C. Sensors
- D. Fencing
- E. Access control vestibules
- F. Signage
正解:B、D
解説:
Explanation
Lighting and fencing are physical security countermeasures that can deter or stop intruders from accessing a facility or an asset. Lighting can increase visibility and reduce hiding spots for intruders, while fencing can create a physical barrier and limit access points for intruders.
質問 # 276
A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel.
Which of the following attacks is being conducted?
- A. Evil twin
- B. DDoS
- C. DNS poisoning
- D. Bluesnarfing
- E. Jamming
正解:A
解説:
Explanation
The attack being conducted is an Evil twin attack. An Evil twin attack involves creating a rogue wireless access point (WAP) with the same Service Set Identifier (SSID) as a legitimate WAP to trick users into connecting to it. Once connected, the attacker can intercept traffic or steal login credentials. The successful login attempts with impossible travel times suggest that an attacker is using a stolen or compromised credential to access the external site to which the sensitive data is being downloaded. The non-standard DHCP configurations and overlapping channels of the WAPs suggest that the attacker is using a rogue WAP to intercept traffic. References: CompTIA Security+ Certification Exam Objectives, Exam Domain 1.0: Attacks, Threats, and Vulnerabilities, 1.4 Compare and contrast types of attacks, p. 8
質問 # 277
A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:
Which of the following BEST describes the attack the company is experiencing?
- A. MAC flooding
- B. URL redirection
- C. ARP poisoning
- D. DNS hijacking
正解:C
解説:
Explanation
The output of the "netstat -ano" command shows that there are two connections to the same IP address and port number. This indicates that there are two active sessions between the client and server.
The issue of users having to provide their credentials twice to log in is known as a double login prompt issue.
This issue can occur due to various reasons such as incorrect configuration of authentication settings, incorrect configuration of web server settings, or issues with the client's browser.
Based on the output of the "netstat -ano" command, it is difficult to determine the exact cause of the issue.
However, it is possible that an attacker is intercepting traffic between the client and server and stealing user credentials. This type of attack is known as C. ARP poisoning.
ARP poisoning is a type of attack where an attacker sends fake ARP messages to associate their MAC address with the IP address of another device on the network. This allows them to intercept traffic between the two devices and steal sensitive information such as user credentials.
質問 # 278
A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?
- A. Domain validation
- B. Self-signed
- C. Wildcard
- D. Subject alternative name
正解:C
解説:
Explanation
Wildcard SSL certificates are for a single domain and all its subdomains. A subdomain is under the umbrella of the main domain. Usually subdomains will have an address that begins with something other than 'www.' For example, www.cloudflare.com has a number of subdomains, including blog.cloudflare.com, support.cloudflare.com, and developers.cloudflare.com. Each is a subdomain under the main cloudflare.com domain.
Wildcard SSL Certificate
A single Wildcard SSL certificate can apply to all of these subdomains. Any subdomain will be listed in the SSL certificate. Users can see a list of subdomains covered by a particular certificate by clicking on the padlock in the URL bar of their browser, then clicking on "Certificate" (in Chrome) to view the certificate's details.
https://www.cloudflare.com/learning/ssl/types-of-ssl-certificates/
質問 # 279
A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?
- A. Dictionary
- B. Password-spraying
- C. Rainbow table
- D. Brute-force
正解:B
質問 # 280
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls Which of the following should be implemented to BEST address the CSO's concerns? {Select TWO)
- A. AWAF
- B. Segmentation
- C. Containerization
- D. Encryption
- E. An NG-SWG
- F. ACASB
正解:E
質問 # 281
A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string Which of the following would be BEST to use to accomplish the task? (Select TWO).
- A. rail
- B. openssi
- C. head
- D. grep
- E. Tcpdump
- F. dd
- G. curl
正解:C、D
解説:
A - "analyst needs to review the first transactions quickly"
C - "search the entire series of requests for a particular string"
質問 # 282
Some laptops recently went missing from a locked storage area that is protected by keyless RFID-enabled locks. There is no obvious damage to the physical space. The security manager identifies who unlocked the door, however, human resources confirms the employee was on vacation at the time of the incident. Which of the following describes what MOST likely occurred?
- A. The employee's physical access card was cloned.
- B. The employee is colluding with human resources
- C. The employee's biometrics were harvested
- D. A criminal used lock picking tools to open the door.
正解:A
質問 # 283
Which of the following terms describes a broad range of information that is sensitive to a specific organization?
- A. Open-source
- B. Top secret
- C. Public
- D. Proprietary
正解:B
質問 # 284
An organization is planning to open other datacenters to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?
- A. Fire suppression
- B. Facility automation
- C. Geographic dispersal
- D. Generator power
正解:B
質問 # 285
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
- A. The key length of the encryption algorithm
- B. The encryption algorithm's longevity
- C. A method of introducing entropy into key calculations
- D. The computational overhead of calculating the encryption key
正解:B
質問 # 286
A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted Which of the following is the researcher MOST likely using?
- A. The incident response process
- B. MITRE ATT&CK
- C. The Cyber Kill Chain
- D. The Diamond Model of Intrusion Analysis
正解:D
質問 # 287
A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone. Which of the following policies is preventing the user from completing this action?
- A. Containerization
- B. Application management
- C. Content management
- D. Full disk encryption
正解:C
解説:
Explanation
Content management is a policy that controls what types of data can be accessed, modified, shared, or transferred by users or applications. Content management can prevent data leakage or exfiltration by blocking or restricting certain actions, such as copying, printing, emailing, or sending data via SMS. If the user downloaded the images from a corporate email account on a work phone, the content management policy may prevent the user from sending the images via SMS to protect the confidentiality and integrity of the data.
References: 1 CompTIA Security+ Certification Exam Objectives, page 10, Domain 2.0: Architecture and Design, Objective 2.4: Explain the importance of embedded and specialized systems security 2 CompTIA Security+ Certification Exam Objectives, page 12, Domain 3.0: Implementation, Objective 3.1: Implement secure network architecture concepts https://www.comptia.org/blog/what-is-data-loss-prevention
質問 # 288
While checking logs, a security engineer notices a number of end users suddenly downloading files with the
.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?
- A. A RAT was installed and is transferring additional exploit tools.
- B. A fireless virus is spreading in the local network environment.
- C. A logic bomb was executed and is responsible for the data transfers.
- D. The workstations are beaconing to a command-and-control server.
正解:A
解説:
https://www.howtogeek.com/362203/what-is-a-tar.gz-file-and-how-do-i-open-it/
質問 # 289
Which of the following ISO standards is certified for privacy?
- A. ISO 9001
- B. ISO 31000
- C. ISO 27002
- D. ISO 27701
正解:D
解説:
ISO 27701 also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems.
https://pecb.com/whitepaper/the-future-of-privacy-with-isoiec-27701
質問 # 290
A security analyst has received several reports of an issue on an internal web application. Users stale they are having to provide their credential twice lo log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several loos the analyst decades to run some commands on the gateway and obtains the following output Internet address
Which of the following BEST describes the attack the company is experiencing?
- A. MAC flooding
- B. URL redirection
- C. ARP poisoning
- D. DNS hijacking
正解:C
質問 # 291
A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:
Which of the following steps would be best for the security engineer to take NEXT?
- A. Block HTTPS access from the Internet
- B. Block SMTP access from the Internet
- C. Allow DNS access from the internet.
- D. Block SSH access from the Internet.
正解:D
質問 # 292
A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?
- A. Spear phishing
- B. Whaling
- C. Vishing
- D. Phishing
正解:A
質問 # 293
During an incident response, a security analyst observes the following log entry on the web server.
Which of the following BEST describes the type of attack the analyst is experience?
- A. Pass-the-hash
- B. SQL injection
- C. Cross-site scripting
- D. Directory traversal
正解:C
質問 # 294
Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?
- A. Deterrent
- B. Recovery
- C. Detective
- D. Corrective
正解:D
解説:
Corrective controls are implemented after detective controls to rectify the problem and (ideally) prevent it from happening again.
質問 # 295
A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears.
The task list shows the following results
Which of the following is MOST likely the issue?
- A. Spyware
- B. RAT
- C. Keylogger
- D. PUP
正解:A
解説:
Explanation
Spyware is malicious software that can cause a computer to slow down or freeze. It can also cause the mouse pointer to disappear. The task list shows an application named "spyware.exe" running, indicating that spyware is likely the issue. References:
* CompTIA Security+ Certification Exam Objectives 6.0: Given a scenario, analyze indicators of compromise and determine the type of malware.
* CompTIA Security+ Study Guide, Sixth Edition, pages 125-126
質問 # 296
Field workers in an organization are issued mobile phones on a daily basis All the work is performed within one city and the mobile phones are not used for any purpose other than work The organization does not want these pnones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the pnones do not need to be reissued every day Qven the conditions described, which of the following technologies would BEST meet these requirements'
- A. Containenzation
- B. Remote wiping
- C. Mobile device management
- D. Geofencing
正解:A
質問 # 297
An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Select two.)
- A. VLAN
- B. Load balancing
- C. Dual power supply
- D. UPS
- E. Incremental backups
- F. RAID
正解:B、F
解説:
Load balancing and RAID are the best options to accomplish the objective of improving both server-data fault tolerance and site availability under high consumer load. Load balancing is a method of distributing network traffic across multiple servers to optimize performance, reliability, and scalability. Load balancing can help improve site availability by preventing server overload, ensuring high uptime, and providing redundancy and failover. RAID stands for redundant array of independent disks, which is a technology that combines multiple physical disks into a logical unit to improve data storage performance, reliability, and capacity. RAID can help improve server-data fault tolerance by providing data redundancy, backup, and recovery.
質問 # 298
......
SY0-601合格させる試験問題集には更新されたのは2024年:https://www.goshiken.com/CompTIA/SY0-601-mondaishu.html
無料SY0-601試験問題集でお手軽に試験合格させる:https://drive.google.com/open?id=1oq8gKrLs925jDLKdsLG1-sRiMGp5e4IL