Best Preparations of SY0-601 Exam 2022 CompTIA Security+ Unlimited 600 Questions [Q296-Q311]

NO.296 A security researching is tracking an adversary by noting its attack and techniques based on its capabilities, infrastructure, and victims.
Which of the following is the researcher MOST likely using?

NO.297 A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance.
Which of the following RAID levels should the administrator select?

NO.298 In which of the following common use cases would steganography be employed?

NO.299 A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?

NO.300 A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques. Which of the following should the analyst use?

NO.301 A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees.
Which of the following controls should the company consider using as part of its IAM strategy?
(Select TWO).

NO.302 A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.
INSTRUCTIONS
Click on each firewall to do the following:
* Deny cleartext web traffic.
* Ensure secure management protocols are used.
* Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

NO.303 A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

NO.304 Several large orders of merchandise were recently purchased on an e-commerce company’s website. The totals for each of the transactions were negative values, resulting in credits on the customers’ accounts. Which of the following should be implemented to prevent similar situations in the future?

NO.305 While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without impacting availability?

NO.306 Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

NO.307 A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

NO.308 A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

NO.309 A company’s bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company’s forensics team to assist in the cyber-incident investigation.
An incident responder learns the following information:
* The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs.
* All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network.
* Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection
* occurs, were unaffected.
Which of the following is the MOST likely root cause?

NO.310 During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company’s naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company’s facility requires two-factor authentication using a badge and a passcode Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

NO.311 A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat?