CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1001:

  A small business office is setting up a wireless infrastructure with primary requirements centered around protecting customer information and preventing unauthorized access to the business network.

  Which of the following would BEST support the office's business needs? (Select TWO)

  A. Installing WAPs with strategic placement

  B. Configuring access using WPAs

  C. Installing a WIDS

  D. Enabling MAC filtering

  E. Changing the WiFi password every 30 days

  F. Reducing WiFi transmit power throughout the office

  Correct Answer: BD

• Question 1002:

  During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

  

  Which of the following attacks occurred?

  A. Buffer overflow

  B. Pass the hash

  C. SQL injection

  D. Replay attack

  Correct Answer: B

• Question 1003:

  A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

  

  Which of the following attacks was successfully implemented based on the output?

  A. Memory leak

  B. Race conditions

  C. SQL injection

  D. Directory traversal

  Correct Answer: D

  A - Memory Leak - If there was a memory leak, the first line of the HTTP header probably wouldn't be HTTP/1.0 200 OK because it'd likely result in the server crashing. It is possible to have an ongoing memory leak without crashing the

  server, but there is no evidence of that.

  B - Race conditions - There is no evidence of race conditions.

  C - SQL injection - There is no evidence of SQL injection.

  D - Directory Traversal - This picture shows the output of an HTTP response, including both a header (first three lines) and a body. An HTTP response should not contain a body, especially one consisting of the contents of the passwd file. So

  the HTTP request was probably something like "example.com/../../../../../../../etc/passwd".

• Question 1004:

  Which of the following controls would provide the BEST protection against tailgating?

  A. Access control vestibule

  B. Closed-circuit television

  C. Proximity card reader

  D. Faraday cage

  Correct Answer: A

• Question 1005:

  An employee's company account was used in a data breach Interviews with the employee revealed:

  The employee was able to avoid changing passwords by using a previous password again. The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

  Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

  A. Geographic dispersal

  B. Password complexity

  C. Password history

  D. Geotagging

  E. Password lockout

  F. Geofencing

  Correct Answer: CF

• Question 1006:

  Which of the following roles would MOST likely have direct access to the senior management team?

  A. Data custodian

  B. Data owner

  C. Data protection officer

  D. Data controller

  Correct Answer: D

• Question 1007:

  As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results. The exception process and policy have been correctly followed by the majority of users A small number of users did not create tickets for the requests but were granted access All access had been approved by supervisors. Valid requests for the access sporadically occurred across multiple departments. Access, in most cases, had not been removed when it was no longer needed

  Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

  A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

  B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

  C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

  D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

  Correct Answer: C

• Question 1008:

  Which of the following is a physical security control that ensures onty the authorized user is present when gaining access to a secured area?

  A. A biometric scanner

  B. A smart card reader

  C. APKItoken

  D. A PIN pad

  Correct Answer: A

  A biometric scanner uses physical characteristics such as fingerprints to identify an individual user. It is used to ensure that only the authorized user is present when gaining access to a secured area.

• Question 1009:

  Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

  A. Weak configurations

  B. Integration activities

  C. Unsecure user accounts

  D. Outsourced code development

  Correct Answer: A

  Customers who are involved with Ul developer agreements should be concerned with weak configurations when considering the use of these products on highly sensitive projects. Weak configurations can lead to security vulnerabilities, which can be exploited by malicious actors. It is important to ensure that all configurations are secure and up-to-date in order to protect sensitive data. Source: UL

• Question 1010:

  A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider?

  A. Hashing

  B. Salting

  C. Lightweight cryptography

  D. Steganography

  Correct Answer: B