CompTIA SY0-601 Exam: Hash Drive Repartitioning Issue

Questions and Answers

What issue is the company facing with the badge readers for building access?

Identity fraud

Phishing

Shoulder surfing

Tailgating (correct)

Why is the DLP appliance considered a weak design element in the organization's network setup?

Adding two hops in the VPN tunnel may slow down remote connections.

Split-tunnel connections can negatively impact the DLP appliance's performance.

The DLP appliance should be integrated into a NGFW.

Encrypted VPN traffic will not be inspected when entering or leaving the network. (correct)

What type of attack involves someone following an authorized person to gain entry into secure areas?

Identity fraud

Shoulder surfing

Phishing

Tailgating (correct)

What is the potential problem with split-tunnel connections in the organization's network setup?

Split-tunnel connections can negatively impact the DLP appliance's performance.

What action might slow down remote connections in the organization's network?

Adding two hops in the VPN tunnel may slow down remote connections.

What threat vector could be exploited if encrypted VPN traffic is not inspected?

'Data exfiltration' risks

What cloud model would best suit an organization that wants to move only its email solution to the cloud?

SaaS

Which type of attack occurred when a user input credentials into a pop-up window on a trusted website?

Cross-site scripting

What tool with multiple components would be most suitable for tracking, analyzing, and monitoring devices without relying solely on definitions?

EDR

Which cloud model would be suitable if an organization wants to maintain control over the software it develops and deploys in the cloud?

IaaS

Which attack involves falsely creating digital certificates?

Certificate forgery

What would be the appropriate solution for an organization wanting to prevent unauthorized access to its network based on behavior monitoring?

NGFW

What action is the Chief Privacy Officer (CPO) adamant about in the context of PII in the development environment?

Data purge

Why are the developers hesitant to remove real data from the development environment?

To perform functionality tests

In the context of investigating a malware incident, what is the malware accessing?

A command-and-control website

Where is the outbound Internet traffic logged in the scenario?

/logFiles/messages

What would be the best command for the security analyst to use on the syslog server to search for recent traffic to the command-and-control website?

tail -500 /logFiles/messages | grep www.comptia.com

What is the primary concern of the security analyst when investigating the malware incident?

Identifying and mitigating threats

How did the attacker gain administrative access to the network in the scenario described?

A RAT

What method did the attacker most likely use to maintain control of the compromised computer systems?

A rootkit

What type of policy change was implemented in the company's recent BYOD policy?

Two-factor authentication mandate

Which authentication method is NOT compliant with the new BYOD policy requirement?

Six-digit PIN

What type of attack was initiated through the social media site in the scenario?

Drive-by download attack

What was one of the outcomes of the security breach within the financial services firm?

Data exfiltration

What is the most effective way to limit access to sensitive documents in a SaaS application by individuals in high-risk countries?

Geolocation policy

Based on a security analyst reviewing logs, which attack is most likely occurring?

Password spraying

What method can a company use to prevent unauthorized access to web APIs abused by unknown parties?

Rate limiting policies

In the context of data security, what does the term 'data masking' refer to?

Hiding data by showing fictitious data instead of real values

A company wants to ensure compliance with data protection regulations across different regions. What approach should they consider?

Enforcing data sovereignty regulations