あなたを合格させるCompTIA Security+ SY0-601試験問題集で2024年11月25日には1061問あります [Q204-Q229]

Share

あなたを合格させるCompTIA Security+ SY0-601試験問題集で2024年11月25日には1061問あります

SY0-601無料試験学習ガイド!(更新された1061問あります)

質問 # 204
Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

  • A. Increase the frequency of vulnerability scans.
  • B. Classify the system as shadow IT.
  • C. Implement proper network access restrictions.
  • D. Initiate a bug bounty program.

正解:C

解説:
Network access restrictions can limit the exposure of systems that have expired vendor support and lack an immediate replacement, as they can prevent unauthorized or unnecessary access to those systems from other devices or networks. Network access restrictions can include firewalls, network segmentation, VPNs, access control lists, and other methods that can filter or block traffic based on predefined rules or policies. Network access restrictions can reduce the security risks introduced by running systems that have expired vendor support, as they can mitigate the impact of potential vulnerabilities or exploits that may affect those systems. Verified Reference:
CompTIA Security+ Certification Exam Objectives Version 3.0 https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf (See Domain 2.1: Given a scenario, implement secure protocols.) CompTIA Security+ SY0-501 Study Guide https://www.certblaster.com/wp-content/uploads/2017/10/CompTIA-Security-SY0-501-Study-Guide.pdf (See Chapter 2: Technologies and Tools, Section 2.5: Firewall and Network Security Appliances.)


質問 # 205
Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

  • A. Red team
  • B. Blue team
  • C. Purple team
  • D. White team

正解:A


質問 # 206
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:

解説:

Explanation
Web serverBotnet Enable DDoS protection RAT Implement a host-based IPSDatabase server Worm Change the default application password KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA using push notification Graphical user interface, application Description automatically generated


質問 # 207
An organization is building backup server rooms in geographically diverse locations The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room Which of the following should the systems engineer consider?

  • A. Purchasing hardware from different vendors
  • B. Designing new detective security controls
  • C. Migrating workloads to public cloud infrastructure
  • D. Implementing a robust patch management solution

正解:D


質問 # 208
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:

解説:


質問 # 209
A security an alyst needs to implement security features across smartphones. laptops, and tablets Which of the following would be the MOST effective across heterogeneous platforms?

  • A. Removing administrative permissions
  • B. Enforcing encryption
  • C. Applying MDM software
  • D. Deploying GPOs

正解:C


質問 # 210
Which of the following should be addressed first on security devices before connecting to the network?

  • A. Open permissions
  • B. Weak encryption
  • C. API integration configuration
  • D. Default settings

正解:D

解説:
Before connecting security devices to the network, it is crucial to address default settings first. Manufacturers often ship devices with default settings that include default usernames, passwords, and configurations. These settings are widely known and can be easily exploited by attackers. Changing default settings helps to secure the device and prevent unauthorized access. Reference: CompTIA Security+ SY0-501 Exam Objectives, Section 3.2: "Given a scenario, implement secure systems design." (https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf)


質問 # 211
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider.
Which of the following is a risk in the new system?

  • A. Supply chain vendor
  • B. Non-segmented network
  • C. Default credentials
  • D. Vulnerable software

正解:A


質問 # 212
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

  • A. SSO would reduce the password complexity for frontline staff.
  • B. SSO would simplify username and password management, making it easier for hackers to guess accounts.
  • C. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
  • D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

正解:D

解説:
Explanation


質問 # 213
A security analyst reviews a company's authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

  • A. Dictionary
  • B. Spraying
  • C. Rainbow table
  • D. Brute-force

正解:B

解説:
Detailed Explanation: Password spraying is an attack where an attacker tries a small number of commonly used passwords against a large number of usernames. The goal of password spraying is to avoid detection by avoiding too many failed login attempts for any one user account. The fact that different usernames are being attacked from the same IP address is a strong indication that a password spraying attack is underway.


質問 # 214
While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:

Which of the following attack types best describes the root cause of the unusual behavior?

  • A. Improper error handling
  • B. SQL injection
  • C. Buffer overflow
  • D. Server-side request forgery

正解:B

解説:
Explanation
SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input12. A SQL injection attack consists of insertion or
"injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system3.
According to the pseudocode given in the question, the application takes a user input for display name and concatenates it with a SQL query to update the user's profile. This is a vulnerable practice that allows an attacker to inject malicious SQL code into the query and execute it on the database. For example, an attacker could enter something like this as their display name:
John'; DROP TABLE users; --
This would result in the following SQL query being executed:
UPDATE profile SET displayname = 'John'; DROP TABLE users; --' WHERE userid = 1; The semicolon (;) terminates the original update statement and starts a new one that drops the users table. The double dash (-) comments out the rest of the query. This would cause a catastrophic loss of data for the application.


質問 # 215
A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?

  • A. DLP
  • B. CASB
  • C. HIDS
  • D. EDR
  • E. UEFI

正解:A

解説:
The company should implement Data Loss Prevention (DLP) to prevent employees from stealing data when accessing network shares. Reference:
CompTIA Security+ Study Guide Exam SY0-601, Chapter 8


質問 # 216
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:

解説:

Explanation:
Web serverBotnet Enable DDoS protectionUser RAT Implement a host-based IPSDatabase server Worm Change the default application passwordExecutive KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA using push notification A screenshot of a computer program Description automatically generated with low confidence


質問 # 217
An administrator reviewed the log files after a recent ransomware attack on a company's system and discovered vulnerabilities that resulted in the loss of a database server. The administrator applied a patch to the server to resolve the CVE score. Which of the following controls did the administrator use?

  • A. Deterrent
  • B. Directive
  • C. Compensating
  • D. Corrective

正解:D


質問 # 218
An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:
Text, letter Description automatically generated

Which of the following BEST describes the attack that was attempted against the forum readers?

  • A. SOU attack
  • B. XSS attack
  • C. API attack
  • D. DLL attack

正解:B

解説:
Cross-site scripting attacks may occur anywhere that possibly malicious users are allowed to post unregulated material to a trusted website for the consumption of other valid users. The most common example can be found in bulletin-board websites which provide web based mailing list-style functionality.
https://owasp.org/www-community/attacks/xss/
https://www.acunetix.com/websitesecurity/cross-site-scripting/


質問 # 219
A malicious actor recently penetration a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

  • A. Dump
  • B. Syslog
  • C. Application
  • D. Security

正解:A

解説:
Dump files are a special type of files that store information about your computer, the software on it, and the data loaded in the memory when something bad happens. They are usually automatically generated by Windows or by the apps that crash, but you can also manually generate them
https://www.digitalcitizen.life/view-contents-dump-file/


質問 # 220
A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card. which Of the following protocols *would be most secure to implement?

  • A. SFTP
  • B. SSL
  • C. TLS
  • D. SNMP

正解:C

解説:
TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over the internet. It can protect the data transmitted between the website and the visitors from eavesdropping, tampering, etc. It is the most secure protocol to implement for a website that sells products online using a credit card.


質問 # 221
A recent security audit revealed that a popular website with IP address 172.16.1.5 also has an FTP service that employees were using to store sensitive corporate data. The organization's outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

  • A. access-rule permit tcp destination 172.16.1.5 port 80
    access-rule permit tcp destination 172.16.1.5 port 443
    access-rule deny ip destination 172.16.1.5
  • B. access-rule permit tcp destination 172.16.1.5 port 21
    access-rule permit tcp destination 172.16.1.5 port 80
    access-rule deny ip destination 172.16.1.5
  • C. access-rule permit tcp destination 172.16.1.5 port 22
    access-rule permit tcp destination 172.16.1.5 port 443
    access-rule deny tcp destination 172.16.1.5 port 80
  • D. access-rule permit tcp destination 172.16.1.5 port 80
    access-rule permit tcp destination 172.16.1.5 port 443
    access-rule deny tcp destination 172.16.1.5 port 21

正解:D

解説:
The firewall will process the rules top-down. The first rule will permit TCP traffic to destination port 80 and 443 on host 172.16.1.5. The second rule will deny TCP traffic to destination port 21 on host 172.16.1.5. Any traffic that does not match either of these rules will be denied.


質問 # 222
A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:
- Must be able to differentiate between users connected to WiFi
- The encryption keys need to change routinely without interrupting the users or forcing reauthentication
- Must be able to integrate with RADIUS
- Must not have any open SSIDs
Which of the following options BEST accommodates these requirements?

  • A. 802.11n
  • B. WPA2-Enterprise
  • C. WPS
  • D. WPA3-PSK

正解:A


質問 # 223
A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the
application?

  • A. Non-credentialed scans
  • B. Static code analysis
  • C. Common Vulnerabilities and Exposures
  • D. Repository transaction logs

正解:B


質問 # 224
A security analyst sees the following log output while reviewing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

  • A. Stored procedures
  • B. Code signing
  • C. Secure cookies
  • D. Input validation

正解:D


質問 # 225
Which of the following does an air-gapped system provide?

  • A. Security through logical isolation
  • B. Security through physical disconnection
  • C. Users with mobility
  • D. Security through obscurity

正解:A


質問 # 226
An audit identified Pll being utilized in the development environment of a crit-ical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed: however, the developers are concerned that without real data they cannot perform functionality tests and search for specific dat a. Which of the following should a security professional implement to best satisfy both the CPOs and the development team's requirements?

  • A. Data purge
  • B. Data tokenization
  • C. Data masking
  • D. Data encryption

正解:B

解説:
Data tokenization is a technique of replacing sensitive data with non-sensitive substitutes called tokens that have no intrinsic value or meaning. It can satisfy both the CPO's and the development team's requirements by removing personally identifiable information (PII) from the development environment of a critical application while preserving the functionality and format of the data for testing purposes.


質問 # 227
An attack has occurred against a company.
INSTRUCTIONS
You have been tasked to do the following:
Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1).
Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server.
(Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.


Select and Place:

正解:

解説:

Explanation
Diagram Description automatically generated


質問 # 228
A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

  • A. Dump
  • B. Syslog
  • C. Application
  • D. Security

正解:A

解説:
Explanation
A dump file is a file that contains the contents of memory at a specific point in time. It can be used for debugging or forensic analysis of a system or an application. It can reveal what was in the memory on the compromised server, such as processes, variables, passwords, encryption keys, etc.


質問 # 229
......


CompTIA SY0-601試験は、セキュリティに関する知識とスキルを高めたいITプロフェッショナル向けの試験です。この認定は、セキュリティアナリスト、システムエンジニア、ネットワーク管理者、サイバーセキュリティ専門家に適しています。また、サイバーセキュリティのキャリアを追求し、自分の知識とスキルを検証したい個人にも有益です。

 

SY0-601問題集はCompTIA Security+認証済み試験問題と解答:https://jp.fast2test.com/SY0-601-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어