CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1071:

  A security engineer needs to Implement the following requirements:

  1.

  All Layer 2 switches should leverage Active Directory tor authentication.

  2.

  All Layer 2 switches should use local fallback authentication If Active Directory Is offline.

  3.

  All Layer 2 switches are not the same and are manufactured by several vendors.

  Which of the following actions should the engineer take to meet these requirements? (Select TWO).

  A. Implement RADIUS.

  B. Configure AAA on the switch with local login as secondary

  C. Configure port security on the switch with the secondary login method.

  D. Implement TACACS+

  E. Enable the local firewall on the Active Directory server.

  F. Implement a DHCP server

  Correct Answer: AB

  You need to implement the radius server. after that you have to configure the switch to use the AAA server (Radius in this case) with fallback to local authentication

• Question 1072:

  An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

  A. Antivirus

  B. IPS.

  C. FTP

  D. FIM

  Correct Answer: D

  File Integrity Monitoring (FIM) is a security measure that helps identify and prevent data tampering within the enterprise. FIM systems monitor files and directories for any unauthorized changes, modifications, or tampering. When changes are detected, alerts or notifications are generated, allowing security teams to investigate and respond to potential security incidents.

  FIM is particularly useful for detecting unauthorized changes to critical system files, configurations, and sensitive data. It helps maintain the integrity of important files and ensures that they remain in their original state, protecting against unauthorized access or manipulation.

  Reference: https://www.cypressdatadefense.com/blog/data-tampering-prevention/

• Question 1073:

  An organization is developing an authentication service for use at the entry and exit ports of country borders.

  1.

  The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports.

  2.

  The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time.

  3.

  The more frequently passengers travel, the more accurately the service will identify them.

  Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)

  A. Voice

  B. Gait

  C. Vein

  D. Facial

  E. Retina

  F. Fingerprint

  Correct Answer: BD

  Most accurate according to the objectives

• Question 1074:

  A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them.

  Which of the following is the MOST likely cause of this issue?

  A. An external access point is engaging in an evil-twin attack.

  B. The signal on the WAP needs to be increased in that section of the building.

  C. The certificates have expired on the devices and need to be reinstalled.

  D. The users in that section of the building are on a VLAN that is being blocked by the firewall

  Correct Answer: A

• Question 1075:

  Which of the following is the purpose of a risk register?

  A. To define the level or risk using probability and likelihood

  B. To register the risk with the required regulatory agencies

  C. To identify the risk, the risk owner, and the risk measures

  D. To formally log the type of risk mitigation strategy the organization is using

  Correct Answer: C

  The Risk Register displays a list of all risks recorded and displays various risk details, including the residual risk level, risk source, risk owner, risk stage, and the treatment status of the risk. https://kb.wisc.edu/security/110450

• Question 1076:

  Which of the following is assured when a user signs an email using a private key?

  A. Non-repudiation

  B. Confidentiality

  C. Availably

  D. Authentication

  Correct Answer: A

  Non Repudiation is your virtual John Hancock. It's a way of virtually stamping any data or document with "I am who I say I am". Only way to break this would be if the private key owners' private key became compromised. Which at that point you got bigger problems than Non Repudiation.

• Question 1077:

  Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

  A. Data encryption

  B. Data masking

  C. Anonymization

  D. Tokenization

  Correct Answer: B

  Tokenization means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate to the production database. An authorized query or app can retrieve the original value from the vault, if necessary, so tokenization is a reversible technique. Tokenization is used as a substitute for encryption, because from a regulatory perspective an encrypted field is the same value as the original data.

• Question 1078:

  A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?

  A. Vishing

  B. Whaling

  C. Phishing

  D. Smishing

  Correct Answer: D

  Pretty straightforward. Smishing, a portmanteau of SMS and phishing, is a specific type of phishing done via text messaging, and it's commonly used to orchestrate invoice scams or otherwise harvest credentials.

• Question 1079:

  During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted and the adversary is able lo maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?

  A. Reconnaissance

  B. Command and control

  C. Actions on objective

  D. Exploitation

  Correct Answer: B

  Command and control (C2)--establishment of outbound communications from a victim system for secure communications between victim and adversary systems. Compromised hosts typically beacon out and await further instruction or exploit when higher order interaction or data exchange is required. This is the hallmark of advanced persistent threat (APT) attacks and data exfiltration.

• Question 1080:

  Data exfiltration analysis indicates that an attacker managed to download system configuration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server.

  Which of the following attacks explains what occurred? (Select TWO)

  A. Pass-the- hash

  B. Directory traversal

  C. SQL injection

  D. Privilege escalation

  E. Cross-site scnpting

  F. Request forgery

  Correct Answer: BD

  Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. If the attempt is successful, the threat actor can view restricted files or execute commands on the server.

  Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.