A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.
Correct Answer: A
This question is fairly confusing because it says what is the best to do after recovery. This implies that the recovery step was completed successfully. However, in the context of the rest of the question paying for the decryption keys is not enough to complete recovery. They must ensure the threat is gone from the network entirely before proceeding. Regular backups will then allow them to restore to an unencrypted version in the event of additional ransomware.
Question 72:
A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
A. Open-source intelligence
B. Bug bounty
C. Red team
D. Penetration testing
Correct Answer: B
Bug bounty programs are initiatives where organizations invite external security researchers or "white-hat" hackers to find and report security vulnerabilities in their systems. Researchers are rewarded with compensation based on the severity and impact of the discovered vulnerabilities.
Question 73:
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
A. Application
B. Authentication
C. Error
D. Network
E. Firewall
F. System
Correct Answer: DE
To identify the impacted host in a cybersecurity incident involving a command-and-control server, you should focus on analyzing network logs (Option D) and firewall logs (Option E). Both of these logs can provide insights into network traffic, connections, and communication with external servers, which is crucial for identifying the affected host.
Network logs can show you connections to and from the command-and-control server, while firewall logs can reveal attempts to communicate with external servers, including the malicious command-and-control server.
Question 74:
An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?
A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory
Correct Answer: B
Retention policies specify how long data should be retained or archived to meet legal, compliance, and business requirements. In this case, the administrator is assisting the legal and compliance team in ensuring that information about customer transactions is archived for the proper time period, which aligns with data retention policies.
Question 75:
An organization would like to store customer data on a separate part of the network that is not accessible to users on the mam corporate network. Which of the following should the administrator use to accomplish this goal?
A. Segmentation
B. Isolation
C. Patching
D. Encryption
Correct Answer: A
Segmentation involves dividing a network into separate subnetworks or segments, each with its own security controls and access permissions. By segmenting the network, the administrator can isolate sensitive customer data from the main corporate network, reducing the risk of unauthorized access to the data.
Question 76:
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)
A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software
Correct Answer: DE
E. Vendors/supply chain: Supply chain attacks, where attackers compromise vendors or suppliers to introduce vulnerabilities into the software supply chain, are a significant concern. This can result in vulnerable code making its way into the final software releases.
D. Included third-party libraries: Third-party libraries are often used in software development to expedite the process. However, if these libraries contain vulnerabilities or are not kept up-to-date, they can introduce security flaws into the software.
Question 77:
An attacker tricks a user into providing confidential information. Which of the following describes this form of malicious reconnaissance?
A. Phishing
B. Social engineering
C. Typosquatting
D. Smishing
Correct Answer: B
In this case, both options, phishing and social engineering, could be considered correct answers. Phishing is a type of social engineering attack that involves impersonating a trustworthy entity to solicit personal information from the victim
Therefore, the act of an attacker tricking a user into providing confidential information is an example of a phishing attack, which is a type of social engineering attack.
However, if the question specifically asks for the broader term that refers to the use of psychological manipulation to trick users into making security mistakes or giving away sensitive information, then social engineering would be the correct answer.
Question 78:
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading
Correct Answer: C
Jailbreaking is a process in which an individual gains unauthorized access to the operating system of a mobile device, typically to remove software restrictions imposed by the manufacturer or carrier. This allows users to install unauthorized apps and make modifications to the device's operating system, which can create security risks and expose the device to potential threats and vulnerabilities.
By adding a clause to the Acceptable Use Policy (AUP) that prohibits employees from modifying the operating system on mobile devices, the company aims to prevent the practice of jailbreaking, which helps mitigate potential security risks associated with unauthorized software modifications.
Question 79:
A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the best solution to reduce the risk of data loss?
A. Dual supply
B. Generator
C. PDU
D. Daily backups
Correct Answer: B
Which of the following examples would be best mitigated by input sanitization?
A. Cross-Site Scripting(XSS attack)
B. nmap -p- 10.11.1.130
C. Email message: "Click this link to get your free gift card."
D. Browser message: "Your connection is not private."
Question 80:
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps
Correct Answer: A
In a legacy system where modern security practices or network segmentation may not be fully implemented, a compensating control could be used to provide additional security or restrict access. In this case, the host-based firewall rule allowing connections from specific internal IP addresses serves as a compensating control to restrict access and enhance security within the limitations of the legacy environment.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.