CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1051:

  A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which of the following configurations should an analyst enable to improve security? (Choose two.)

  A. RADIUS
  B. PEAP
  C. WPS
  D. WEP-TKIP
  E. SSL
  F. WPA2-PSK
  A. RADIUS
  F. WPA2-PSK

  ---

  Explanation Explanation/Reference:WPA2-PSK: WPA works using discrete modes for enterprise and personal use. The most recent enterprise mode, WPA-EAP, uses a stringent 802.1x authentication. The latest personal mode, WPA-PSK, uses Simultaneous Authentication of Equals (SAE) to create a secure handshake.

• Question 1052:

  The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?

  A. Security awareness training
  B. Frequency of NIDS updates
  C. Change control procedures
  D. EDR reporting cycle
  A. Security awareness training

• Question 1053:

  A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  Consistent power levels in case of brownouts or voltage spikes A minimum of 30 minutes runtime following a power outage Ability to trigger graceful shutdowns of critical systems

  Which of the following would BEST meet the requirements?

  A. Maintaining a standby, gas-powered generator.
  B. Using large surge suppressors on computer equipment.
  C. Configuring managed PDUs to monitor power levels.
  D. Deploying an appropriately sized, network-connected UPS device.
  D. Deploying an appropriately sized, network-connected UPS device.

• Question 1054:

  A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

  B. 1
  C. 5
  D. 6
  D. 6

  ---

  RAID 6 is the only I know of that can handle ANY two disk failures. RAID 5/6 (Striping + Distributed Parity) ... (5 at least 3 drives) (RAID 6 requires at least 4 drives).(RAID 5 you can lose one disk, and with RAID 6 you can lose two )

• Question 1055:

  An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

  

  Which of the following BEST describes the attack that was attempted against the forum readers?

  A. SOU attack
  B. DLL attack
  C. XSS attack
  D. API attack
  C. XSS attack

  ---

  Cross-site scripting attacks may occur anywhere that possibly malicious users are allowed to post unregulated material to a trusted website for the consumption of other valid users. The most common example can be found in bulletin-board websites which provide web based mailing list-style functionality. https://owasp.org/www-community/attacks/xss/ https://www.acunetix.com/websitesecurity/cross-site-scripting/

• Question 1056:

  To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?

  A. MaaS
  B. laaS
  C. SaaS
  D. PaaS
  C. SaaS

  ---

  The key here (At this time, no other services will be moving.) means this organization is not fully adopting cloud infrastructure , there's no need to host servers as IaaS or Platfroms as PaaS etc .. they just want one application to be a cloud service, for example (Salesforce.com) which is a SaaS solution and that's it..

• Question 1057:

  A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted.

  Which of the following is the researcher MOST likely using?

  A. The Cyber Kill Chain
  B. The incident response process
  C. The Diamond Model of Intrusion Analysis
  D. MITRE ATTandCK
  C. The Diamond Model of Intrusion Analysis

• Question 1058:

  An analyst receives multiple alerts for beaconing activity for a host on the network, After analyzing the activity, the analyst observes the following activity:

  1.

  A user enters comptia.org into a web browser.

  2.

  The website that appears is not the comptia.org site.

  3.

  The website is a malicious site from the attacker.

  4.

  Users in a different office are not having this issue.

  Which of the following types of attacks was observed?

  A. On-path attack
  B. DNS poisoning
  C. Locator (URL) redirection
  D. Domain hijacking
  B. DNS poisoning

  ---

  Only some client have this problem about web tarns to malicious site. So choose B.

• Question 1059:

  An administrator receives the following network requirements for a data integration with a third-party vendor:

  

  Which of the following is the most appropriate response for the administrator to send?

  A. FTP is an insecure protocol and should not be used.
  B. Port 8080 is a non-standard port and should be blocked.
  C. SSH protocol version 1 is obsolete and should not be used.
  D. Certificate stapling on port 443 is a security risk that should be mitigated.
  A. FTP is an insecure protocol and should not be used.

• Question 1060:

  The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.

  Which of the following is the BEST security solution to reduce this risk?

  A. CASB
  B. VPN concentrator
  C. MFA
  D. VPC endpoint
  A. CASB

  ---

  The best security solution to reduce the risk of shadow IT and unsanctioned high-risk SaaS applications is a Cloud Access Security Broker (CASB). A CASB is a security solution that is designed to provide visibility and control over cloud applications and services. It can be used to block access to unsanctioned applications and to enforce security policies and compliance requirements for cloud services. In this case, the CASB would be used to block access to unsanctioned high-risk SaaS applications, reducing the risk of shadow IT and helping the organization to maintain control over its cloud environment. Options B, C, and D are not specifically related to reducing the risk of shadow IT and unsanctioned SaaS applications. A VPN concentrator is a network device that is used to manage and terminate VPN connections, MFA is a security control that requires multiple factors for authentication, and a VPC endpoint is a networking feature that allows private access to AWS services.