CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1061:

  Which of the following types of attacks is specific to the individual it targets?

  A. Whaling

  B. Pharming

  C. Smishing

  D. Credential harvesting

  Correct Answer: A

  Whaling is highly tailored to their audiences and often include: the victim's name, job title, and basic details that make the communications look legitimate.

• Question 1062:

  A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server's listening ports. Which of the following tools can BEST accomplish this talk?

  A. Netcat

  B. Netstat

  C. Nmap

  D. Nessus

  Correct Answer: B

  The network statistics (netstat) command is a networking tool used for troubleshooting and configuration, that can also serve as a monitoring tool for connections over the network. Both incoming and outgoing connections, routing tables, port listening, and usage statistics are common uses for this command.

• Question 1063:

  During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via WPA2. Physical access to the company's facility requires two-factor authentication using a badge and a passcode

  Which of the following should the administrator implement to find and remediate the Issue? (Select TWO).

  A. Check the SIEM for failed logins to the LDAP directory.

  B. Enable MAC filtering on the switches that support the wireless network.

  C. Run a vulnerability scan on all the devices in the wireless network

  D. Deploy multifactor authentication for access to the wireless network

  E. Scan the wireless network for rogue access points.

  F. Deploy a honeypot on the network

  Correct Answer: BE

  MFA doesn't disable the rogue access point, especially if someone has the credentials to access the network. This is under the assumption that employees are using their own devices.

  Find the rogue access point, do whatever with that, and enable MAC filtering to block access. Not the best thing to do realistically, but doing something like a captive portal isn't MFA. It's the same factor, something you know.

• Question 1064:

  An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

  A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

  B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.

  C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly.

  D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.

  Correct Answer: B

  Cannot mix differential with incremental plus full. It must be Full+Diff or Full+Incr

• Question 1065:

  A RAT that was used to compromise an organization's banking credentials was found on a user's computer.

  The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

  A. Create a new acceptable use policy.

  B. Segment the network into trusted and untrusted zones.

  C. Enforce application whitelisting.

  D. Implement DLP at the network boundary

  Correct Answer: C

  Having a list of allowed apps decreases the risk of an unwanted application with malware being installed.

• Question 1066:

  Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?

  A. An ARO

  B. An MOU

  C. An SLA

  D. A BPA

  Correct Answer: C

  Comptia exams are all about keywords and the catch here is "include monetary penalties for breaches". SLA includes penalties for not delivering services up to contract, BPA does not.

• Question 1067:

  A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?

  A. AH

  B. ESP

  C. SRTP

  D. LDAP

  Correct Answer: B

  When AH tunnel mode is used, the entire packet is signed for integrity and authentication. But when ESP tunnel mode is used, the encapsulated packet between the ESP header and the ESP trailer is signed for integrity and authentication. The new packet can also be encrypted for greater security.

• Question 1068:

  A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

  A. Dual power supply

  B. Off-site backups

  C. Automatic OS upgrades

  D. NIC teaming

  E. Scheduled penetration testing

  F. Network-attached storage

  Correct Answer: AB

  Dual PS keeps the servers up / a DRS will conform to the question of resiliency: Site Resiliency Resiliency of a site should include consideration of sites used to continue operations. Site resiliency considerations can be connected to the idea of restoration sites and their availability. Related to the location of backup storage is where the restoration services will be located. If the organization has suffered physical damage to its facility, having offsite data storage is only part of the solution. This data will need to be processed somewhere, which means that computing facilities similar to those used in normal operations are required. These sites are referred to as recovery sites. The recovery problem can be approached in a number of ways, including hot sites, warm sites, and cold sites.

  https://searchdatacenter.techtarget.com/definition/resiliency

• Question 1069:

  After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

  A. The public ledger

  B. The NetFlow data

  C. A checksum

  D. The event log

  Correct Answer: A

  Blockchain is commonly defined as a distributed, decentralized, public ledger. Each block maintains three parts: Information about the transaction such as date time and amount, Information on the partied involved in the transaction. However, this does not include the actual names but uses digital signatures and a unique harsh that distinguishes the block from other blocks.

  https://www.investopedia.com/tech/what-cryptocurrency-public-ledger/

• Question 1070:

  When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

  A. Acceptance

  B. Mitigation

  C. Avoidance

  D. Transference

  Correct Answer: D

  Risk Transference refers to the shifting of the burden of loss for a risk to another party through legislation, contract, insurance or other means. https://www.bcmpedia.org/wiki/Risk_Transference