A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would BEST meet these requirements?
A. internet proxy
B. VPN
C. WAF
D. Firewall
Correct Answer: A
An internet proxy (also known as a web proxy) would best meet the requirements of restricting web access and monitoring the websites that employees visit. An internet proxy acts as an intermediary between the users' web browsers and the internet. When employees access the internet through the proxy server, it can be configured to enforce access control policies, filter web content, and log user activities.
Here's how an internet proxy can fulfill the requirements:
Restrict web access: The proxy server can be configured with access control lists (ACLs) to block or allow access to specific websites or categories of websites based on company policies. This allows the organization to restrict access to inappropriate or non-work-related websites.
Monitor website visits: The proxy server logs all web requests made by employees, providing detailed information about the websites they visit, the time of access, and the amount of data transferred. This monitoring helps the company track user activities and identify potential security risks or policy violations.
Question 432:
A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The fiieshare is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?
A. Fog computing and KVMs
B. VDI and thin clients
C. Private cloud and DLP
D. Full drive encryption and thick clients
Correct Answer: B
Virtual Desktop Infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request. VDI can be used to provide the desktop experience.
The computing hardware for VDI can be split into thin clients and thick clients:
-
Thin clients are simple computers that can be accessed through a remote connection to a central server which provides the client all of its resources. Thin clients do not have hard drives so data isn't stored locally, and applications would also need to be accessed through a server. Thin clients would work for this scenario since data can't be stored in the conference rooms and thin clients cant store data anyway.
-
Thick clients are fully functional networked computers that have their OS, local storage, and handles their own processing. Just think company-provided desktop computers or laptops. They can connect to a server if they want, but can work independently as well. Since files can be stored locally on a thick client, they wouldn't work with the requirements of the scenario.
Question 433:
A security engineer is deploying a new wireless for a company. The company shares office space with multiple tenants. Which of the following should the engineer configured on the wireless network to ensure that confidential data is not exposed to unauthorized users?
A. EAP
B. TLS
C. HTTPS
D. AES
Correct Answer: D
AES -- The Advanced Encryption Standard (AES) encryption algorithm a widely supported encryption type for all wireless networks that contain any confidential data. AES in Wi-Fi leverages 802.1X or PSKs to generate per station keys for all devices. AES provides a high level of security like IP Security (IPsec) clients. https://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/UG_files/Authentication/UnderstandingEncryption.htm
Question 434:
An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique?
A. Hoax
B. Reconnaissance
C. Impersonation
D. pretexting
Correct Answer: B
Impersonation is a form of social engineering attack when the attacker pretends to be someone else.. nothing related to the question here.
Question 435:
A company's security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?
A. Deterrent
B. Compensating
C. Detective
D. Preventive
Correct Answer: B
Compensating control looks to be correct here. Open to correction however
A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.
Question 436:
Which of the following is a targeted attack aimed at compromising users within a specific industry or group?
A. Watering hole
B. Typosquatting
C. Hoax
D. Impersonation
Correct Answer: A
A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity. These attackers have a certain level of expertise and have sufficient resources to conduct their schemes over a long-term period. They can adapt, adjust, or improve their attacks to counter their victim's defenses.BackgroundTargeted attacks often employ similar methods found in traditional online threats such as malicious emails, compromised or malicious sites, exploits, and malware. Targeted attacks differ from traditional online threats in many ways:?Targeted attacks are typically conducted as campaigns. APTs are often conducted in campaigns--a series of failed and successful attempts over time to get deeper and deeper into a target's network--and are thus not isolated incidents.?They usually target specific industries such as businesses, government agencies, or political groups. Attackers often have long-term goals in mind, with motives that include, but are not limited to, political gain, monetary profit, or business data theft.Attackers often customize, modify and improve their methods depending on the nature of their target sector and to circumvent any security measures implemented.Phases of a Targeted Attack?Intelligence gathering. Threat actors identify and gather publicly available information about their target to customize their attacks. This initial phase aims to gain strategic information not only on the intended target's IT environment but also on its organizational structure. The information gathered can range from the business applications and software an enterprise utilizes to the roles and relationships that exist within it. This phase also utilizes social engineering techniques that leverage recent events, work-related issues or concerns, and other areas of interest for the intended target.?Point of entry. Threat actors may use varied methods to infiltrate a target's infrastructure. Common methods include customized spearphishing email, zero- day or software exploits, and watering hole techniques. Attackers also utilize instant- messaging and social networking platforms to entice targets to click a link or download malware. Eventually, establishing a connection with the target is acquired.?Command- and-control (CandC) communication. After security has been breached, threat actors constantly communicate to the malware to either execute malicious routines or gather information within the company network. Threat actors use techniques to hide this communication and keep their movements under the radar.?Lateral movement. Once inside the network, threat actors move laterally throughout the network to seek key information or infect other valuable systems.?Asset/Data Discovery. Notable assets or data are determined and isolated for future data exfiltration. Threat actors have access to "territories" that contain valuable information and noteworthy assets. These data are then identified and transferred through tools like remote access Trojans (RATs) and customized and legitimate tools. A possible technique used in this stage may be sending back file lists in different directories so attackers can identify what are valuable.?Data Exfiltration. This is the main goal of targeted attacks. An attack's objective is to gather key information and transfer this to a location that the attackers control. Transferring such data can be conducted quickly or gradually. Targeted attacks strive to remain undetected in the network in order to gain access to the company's crown jewels or valuable data. These valuable data include intellectual property, trade secrets, and customer information. Inaddition, threat actors may also seek other sensitive data such as top-secret documents from government or military institutions. Once a targeted attack is successful and has reached as far as the data exfiltration stage, it is not difficult for attackers to draw out the data. Although targeted attacks are not known to specifically target consumers, their data are also at risk once target business sectors have been infiltrated. As a result, such attacks (if successful) may damage a company's reputation. https://www.trendmicro.com/vinfo/us/security/definition/targeted- attacks#:~:text=A%20targeted%20attack% 20refers% 20to,over%20a%20long%2Dterm%20 period.
Question 437:
An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?
A. Social media
B. Cloud
C. Supply chain
D. Social engineering
Correct Answer: C
The attacker is exploiting the supply chain vector. The supply chain refers to the series of processes and organizations involved in the production, distribution, and delivery of goods and services. By infiltrating third-party software vendors, the attacker is attempting to gain access to the supply chain and compromise the software that is used by the organization. This can allow the attacker to launch attacks, steal sensitive data, or disrupt operations by inserting malicious code into the software. Social media, cloud, and social engineering are not directly related to the supply chain and would not be effective for infiltrating third-party software vendors.
Question 438:
A security analyst has identified malware spreading through the corporate network and has activated the CSIRT Which of the following should the analyst do NEXT?
A. Review how the malware was introduced to the network.
B. Attempt to quarantine all infected hosts to limit further spread.
C. Create help desk tickets to get infected systems reimaged.
D. Update all endpoint antivirus solutions with the latest updates.
Correct Answer: B
Phases in the Incident Response Plan
1.
Preparation: The organization plans out how they will respond to attack, this can involve:
2.
Identification: Detecting and determining whether an incident has occurred.
3.
Containment: Once a threat has been identified, the organization must limit or prevent any further damage. 4. Eradication: The removal of the threat
5.
Recovery: Restoring systems affected by the incident
6.
Lessons Learned: Where the organization reviews their incident response and prepare for a future attack
Question 439:
Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating a cybercrime
Correct Answer: A
A phishing email stating a cash settlement has been awarded but will expire soon describes a social engineering technique that seeks to exploit a person's sense of urgency.
Social engineering is the use of psychological manipulation or deception to influence people to divulge sensitive information or take actions that may not be in their best interests. One common social engineering technique is to create a sense of urgency in the victim, often by using time-limited offers or other time-sensitive incentives.
In this case, the phishing email claims that a cash settlement has been awarded, but will expire soon, creating a sense of urgency in the victim to take action. This may motivate the victim to click on a link or provide sensitive information, without fully considering the consequences.
Question 440:
An analyst receives multiple alerts for beaconing activity for a host on the network, After analyzing the activity, the analyst observes the following activity:
1.
A user enters comptia.org into a web browser.
2.
The website that appears is not the comptia.org site.
3.
The website is a malicious site from the attacker.
4.
Users in a different office are not having this issue.
Which of the following types of attacks was observed?
A. On-path attack
B. DNS poisoning
C. Locator (URL) redirection
D. Domain hijacking
Correct Answer: B
Only some client have this problem about web tarns to malicious site. So choose B.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.