[2025年04月]更新のSY0-601試験資料CompTIA学習ガイド
有効な問題最新版を試そうSY0-601テスト解釈SY0-601有効な試験ガイド
質問 # 243
During an incident response, a security analyst observes the following log entry on the web server.
Which of the following BEST describes the type of attack the analyst is experience?
- A. Pass-the-hash
- B. Directory traversal
- C. SQL injection
- D. Cross-site scripting
正解:B
質問 # 244
Which of the following must be considered when designing a high-availability network? (Choose two.)
- A. Ease of recovery
- B. Responsiveness
- C. Extensible authentication
- D. Physical isolation
- E. Ability to patch
- F. Attack surface
正解:A、B
質問 # 245
Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?
- A. Weak configurations
- B. Integration activities
- C. Outsourced code development
- D. Unsecure user accounts
正解:A
解説:
Customers who are involved with Ul developer agreements should be concerned with weak configurations when considering the use of these products on highly sensitive projects. Weak configurations can lead to security vulnerabilities, which can be exploited by malicious actors. It is important to ensure that all configurations are secure and up-to-date in order to protect sensitive data. Source: UL
質問 # 246
A company is under investigation for possible fraud. As part of the investigation. the authorities need to review all emails and ensure data is not deleted.
Which of the following should the company implement to assist in the investigation?
- A. Data loss prevention
- B. Content filter
- C. Chain of custody
- D. Legal hold
正解:D
解説:
Once an organization is aware that it needs to preserve evidence for a court case, it must do so.
The mechanism is fairly simple as well: once you realize your organization needs to preserve evidence, you must use a legal hold, or litigation hold, which is the process by which you properly preserve any and all digital evidence related to a potential case.
質問 # 247
A security analyst is reviewing logs on a server and observes the following output:
Which of the following is the security analyst observing?
- A. A dictionary attack
- B. A keylogger attack
- C. A rainbow table attack
- D. A password-spraying attack
正解:A
質問 # 248
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
- A. Risk analysis
- B. Risk transfer
- C. Risk tolerance
- D. Risk register
正解:D
質問 # 249
The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:
- A. information elicitation.
- B. a watering-hole attack.
- C. prepending.
- D. intimidation.
- E. an influence campaign.
正解:E
解説:
Explanation
This scenario describes an influence campaign, where false information is spread to influence or manipulate people's beliefs or actions. In this case, the misinformation led eligible voters to avoid polling places, which influenced the outcome of the election.
質問 # 250
Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?
- A. Ethical hackers
- B. APT groups
- C. Hacktivists
- D. Script kiddies
正解:B
質問 # 251
Which of the following control sets should a well-written BCP include? (Select THREE)
- A. Corrective
- B. Compensating
- C. Preventive
- D. Physical
- E. Recovery
- F. Deterrent
- G. Detective
正解:A、C、E
質問 # 252
An organization has implemented a two-step verification process to protect user access to data that 6 stored in the could Each employee now uses an email address of mobile number a code to access the data. Which of the following authentication methods did the organization implement?
- A. HOTP
- B. Push notification
- C. Token key
- D. Static code
正解:C
質問 # 253
An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?
- A. Regional regulations
- B. CIS benchmarks
- C. ISO 27001 standards
- D. GDPR guidance
正解:B
解説:
CIS Benchmarking -> CIS Benchmarks from the Center of Internet Security (CIS) are a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses.
質問 # 254
Which of the following is used to validate a certificate when it is presented to a user?
- A. CA
- B. CSR
- C. CRC
- D. OCSP
正解:D
解説:
Online Certificate Status Protocol (OCSP) is used to validate a certificate when it is presented to a user. OCSP is a protocol that allows a client or browser to query the status of a certificate from an OCSP responder, which is a server that maintains and provides the revocation status of certificates issued by a certificate authority (CA). OCSP can help to verify the authenticity and validity of a certificate and prevent the use of revoked or expired certificates. References: https://www.comptia.org/blog/what-is-ocsp
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pd
質問 # 255
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?
- A. Building a disaster recovery plan
- B. Conducting a tabletop exercise
- C. Running a simulation exercise
- D. Developing an incident response plan
正解:B
質問 # 256
A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.
Which of the following tools can the analyst use to verify the permissions?
- A. ne
- B. chmod
- C. nessus
- D. 1s
- E. setuid
- F. ssh
正解:B
質問 # 257
Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?
- A. Development
- B. Production
- C. Test
- D. Staging
正解:A
解説:
A development environment is the environment that is used to develop and test software. It is typically installed locally on a system that allows code to be assessed directly and modified easily with each build. In this environment, dummy data is often utilized to test the software's functionality.
Reference: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 3: Architecture and Design
質問 # 258
A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?
- A. Packet captures
- B. Metadata
- C. Dashboard
- D. Vulnerability scans
正解:C
質問 # 259
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
- A. Endpoint
- B. IPS/IDS
- C. Application
- D. Network
正解:A
質問 # 260
A business uses Wi-Fi with content filtering enabled. An employee noticed a coworker accessed a blocked site from a work computer and reported the issue. While investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?
- A. A rogue access point is allowing users to bypass controls.
- B. The host-based security agent is not running on all computers.
- C. A valid access point is being jammed to limit availability.
- D. Employees who have certain credentials are using a hidden SSID.
正解:A
質問 # 261
Which of the following explains why RTO is included in a BIA?
- A. It prioritizes risks so the organization can allocate resources appropriately,
- B. It informs the backup approach so that the organization can recover data to a known time.
- C. It monetizes the loss of an asset and determines a break-even point for risk mitigation.
- D. It identifies the amount of allowable downtime for an application or system,
正解:D
質問 # 262
......
SY0-601試験問題と解答:https://www.goshiken.com/CompTIA/SY0-601-mondaishu.html
SY0-601実際の問題解答PDFは100%カバー率でリアル試験問題:https://drive.google.com/open?id=1IlmsSlVrWKF6LIHKQHrNQy9St51KCWWI