CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1021:

  The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

  A. Disconnect all external network connections from the firewall

  B. Send response teams to the network switch locations to perform updates

  C. Turn on all the network switches by using the centralized management software

  D. Initiate the organization's incident response plan.

  Correct Answer: D

• Question 1022:

  A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?

  A. Cellular

  B. NFC

  C. Wi-Fi

  D. Bluetooth

  Correct Answer: B

  NFC allows two devices to communicate with each other when they are in close proximity to each other, typically within 5 centimetres. This makes it the most secure connection method for the company's data transfer requirements.

• Question 1023:

  An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?

  A. White-box

  B. Red-team

  C. Bug bounty

  D. Gray-box

  E. Black-box

  Correct Answer: B

  Definitions from the most up to date Comptia handbook.

  bug bounty=Reward scheme operated by software and web services vendors for reporting vulnerabilities. Where a pen test is performed on a contractual basis, costed by the consultant, a bug bounty program is a way of crowd sourcing detection of vulnerabilities. Some bug bounties are operated as internal programs, with rewards for employees only. Most are open to public submissions (tripwire.com/state-of-security/security-data-protection/cyber-security/essential-bugbounty-programs).

  red team=The "hostile" or attacking team in a penetration test or incident response exercise.

• Question 1024:

  An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

  

  Which of the following BEST describes the attack that was attempted against the forum readers?

  A. SOU attack

  B. DLL attack

  C. XSS attack

  D. API attack

  Correct Answer: C

  Cross-site scripting attacks may occur anywhere that possibly malicious users are allowed to post unregulated material to a trusted website for the consumption of other valid users. The most common example can be found in bulletin-board websites which provide web based mailing list-style functionality. https://owasp.org/www-community/attacks/xss/ https://www.acunetix.com/websitesecurity/cross-site-scripting/

• Question 1025:

  A security analyst must determine if either SSH or Telnet is being used to log in to servers.

  Which of the following should the analyst use?

  A. logger

  B. Metasploit

  C. tcpdump

  D. netstat

  Correct Answer: D

• Question 1026:

  An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?

  A. Bug bounty

  B. White-box

  C. Black-box

  D. Gray-box

  Correct Answer: D

• Question 1027:

  A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage. Which of the following is MOST likely the cause?

  A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage.

  B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.

  C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.

  D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

  Correct Answer: D

  The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

  The presence of Mimikatz alerts and reports of new company flash drives having only 512KB of storage indicate a potential security incident involving malicious activity. Mimikatz is a well-known tool used for extracting plaintext passwords and other sensitive information from memory, which could indicate an attempt to compromise the security of the systems.

  Additionally, the fact that the new flash drives have been tampered with and do not have their original storage capacity suggests that a malicious actor is using the flash drives to bypass the Group Policy Object (GPO) settings that block the use of flash drives. This could be an attempt to introduce malware or exfiltrate data using unauthorized hardware.

• Question 1028:

  Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?

  A. Risk matrix

  B. Risk tolerance

  C. Risk register

  D. Risk appetite

  Correct Answer: D

  Risk appetite is the total risk that an organization chooses to or is otherwise able to bear. This is the aggregate of all residual risk after selected countermeasures are in place. Risk tol- erance is the ability of an organization to absorb the losses associated with realized risks on an individual threat basis. Thus, risk appetite is the overall acceptance of the accumulation of individual risk tolerance issues.

• Question 1029:

  A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?

  A. HIDS

  B. UEBA

  C. CASB

  D. VPC

  Correct Answer: C

• Question 1030:

  A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home.

  Some of the requirements are:

  1.

  Employees must provide an alternate work location (i.e., a home address).

  2.

  Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.

  Which of the following BEST describes the MDM options the company is using?

  A. Geofencing, content management, remote wipe, containerization, and storage segmentation

  B. Content management, remote wipe, geolocation, context-aware authentication, and containerization

  C. Application management, remote wipe, geofencing, context-aware authentication, and containerization

  D. Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption

  Correct Answer: B

  Geofencing vs Geolocation Application Management vs Content Management

  From the requirements:

  *

  "Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed" [Analisys]: here the company is more concerned about data being loss that software being installed on the device. So DLP is more important which is provided by Content Management

  *

  Employees must provide an alternate work location (i.e., a home address).

  Here they want to know where you live but they don't say they will restrict the usage of your device based on your location. So I think Geolocation fits in here fine.