Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?
A. Set up hashing on the source log file servers that complies with local regulatory requirements,
B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.
C. Write protect the aggregated log files and move them to an isolated server with limited access.
D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.
Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?
A. Activate verbose logging in all critical assets.
B. Tune monitoring in order to reduce false positive rates.
C. Redirect all events to multiple syslog servers.
D. Increase the number of sensors present on the environment.
An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?
A. CIS benchmarks
B. GDPR guidance
C. Regional regulations
D. ISO 27001 standards
An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload. Which of the following attacks did the analyst observe?
A. Privilege escalation
B. Request forgeries
C. Injection
D. Replay attack
The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour?
A. Password complexity
B. Acceptable use
C. Access control
D. Clean desk
A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works BEST until a proper fix is released?
A. Detective
B. Compensating
C. Deterrent
D. Corrective
Which of the following uses SAML for authentication?
A. TOTP
B. Federation
C. Kerberos
D. HOTP
A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?
A. Rainbow table attack
B. Password spraying
C. Logic bomb
D. Malware bot
A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment Which of the following is an immediate consequence of these integrations?
A. Non-compliance with data sovereignty rules
B. Loss of the vendor's interoperability support
C. Mandatory deployment of a SIEM solution
D. Increase in the attack surface
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?
A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.