A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?
A. .pfx
B. .csr
C. .pvk
D. .cer
A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?
A. Content filter
B. SIEM
C. Firewall rules
D. DLP
A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system
Which of the following is the CISO using to evaluate Hie environment for this new ERP system?
A. The Diamond Model of Intrusion Analysis
B. CIS Critical Security Controls
C. NIST Risk Management Framework
D. ISO 27002
An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:
1.
Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
2.
Internal users in question were changing their passwords frequently during that time period.
3.
A jump box that several domain administrator users use to connect to remote devices was recently compromised.
4.
The authentication method used in the environment is NTLM.
Which of the following types of attacks is MOST likely being used to gain unauthorized access?
A. Pass-the-hash
B. Brute-force
C. Directory traversal
D. Replay
The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?
A. SAML
B. TACACS+
C. Password vaults
D. OAuth
As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?
A. Creating a playbook within the SOAR
B. Implementing rules in the NGFW
C. Updating the DLP hash database
D. Publishing a new CRL with revoked certificates
The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?
A. CASB
B. Next-generation SWG
C. NGFW
D. Web-application firewall
A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?
A. Disable Telnet and force SSH.
B. Establish a continuous ping.
C. Utilize an agentless monitor
D. Enable SNMPv3 With passwords.
A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?
A. Disable unneeded services.
B. Install the latest security patches.
C. Run a vulnerability scan.
D. Encrypt all disks.
During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?
A. User behavior analytics
B. Dump files
C. Bandwidth monitors
D. Protocol analyzer output
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.