CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1021:

  A penetration tester executes the command crontab -l while working in a Linux server environment. The penetration tester observes the following string in the current user's list of cron jobs:

  */10 * * * * root /writable/update.sh

  Which of the following actions should the penetration tester perform NEXT?

  A. Privilege escalation
  B. Memory leak
  C. Directory traversal
  D. Race condition
  A. Privilege escalation

• Question 1022:

  While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

  A. A RAT was installed and is transferring additional exploit tools.
  B. The workstations are beaconing to a command-and-control server.
  C. A logic bomb was executed and is responsible for the data transfers.
  D. A fireless virus is spreading in the local network environment
  A. A RAT was installed and is transferring additional exploit tools.

  ---

  "A remote access Trojan (RAT) is a type of malware that allows attackers to control systems from remote locations. It is often delivered via drive-by downloads or malicious attachments in email. Once installed on a system, attackers can then access the infected computer at any time and install additional malware if desired. A growing trend is for attackers to deliver trojans as Portable Executable (PE) files in 32-bit (PE32) and 64-bit (PE64) formats. They often compress the PE files using compression tools, such as tar (sometimes called tarball). Tar files have the .tar.gz file extension." taken from darril gibson S+ study guide. answer= RAT

• Question 1023:

  Which of the following holds staff accountable while escorting unathorized personal?

  A. Locks
  B. Badges
  C. Cameras
  D. Visitor logs
  D. Visitor logs

  ---

  Visitor logs hold staff accountable while escorting unauthorized personnel. A visitor log is a record of individuals who enter a facility, and it typically includes details such as the date and time of the visit, the name of the visitor, and the name of the staff member who escorted them. By maintaining a visitor log, it is possible to track who has entered the facility and who was responsible for escorting them. This can help to hold staff accountable for escorting unauthorized personnel and ensure that they are following security protocols and procedures. Locks, badges, and cameras are all important security measures, but they are not directly related to holding staff accountable for escorting unauthorized personnel.

• Question 1024:

  Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

  A. ISO 27701
  B. The Center for Internet Security
  C. SSAE SOC 2
  D. NIST Risk Management Framework
  B. The Center for Internet Security

• Question 1025:

  A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

  A. Enumeration
  B. Sanitization
  C. Destruction
  D. Inventory
  B. Sanitization

  ---

  Data sanitization involves purposely, permanently deleting, or destroying data from a storage device, to ensure it cannot be recovered.

• Question 1026:

  A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?

  A. ISO 27001 certification documents
  B. Proof of PCI DSS compliance
  C. A third-party SOC 2 Type 2 report
  D. Audited GDPR policies
  B. Proof of PCI DSS compliance

• Question 1027:

  The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML- based protocols. Which of the following will this enable?

  A. SSO
  B. MFA
  C. PKI
  D. OLP
  A. SSO

• Question 1028:

  The Chief Information Secunty Officer came across a news arbcle outining a mechan'sm thal allows certan OS passwords to be bypassed The security team was then tasked with determining which method could be used to prevent data loss in the corporate environment in case an attacker bypasses authentication Which of the following will accomplish this objective?

  A. FDE
  B. Proper patch management protocols
  C. TPM
  D. Input validations
  A. FDE

• Question 1029:

  A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done FIRST?

  A. Configure heat maps.
  B. Utilize captive portals.
  C. Conduct a site survey.
  D. Install Wi-Fi analyzers.
  C. Conduct a site survey.

• Question 1030:

  A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text:

  

  suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal time suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdparty-compliance.sh suspicious event - user: scheduledtasks successfully executed c:\weekly_checkups\amazing-3rdparty-domain-assessment.py

  Which of Ihe following is the MOST likely attack conducted on the environment?

  A. Malicious script
  B. Privilege escalation
  C. Doman hijacking
  D. DNS poisoning
  A. Malicious script

  ---

  Definitely A: Malicious Scripts. Cos look at these: 1. weekly_checkups\secureyourAD-3rdparty-compliance.sh 2. scheduledtasks, and 3. amazing-3rdparty-domain-assessment. All those are definitely malicious names that results in password changes.