4134f Flashcards by tom cat

Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff. Which of the following would MOST likely help mitigate this issue?
A. DNSSEC and DMARC
B. DNS query logging
C. Exact mail exchanger records in the DNS
D. The addition of DNS conditional forwarders

C
https://www.examtopics.com/discussions/comptia/view/44141-exam-sy0-601-topic-1-question-10-discussion/
A Mail Exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain, and provides a preference value which is used to prioritise mail delivery if multiple mail servers are available.

MX records can provide early warning signs that your company may be under attack from spear phishing. You can take immediate steps to block any emails coming in from any possibly malicious domains.

https: //fraudwatchinternational.com/phishing/email-security-mx-records/
https: //www.infosecurity-magazine.com/opinions/mx-records-matter-fight-bec-spear/

How well did you know this?

Not at all

Perfectly

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:
✑ Check-in/checkout of credentials
✑ The ability to use but not know the password
✑ Automated password changes
✑ Logging of access to credentials
Which of the following solutions would meet the requirements?
A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system

C or D

https://www.examtopics.com/discussions/comptia/view/41862-exam-sy0-601-topic-1-question-21-discussion/

How well did you know this?

Not at all

Perfectly

A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?
A. Continuous delivery
B. Continuous integration
C. Continuous validation
D. Continuous monitoring

B
continuous validation that performs software testing as soon as developers update code,
continuous integration that maintains linkages between different code elements,
continuous delivery that automatically moves code into the proper environments,
continuous deployment that automatically releases code for production use,
continuous monitoring tools that ensure that code is working properly, and trigger automated remediation if issues arise.

How well did you know this?

Not at all

Perfectly

An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?
A. DNS cache poisoning
B. Domain hijacking
C. Distributed denial-of-service
D. DNS tunneling

B or A(應該是A
https://www.examtopics.com/discussions/comptia/view/41318-exam-sy0-601-topic-1-question-35-discussion/
應該是A
https://blog.miniasp.com/post/2008/10/22/Be-careful-DNS-cache-poisoning-attack

How well did you know this?

Not at all

Perfectly

A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?
A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery

https: //www.examtopics.com/discussions/comptia/view/42264-exam-sy0-601-topic-1-question-38-discussion/
https: //campus.barracuda.com/product/webapplicationfirewall/doc/49058327/session-replay-attack/

How well did you know this?

Not at all

Perfectly

A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective?
A. OAuth
B. SSO
C. SAML
D. PAP

A or C

https: //www.examtopics.com/discussions/comptia/view/40736-exam-sy0-501-topic-2-question-432-discussion/
https: //www.examtopics.com/discussions/comptia/view/42808-exam-sy0-601-topic-1-question-51-discussion/

How well did you know this?

Not at all

Perfectly

An analyst needs to identify the applications a user was running and the files that were open before the user's computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?
A. NGFW
B. Pagefile
C. NetFlow
D. RAM

https://www.examtopics.com/ajax/discussion/exam-question/644050/

How well did you know this?

Not at all

Perfectly

Which of the following would MOST likely support the integrity of a voting machine?
A. Asymmetric encryption
B. Blockchain
C. Transport Layer Security
D. Perfect forward secrecy

B or D

in book i think B

How well did you know this?

Not at all

Perfectly

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?
A. PCI DSS
B. GDPR
C. NIST
D. ISO 31000

https://www.examtopics.com/ajax/discussion/exam-question/644059/

How well did you know this?

Not at all

Perfectly

A user contacts the help desk to report the following:
✑ Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested.
✑ The user was able to access the Internet but had trouble accessing the department share until the next day.
✑ The user is now getting notifications from the bank about unauthorized transactions.
Which of the following attack vectors was MOST likely used in this scenario?
A. Rogue access point
B. Evil twin
C. DNS poisoning
D. ARP poisoning

A or B

https://www.examtopics.com/discussions/comptia/view/41123-exam-sy0-601-topic-1-question-74-discussion/

How well did you know this?

Not at all

Perfectly

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations?
A. Least privilege
B. Awareness training
C. Separation of duties
D. Mandatory vacation

https://www.examtopics.com/discussions/comptia/view/36948-exam-sy0-501-topic-2-question-386-discussion/

How well did you know this?

Not at all

Perfectly

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
A. Salting the magnetic strip information
B. Encrypting the credit card information in transit
C. Hashing the credit card numbers upon entry
D. Tokenizing the credit cards in the database

C or D
查了一下hash是可以的
https://www.examtopics.com/discussions/comptia/view/44632-exam-sy0-601-topic-1-question-85-discussion/

How well did you know this?

Not at all

Perfectly

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?
A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics

C or D

https://www.examtopics.com/discussions/comptia/view/44076-exam-sy0-601-topic-1-question-86-discussion/

How well did you know this?

Not at all

Perfectly

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO’s concerns?
A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

A or D

https: //www.examtopics.com/ajax/discussion/exam-question/644089/
https: //www.examtopics.com/discussions/comptia/view/38876-exam-sy0-501-topic-2-question-412-discussion/

How well did you know this?

Not at all

Perfectly

After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?
A. Multifactor authentication
B. Something you can do
C. Biometrics
D. Two-factor authentication

B or D

https://www.examtopics.com/ajax/discussion/exam-question/644096/

How well did you know this?

Not at all

Perfectly

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?
A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
C. Implement nightly full backups every Sunday at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

B or D?

https://www.examtopics.com/discussions/comptia/view/44133-exam-sy0-601-topic-1-question-105-discussion/

A malicious actor recently penetrated a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?
A. Security
B. Application
C. Dump
D. Syslog

https: //www.examtopics.com/ajax/discussion/exam-question/644105/
https: //www.examtopics.com/discussions/comptia/view/29451-exam-sy0-501-topic-2-question-321-discussion/

A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:
A. loss of proprietary information.
B. damage to the company's reputation.
C. social engineering.
D. credential exposure.

https://www.examtopics.com/ajax/discussion/exam-question/644107/

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:
A. data controller.
B. data owner.
C. data custodian.
D. data processor.

C or D

https://www.examtopics.com/ajax/discussion/exam-question/644108/

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10

C or D(應該是C
diss
https://www.examtopics.com/ajax/discussion/exam-question/644110/
googlebook
https://books.google.com.tw/books?id=0uUSEAAAQBAJ&pg=PT360&lpg=PT360&dq=high+read+speeds+and+fault+tolerance+RAID+sy0-601&source=bl&ots=_wAHUy9y7G&sig=ACfU3U2v-08ysHHvCc-JCetUrWGowANGLg&hl=zh-TW&sa=X&ved=2ahUKEwjt98Lgwu3uAhWsGqYKHUsfDzsQ6AEwEXoECBsQAg#v=onepage&q=high%20read%20speeds%20and%20fault%20tolerance%20RAID%20sy0-601&f=false
raid explain
https://www.prepressure.com/library/technology/raid

A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?
A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training

D
https://www.examtopics.com/discussions/comptia/view/44134-exam-sy0-601-topic-1-question-112-discussion/
需要向各個級別的員工（包括最終用戶，技術人員和主管）進行適當的安全意識培訓。需要涵蓋的一些常規主題包括：
•組織的安全策略概述和違規處罰。
•事件識別和報告程序。
•現場安全程序，限制和建議，包括安全演習，陪同客人，使用安全區域和使用個人設備。
•數據處理，包括文檔機密性，PII，備份，加密等。
•密碼和帳戶管理以及PC和移動設備的安全功能。
•對社會工程和惡意軟件威脅的意識，包括網絡釣魚，網站利用，垃圾郵件以及新威脅的警報方法。
•安全使用瀏覽器和電子郵件客戶端之類的軟件，並適當使用包括社交網站在內的Internet訪問權限。
還應該有一個系統來識別執行對安全敏感的角色的員工，並對所需的培訓和教育水平進行分級（例如，介於初學者，中級和高級之間）。請注意，在定義此類培訓計劃時，您需要關注工作角色而不是職務，因為員工可能扮演不同的角色，並且每個角色都有不同的安全培訓，教育或意識要求。

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?
A. The data protection officer
B. The data processor
C. The data owner
D. The data controller

https://www.examtopics.com/ajax/discussion/exam-question/644113/

After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?
A. The public ledger
B. The NetFlow data
C. A checksum
D. The event log

A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A. Open the document on an air-gapped network.
B. View the document’s metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.

https://www.examtopics.com/discussions/comptia/view/44287-exam-sy0-601-topic-1-question-121-discussion/

``` A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring? A. Containment B. Identification C. Recovery D. Preparation ```

B | https://www.examtopics.com/ajax/discussion/exam-question/644121/

Which of the following are requirements that must be configured for PCI DSS compliance? (Choose two.) A. Testing security systems and processes regularly B. Installing and maintaining a web proxy to protect cardholder data C. Assigning a unique ID to each person with computer access D. Encrypting transmission of cardholder data across private networks E. Benchmarking security awareness training for contractors F. Using vendor-supplied default passwords for system passwords

AC https://www.controlcase.com/what-are-the-12-requirements-of-pci-dss-compliance/ The 12 requirements of PCI DSS are: Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Use and regularly update anti-virus software or programs Develop and maintain secure systems and applications Restrict access to cardholder data by business need to know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain a policy that addresses information security for all personnel

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company's executives. Which of the following intelligence sources should the security analyst review? A. Vulnerability feeds B. Trusted automated exchange of indicator information C. Structured threat information expression D. Industry information-sharing and collaboration groups

C or D | https://www.examtopics.com/discussions/comptia/view/44156-exam-sy0-601-topic-1-question-126-discussion/

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better: A. validate the vulnerability exists in the organization's network through penetration testing. B. research the appropriate mitigation techniques in a vulnerability database. C. find the software patches that are required to mitigate a vulnerability. D. prioritize remediation of vulnerabilities based on the possible impact.

D | https://www.examtopics.com/ajax/discussion/exam-question/644129/

``` A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause? A. Checksums B. Watermarks C. Order of volatility D. A log analysis E. A right-to-audit clause ```

B | https://www.examtopics.com/ajax/discussion/exam-question/644132/

``` A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities? A. Segmentation B. Firewall whitelisting C. Containment D. Isolation ```

A | https://www.examtopics.com/ajax/discussion/exam-question/644133/

``` A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting? A. Verification B. Validation C. Normalization D. Staging ```

A or B https: //www.examtopics.com/discussions/comptia/view/44292-exam-sy0-601-topic-1-question-137-discussion/ https: //www.geeksforgeeks.org/differences-between-verification-and-validation/

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements: ✑ The devices will be used internationally by staff who travel extensively. ✑ Occasional personal use is acceptable due to the travel requirements. ✑ Users must be able to install and configure sanctioned programs and productivity suites. ✑ The devices must be encrypted. ✑ The devices must be capable of operating in low-bandwidth environments. Which of the following would provide the GREATEST benefit to the security posture of the devices? A. Configuring an always-on VPN B. Implementing application whitelisting C. Requiring web traffic to pass through the on-premises content filter D. Setting the antivirus DAT update schedule to weekly

D? https://www.examtopics.com/ajax/discussion/exam-question/644137/ 應該是一種DLP

An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision? A. Access to the organization's servers could be exposed to other cloud-provider clients. B. The cloud vendor is a new attack vector within the supply chain. C. Outsourcing the code development adds risk to the cloud provider. D. Vendor support will cease when the hosting platforms reach EOL.

B(? https: //www.examtopics.com/discussions/comptia/view/29675-exam-sy0-501-topic-2-question-371-discussion/ https: //www.examtopics.com/discussions/comptia/view/44017-exam-sy0-601-topic-1-question-139-discussion/

``` Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.) A. Alarms B. Signage C. Lighting D. Mantraps E. Fencing F. Sensors ```

DE? EF?CE? https://www.examtopics.com/discussions/comptia/view/44312-exam-sy0-601-topic-1-question-143-discussion/

``` In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? A. Identification B. Preparation C. Lessons learned D. Eradication E. Recovery F. Containment ```

``` D?F?(應該是F googlebook https://books.google.com.tw/books?id=L-cSEAAAQBAJ&pg=PA452&lpg=PA452&dq=CompTIA+Security%2B+Study+Guide:+Exam+SY0-601+%22Eradication%22+google+book&source=bl&ots=EUTHIqMk2j&sig=ACfU3U3h2xkQkdwGEv7Y0cGlVAkE8oDxFA&hl=zh-TW&sa=X&ved=2ahUKEwiVt5mj3e3uAhXCGaYKHVY7CBAQ6AEwDXoECCIQAg#v=onepage&q=CompTIA%20Security%2B%20Study%20Guide%3A%20Exam%20SY0-601%20%22Eradication%22%20google%20book&f=false note • Isolation-based containment • Remove the affected system • Disconnect hosts from power • Prevent hosts communicating on network • Disable user accounts or applications • Segmentation-based containment • Use sinkhole or sandbox to analyze attack ```

``` Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.) A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software ```

AC? DE? | 好，我接受AC

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following: ✑ The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP. ✑ The forged website's IP address appears to be 10.2.12.99, based on NetFlow records. ✑ All three of the organization's DNS servers show the website correctly resolves to the legitimate IP. ✑ DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise. Which of the following MOST likely occurred? A. A reverse proxy was used to redirect network traffic. B. An SSL strip MITM attack was performed. C. An attacker temporarily poisoned a name server. D. An ARP poisoning attack was successfully executed.

``` A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used? A. Man-in-the-middle B. Spear phishing C. Evil twin D. DNS poisoning ```