Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

SY0-601Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 101

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

  • A: The last incremental backup that was conducted 72 hours ago
  • B: The last known-good configuration
  • C: The last full backup that was conducted seven days ago
  • D: The baseline OS configuration

Question 102

A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

  • A: VLANs
  • B: Internet proxy servers
  • C: NIDS
  • D: Jump servers

Question 103

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.
With which of the following is the company's data protection officer MOST likely concerned?

  • A: NIST Framework
  • B: ISO 27001
  • C: GDPR
  • D: PCI-DSS

Question 104

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?

  • A: Fog computing and KVMs
  • B: VDI and thin clients
  • C: Private cloud and DLP
  • D: Full drive encryption and thick clients

Question 105

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented?

  • A: DNSSEC
  • B: LDAPS
  • C: NGFW
  • D: DLP

Question 106

Which of the following controls is used to make an organization initially aware of a data compromise?

  • A: Protective
  • B: Preventative
  • C: Corrective
  • D: Detective

Question 107

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?

  • A: CIS benchmarks
  • B: GDPR guidance
  • C: Regional regulations
  • D: ISO 27001 standards

Question 108

A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?

  • A: High availability
  • B: Application security
  • C: Segmentation
  • D: Integration and auditing

Question 109

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern?

  • A: PCI DSS
  • B: GDPR
  • C: ISO 27001
  • D: NIST CSF

Question 110

A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

  • A: Adjust the data flow from authentication sources to the SIEM.
  • B: Disable email alerting and review the SIEM directly.
  • C: Adjust the sensitivity levels of the SIEM correlation engine.
  • D: Utilize behavioral analysis to enable the SIEM's learning mode.

Question 111

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

  • A: USB data blocker
  • B: Faraday cage
  • C: Proximity reader
  • D: Cable lock

Question 112

A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find the requested servers?

  • A: nslookup 10.10.10.0
  • B: nmap -p 80 10.10.10.0/24
  • C: pathping 10.10.10.0 -p 80
  • D: ne -l -p 80

Question 113

Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?

  • A: Employ different techniques for server- and client-side validations
  • B: Use a different version control system for third-party libraries
  • C: Implement a vulnerability scan to assess dependencies earlier on SDLC
  • D: Increase the number of penetration tests before software release

Question 114

Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

  • A: Job rotation policy
  • B: NDA
  • C: AUP
  • D: Separation of duties policy

Question 115

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?

  • A: DNS
  • B: Message gateway
  • C: Network
  • D: Authentication

Question 116

An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

  • A: Social media
  • B: Cloud
  • C: Supply chain
  • D: Social Engineering

Question 117

An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users will be allowed to use their personal computers, or they will be provided organization assets. Either way, no data or applications will be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals?

  • A: VDI
  • B: MDM
  • C: COPE
  • D: UTM

Question 118

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

  • A: Chain of custody
  • B: Legal hold
  • C: Event log
  • D: Artifacts

Question 119

The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?

  • A: Warm site failover
  • B: Tabletop walk-through
  • C: Parallel path testing
  • D: Full outage simulation

Question 120

Which of the following control types fixes a previously identified issue and mitigates a risk?

  • A: Detective
  • B: Corrective
  • C: Preventative
  • D: Finalized

Question 121

An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload.
Which of the following attacks did the analyst observe?

  • A: Privilege escalation
  • B: Request forgeries
  • C: Injection
  • D: Replay attack

Question 122

A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network.
Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?

  • A: WPS
  • B: WPA2
  • C: WAP
  • D: HTTPS

Question 123

Which biometric error would allow an unauthorized user to access a system?

  • A: False acceptance
  • B: False entrance
  • C: False rejection
  • D: False denial

Question 124

An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique?

  • A: Hoax
  • B: Reconnaissance
  • C: Impersonation
  • D: Pretexting

Question 125

During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

  • A: dd
  • B: memdump
  • C: tcpdump
  • D: head
Page 5 of 35 • Questions 101-125 of 860
34567

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!