Which of the following would most likely support the integrity of a voting machine?
|
Grátis 193 pág. Ciências• Escola Colegio Estadual Barao Do Rio BrancoEscola Colegio Estadual Barao Do Rio Branco
Pré-visualização | Página 23 de 29Changing the WiFi password every 30 days Reducing WiFi transmit power throughout the office Answer: B D Question #:336 Which of the following is the purpose of a risk register? To define the level or risk using probability and likelihood To register the risk with the required regulatory agencies CompTIA - SY0-601Practice Test 148 of 190Pass Your Certification With Marks4sure Guarantee C. D. A. B. C. D. A. B. C. D. To identify the risk, the risk owner, and the risk measures To formally log the type of risk mitigation strategy the organization is using Answer: C Explanation The Risk Register displays a list of all risks recorded and displays various risk details, including the residual risk level, risk source, risk owner, risk stage, and the treatment status of the risk. https://kb.wisc.edu/security/110450 Question #:337 A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK? WEP MSCHAP WPS SAE Answer: D Explanation In January 2018, the Wi-Fi Alliance announced WPA3 as a replacement to WPA2.[3][4] The new standard uses 128-bit encryption in WPA3-Personal mode (192-bit in WPA3-Enterprise)[5] and forward secrecy.[6] The WPA3 standard also replaces the pre-shared key (PSK) exchange with Simultaneous Authentication of Equals as defined in IEEE 802.11-2016 resulting in a more secure initial key exchange in personal mode https://en.wikipedia.org/wiki/Simultaneous_Authentication_of_Equals#:~:text=In%20cryptography%2C%20Simultaneous%20Authentication%20of,password%2Dauthenticated%20key%20agreement%20method. Question #:338 A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat? A honeyfile A DMZ ULF File integrity monitoring CompTIA - SY0-601Practice Test 149 of 190Pass Your Certification With Marks4sure Guarantee A. B. C. D. A. B. C. D. Answer: A Question #:339 Which of the following would MOST likely support the integrity of a voting machine? Asymmetric encryption Blockchain Transport Layer Security Perfect forward secrecy Answer: B Explanation “Blockchain technology has a variety of potential applications. It can ensure the integrity and transparency of financial transactions, online voting systems, identity management systems, notarization, data storage, and more. ” Question #:340 A user contacts the help desk to report the following: Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested. The user was able to access the Internet but had trouble accessing the department share until the next day. The user is now getting notifications from the bank about unauthorized transactions. Which of the following attack vectors was MOST likely used in this scenario? Rogue access point Evil twin DNS poisoning ARP poisoning Answer: A CompTIA - SY0-601Practice Test 150 of 190Pass Your Certification With Marks4sure Guarantee A. B. C. D. A. B. C. D. A. B. C. D. Question #:341 The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event? The NOC team The vulnerability management team The CIRT The read team Answer: A Question #:342 A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error? The examiner does not have administrative privileges to the system The system must be taken offline before a snapshot can be created Checksum mismatches are invalidating the disk image The swap file needs to be unlocked before it can be accessed Answer: D Question #:343 Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement? An SLA AnNDA ABPA AnMOU Answer: D CompTIA - SY0-601Practice Test 151 of 190Pass Your Certification With Marks4sure Guarantee A. B. C. D. A. B. C. D. E. Question #:344 When planning to build a virtual environment, an administrator need to achieve the following, •Establish polices in Limit who can create new VMs •Allocate resources according to actual utilization‘ •Require justication for requests outside of the standard requirements. •Create standardized categories based on size and resource requirements Which of the following is the administrator MOST likely trying to do? Implement IaaS replication Product against VM escape Deploy a PaaS Avoid VM sprawl Answer: D Question #:345 A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs: Which of the following should the company use to secure its website rf the company is concerned with convenience and cost? A self-signed certificate A root certificate A code-signing certificate A wildcard certificate An extended validation certificate Answer: B CompTIA - SY0-601Practice Test 152 of 190Pass Your Certification With Marks4sure Guarantee A. B. C. D. A. B. C. D. Question #:346 An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? Hping3 –s comptia, org –p 80 Nc -1 –v comptia, org –p 80 nmp comptia, org –p 80 –aV nslookup –port=80 comtia.org Answer: C Explanation Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. Question #:347 Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements: • There must be visibility into how teams are using cloud-based services. • The company must be able to identify when data related to payment cards is being sent to the cloud. • Data must be available regardless of the end user's geographic location • Administrators need a single pane-of-glass view into traffic and trends. Which of the following should the security analyst recommend? Create firewall rules to restrict traffic to other cloud service providers. Install a DLP solution to monitor data in transit. Implement a CASB solution. Configure a web-based content filter. Answer: B Question #:348 CompTIA - SY0-601Practice Test 153 of 190Pass Your Certification With Marks4sure Guarantee A. B. C. D. A. B. C. D. A malicious actor recently penetration a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server. Which of the following files should be given to the forensics firm? Security Application Dump Syslog Answer: C Explanation Dump files are a special type of |
