CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 91:

  A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports

  Which of the following attacks in happening on the corporate network?

  A. Man in the middle
  B. Evil twin
  C. Jamming
  D. Rogue access point
  E. Disassociation
  B. Evil twin

  ---

  From Prof Messer: A more sinister type of rogue access point is a wireless evil twin. This is an access point that is designed to look exactly like the access points that are already on your network, but they were put there for a malicious reason. This is usually an attacker that's trying to get your users to connect to their access point by using a similar SSID name, similar configuration settings, or putting the access point in an area where your users might happen to be. Based on the fact that it's broadcasting across all channels and specifically copying the BSSID of a legitimate access point, it seems more concerning than an employee simply plugging in a wireless router he had laying around.

• Question 92:

  An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

  A. PEAP
  B. EAP-FAST
  C. EAP-TLS
  D. EAP-TTLS
  B. EAP-FAST

• Question 93:

  A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?

  A. Reverse proxy
  B. Automated patch management
  C. Snapshots
  D. NIC teaming
  A. Reverse proxy

  ---

  A reverse proxy would be the best solution for increased scalability and flexibility for back- end infrastructure.

• Question 94:

  An organization wants to ensure it can track changes between software deployments. Which of the following concepts should the organization implement?

  A. Continuous monitoring
  B. Rights management
  C. Non-repudiation
  D. Version control
  D. Version control

• Question 95:

  A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST?

  A. Retention
  B. Governance
  C. Classification
  D. Change management
  C. Classification

  ---

  Explanation Explanation/Reference:Classification is the first step to determine what data contains PHI

• Question 96:

  During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

  A. Conduct a full vulnerability scan to identify possible vulnerabilities
  B. Perform containment on the critical servers and resources
  C. Review the firewall and identify the source of the active connection
  D. Disconnect the entire infrastructure from the internet
  B. Perform containment on the critical servers and resources

  ---

  Explanation Explanation/Reference:Perform containment on the critical servers and resources -> Isolation or containment is the first thing to do after an incident has been discovered

• Question 97:

  Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

  A. Pulverizing
  B. Overwriting
  C. Shredding
  D. Degaussing
  B. Overwriting

• Question 98:

  Which of the following strategies shifts risks that are not covered in an organization's risk strategy?

  A. Risk transference
  B. Risk avoidance
  C. Risk mitigation
  D. Risk acceptance
  A. Risk transference

  ---

  Risk transference is a risk management strategy that involves shifting the financial burden of potential risks to a third party. This is typically done by purchasing insurance or transferring the risk to a vendor or business partner through contractual agreements. By transferring the risk, the organization aims to mitigate the potential financial impact of the risk and protect its assets.

• Question 99:

  An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

  A. The theft of portable electronic devices
  B. Geotagging in the metadata of images
  C. Bluesnarfing of mobile devices
  D. Data exfiltration over a mobile hot-spot
  D. Data exfiltration over a mobile hot-spot

  ---

  The secure data they want to keep secure is presumably on stationary machines inside the facility, airgapped from the internet. How would that get bluesnarfed? Why on earth would you set up a phone confiscating system to prevent bluesnarfing instead of just disabling bluetooth on the machines inside? On the other hand, if we assume the secure facility is not internet-connected (makes sense to me) then we definitely don't want people bringing in phones to use as mobile hotspots, which allows a vector for inside info to get outside. Sorry Gibson, you're wrong again. https://www.signalbooster.com/blogs/news/how-much-which-building-materials-block-cellular-wifi-signals#:~:text=Along%20with%203G%20and%204G%20LTE%2C%20metal%20roofs%20deflect%205G%20signals%20the%20most% 20because%205G%20uses%20higher%20frequencies%20that%20can%20penetrate%20metal%20the%20least.

• Question 100:

  Which of the following is the BEST method for ensuring non-repudiation?

  A. SSO
  B. Digital certificate
  C. Token
  D. SSH key
  B. Digital certificate

  ---

  Digital certificates are the best method for ensuring non-repudiation. A digital certificate is an electronic credential that binds an entity's identity to a public key. It is issued by a trusted third party known as a Certificate Authority (CA). When a user digitally signs a message or document using their private key, the recipient can verify the signature using the corresponding public key from the user's digital certificate. This process provides assurance that the sender of the message cannot later deny having sent it, thus ensuring non-repudiation.