完全版は2022年最新のSY0-601試験問題集テストガイドはトレーニング専門問題
試験準備と合格するための最高なカバー率問題集を提供しています これで試験準備せよSY0-601
質問 245
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
- A. Rebuild all workstations and install new antivirus software
- B. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis
- C. Restrict administrative privileges and patch ail systems and applications.
- D. Implement application whitelisting and perform user application hardening
正解: B
質問 246
A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Choose two.)
- A. Password and smart card
- B. Password and voice
- C. Password and CAPTCHA
- D. Password and fingerprint
- E. Password and one-time token
- F. Password and security question
正解: A,D
質問 247
Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?
- A. Faraday cage
- B. Cameras
- C. Sensors
- D. Access control vestibule
- E. Guards
正解: D
質問 248
A security analyst has been reading about a newly discovered cyber attack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?
- A. The MITRE ATT&CK framework
- B. The Cyber Kill Chain
- C. Security research publications
- D. The Diamond Model of Intrusion Analysis
正解: A
質問 249
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST these requirement?
- A. CSR
- B. CRL
- C. RA
- D. OCSP
正解: B
解説:
Explanation
A CRL can still be preferred over the use of OCSP if a server has issued many certificates to be validated within a single revocation period. It may be more efficient for the organization to download a CRL at the beginning of the revocation period than to utilize the OCSP standard, necessitating an OCSP response every time a certificate requires validation.
質問 250
An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:
Which of the following BEST describes the type of password attack the attacker is performing?
- A. Dictionary
- B. Pass-the-hash
- C. Password spraying
- D. Brute-force
正解: A
質問 251
A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat?
- A. ULF
- B. A honeyfile
- C. File integrity monitoring
- D. A DMZ
正解: B
質問 252
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:
To better understand what is going on, the analyst runs a command and receives the following output:
Based on the analyst's findings, which of the following attacks is being executed?
- A. Spraying
- B. Keylogger
- C. Credential harvesting
- D. Brute-force
正解: A
質問 253
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
- A. Rebuild all workstations and install new antivirus software.
- B. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
- C. Restrict administrative privileges and patch all systems and applications.
- D. Implement application whitelisting and perform user application hardening.
正解: B
質問 254
An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:
Which of the following BEST describes the attack that was attempted against the forum readers?
- A. API attack
- B. DLL attack
- C. XSS attack
- D. SOU attack
正解: C
質問 255
A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).
- A. Service provider
- B. Identity provider
- C. Tokenized resource
- D. Service requestor
- E. Identity processor
- F. Notarized referral
正解: B,C
質問 256
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?
- A. White-hat hackers
- B. Script kiddies
- C. Insider threats
- D. Hacktivists
正解: D
解説:
Hacktivists - "a person who gains unauthorized access to computer files or networks in order to further social or political ends."
質問 257
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
正解:
解説:
質問 258
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST these requirement?
- A. CSR
- B. CRL
- C. RA
- D. OCSP
正解: B
質問 259
An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:
Which of the following BEST describes the type of password attack the attacker is performing?
- A. Dictionary
- B. Pass-the-hash
- C. Password spraying
- D. Brute-force
正解: A
質問 260
Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs.
However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?
- A. Application whitellsting
- B. Data loss prevention
- C. Application code signing
- D. Web application firewalls
正解: A
質問 261
Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences?
- A. Data bias
- B. Stored procedures
- C. Buffer overflows
- D. Code reuse
正解: A
解説:
https://lionbridge.ai/articles/7-types-of-data-bias-in-machine-learning/
質問 262
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:
Which of the following can the security analyst conclude?
- A. A credentialed vulnerability scanner attack is testing several CVEs against the application.
- B. A replay attack is being conducted against the application.
- C. A service account password may have been changed, resulting in continuous failed logins within the application.
- D. An injection attack is being conducted against a user authentication system.
正解: C
質問 263
An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:
Which of the following BEST describes the attack that was attempted against the forum readers?
- A. API attack
- B. DLL attack
- C. XSS attack
- D. SOU attack
正解: C
質問 264
Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?
- A. Red team
- B. While team
- C. Blue team
- D. Purple team
正解: A
解説:
Red team-performs the offensive role to try to infiltrate the target.
質問 265
An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?
- A. AH
- B. ESP
- C. PFS
- D. TLS
正解: D
質問 266
......
検証された材料は決まってこれSY0-601:https://jp.fast2test.com/SY0-601-premium-file.html