Which of the following mitigation techniques places devices in physically or logically separated networks and leverages policies to limit the types of communications that are allowed?
A. Host-based firewalls
B. Access control list
C. Port security
D. Least privilege
Correct Answer: B
An access control list (ACL) is a set of rules or policies that can be applied to devices or networks to control the types of communications that are allowed or denied. It can be used to filter and restrict traffic based on various criteria such as source IP addresses, destination IP addresses, ports, protocols, and more. By applying ACLs, devices can be placed in logically separated networks and communication between them can be controlled based on the defined rules.
Question 222:
All security analysts' workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?
A. A forward proxy server
B. A jump server
C. A reverse proxy server
D. A stateful firewall server
Correct Answer: B
A jump server, also known as a bastion host or a secure access server, is a dedicated server that serves as a single access point for administrators or authorized users to connect to other systems within a network. By requiring all access to the secure VLAN to go through the jump server, the information security manager can enforce a centralized and controlled access point. This ensures that all access to the secure VLAN is authorized and can be monitored or logged for security purposes. A jump server provides an additional layer of security and helps protect against unauthorized access.
Question 223:
A company has installed badge readers for building access but is finding unauthorized individuals roaming the hallways. Which of the following is the most likely cause?
A. Shoulder surfing
B. Phishing
C. Tailgating
D. Identity fraud
Correct Answer: C
Tailgating, also known as piggybacking, is the act of an unauthorized individual following closely behind an authorized person to gain entry into a restricted area without their own valid access credentials. In this scenario, the badge readers are meant to control building access, but unauthorized individuals are gaining access by simply following authorized employees who use their badges to open doors. This practice compromises the security of the building and allows unauthorized people to roam the hallways. To prevent tailgating, employees should be trained to be vigilant about not allowing unauthorized individuals to follow them through access-controlled doors. Additionally, security measures like mantraps or turnstiles can be implemented to prevent tailgating incidents.
Question 224:
A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?
A. Hashing
B. Tokenization
C. Encryption
D. Segmentation
Correct Answer: C
Encryption is the process of converting plaintext data into ciphertext using an algorithm and encryption key. It ensures that sensitive data stored at rest (e.g., on hard drives, databases, or storage devices) is rendered unreadable to unauthorized users or attackers. Only those with the appropriate decryption key can transform the ciphertext back into readable plaintext.
Question 225:
Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications?
A. Installing a new operating system thoroughly tests the equipment
B. Removing unneeded applications reduces the system's attack surface
C. Reimaging a system creates an updated baseline of the computer image
D. Wiping the device allows the company to evaluate its performance
Correct Answer: C
Question 226:
An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?
A. The business continuity plan
B. The risk management plan
C. The communication plan
D. The incident response plan
Correct Answer: A
When an organization faces a disruptive event such as a natural disaster that impacts its normal operations, the business continuity plan (BCP) is the most likely plan to be consulted. The business continuity plan outlines the strategies, processes, and procedures that need to be followed to ensure essential business functions can continue or be rapidly resumed during and after the disaster or disruptive event. It addresses how the organization will recover and restore critical business operations and services in an alternative workspace or temporary location.
Question 227:
After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?
A. Compensating
B. Detective
C. Preventive
D. Corrective
Correct Answer: B
The administrator used detective controls by reviewing the log files after the ransomware attack. Detective controls are designed to detect and identify potential security incidents or policy violations that may have occurred within an organization's systems or network. In this case, the log files were analyzed to identify signs of the ransomware attack and understand how the incident occurred.
Detective controls help in identifying security breaches or other issues so that appropriate actions can be taken to respond to and mitigate the impact of the incident. They are an essential part of a comprehensive cybersecurity strategy, alongside preventive and corrective controls.
Question 228:
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators
Correct Answer: A
SASE (Secure Access Service Edge) is a comprehensive networking and security approach that combines wide-area networking (WAN) capabilities with security features. It provides secure access to applications and data, including encrypted tunnel access to the data center, while also offering monitoring capabilities for remote employee internet traffic. By implementing a SASE solution, the organization can reduce traffic on the VPN and internet circuit by routing traffic intelligently through the cloud, closer to the users. This approach helps optimize performance and security, addressing the scaling issues effectively.
Question 229:
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
A. Air gap the system.
B. Move the system to a different network segment.
C. Create a change control request.
D. Apply the patch to the system.
Correct Answer: C
Before applying a high-priority patch to a production system, it is essential to follow proper change management procedures. Creating a change control request allows the organization to document and track the proposed change, assess its potential impact, and get approval from relevant stakeholders. This process ensures that the patching procedure is well-documented, planned, and communicated to all necessary parties, reducing the risk of unexpected issues or disruptions to the production environment.
After the change control request is approved and the necessary preparations are made, the technician can proceed with applying the patch to the production system.
Question 230:
Which of the following is the best reason to complete an audit in a banking environment?
A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement
Correct Answer: A
Banks operate in a highly regulated industry, and regulatory bodies impose various requirements to ensure compliance, security, and transparency. Audits are often mandated by regulatory authorities to assess the bank's adherence to regulations, identify any non-compliance issues, and ensure the protection of customer assets and sensitive information. Completing audits helps banks meet regulatory requirements, maintain their license to operate, and avoid potential penalties or legal consequences.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.