Comptia (SY0-601) Exam Questions And Answers page 32
Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee s workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A fileless virus that is contained on a vCard that is attempting to execute an attack
A Trojan that has passed through and executed malicious code on the hosts
A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
Threats, Attacks, and Vulnerabilities
Technologies and Tools
Which ISO standard is certified for privacy?
Single Choice
Which of the following ISO standards is certified for privacy?
ISO 9001
ISO 27002
ISO 27701
ISO 31000
Identity and Access Management
Risk Management
A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meet this requirement?
RAID 0+1
RAID 2
RAID 5
RAID 6
Architecture and Design
Identity and Access Management
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:
data controller.
data owner.
data custodian.
data processor.
Cryptography and PKI
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Choose two.)
VPN
Drive encryption
Network firewall
File-level encryption
USB blocker
MFA
Technologies and Tools
Identity and Access Management
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?
PCI DSS
GDPR
NIST
ISO 31000
Architecture and Design
Risk Management
A security researcher is tracking an adversary by nothing its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?
The Diamond Model of Intrusion Analysis
The Cyber Kill Chain
The MITRE CVE database
The incident response process
Threats, Attacks, and Vulnerabilities
Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?
Data encryption
Data masking
Anonymization
Tokenization
Identity and Access Management
Cryptography and PKI
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company s final software releases? (Choose two.)
Unsecure protocols
Use of penetration-testing utilities
Weak passwords
Included third-party libraries
Vendors/supply chain
Outdated anti-malware software
Threats, Attacks, and Vulnerabilities
Identity and Access Management
A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?
Which of the following types of attacks does this MOST likely represent?
Rainbow table
Brute-force
Password-spraying
Dictionary
Threats, Attacks, and Vulnerabilities
Comments