CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1071:

  A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

  A. Implement input validations
  B. Deploy MFA
  C. Utilize a WAF
  D. Configure HIPS
  A. Implement input validations

  ---

  Explanation Explanation/Reference:

• Question 1072:

  An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

  A. SLA
  B. BPA
  C. NDA
  D. MOU
  A. SLA

• Question 1073:

  A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.

  Which of the following tools can the analyst use to verify the permissions?

  A. ssh
  B. chmod
  C. ls
  D. setuid
  E. nessus
  F. nc
  B. chmod

  ---

  chmod is used to set permissions for the file. If you use: ls -l

• Question 1074:

  The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

  A. Updating the playbooks with better decision points
  B. Dividing the network into trusted and untrusted zones
  C. Providing additional end-user training on acceptable use
  D. Implementing manual quarantining of infected hosts
  A. Updating the playbooks with better decision points

  ---

  The question asks for the "Best" way to improve the "incident response process." -A: directly effects and makes the decision process better. -B: Does not effect the incident response process. It is a preventative measure. -C: Does not effect the incident response process. Again preventative and also it focus on the end user not the IT staff making the decisions during the attack. -D: Trick answer. This was the course of action taken during the incident. The question asks for a way to lessen the 30min response time by the IT staff.

• Question 1075:

  A security analyst reviews web server logs and finds the following string gallerys?file--. ./../../../../. . / . ./etc/passwd

  Which of the following attacks was performed against the web server?

  A. Directory traversal
  B. CSRF
  C. Pass the hash
  D. SQL injection
  A. Directory traversal

  ---

  Directory traversal is an attack that exploits a vulnerability in a web application or a file system to access files or directories that are outside the intended scope. The attacker can use special characters, such as .../ or ...\ , to navigate through the directory structure and access restricted files or directories.

• Question 1076:

  An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?

  A. CIS benchmarks
  B. GDPR guidance
  C. Regional regulations
  D. ISO 27001 standards
  A. CIS benchmarks

  ---

  Explanation Explanation/Reference:CIS Benchmarks for mobile devices cover security configurations for operating systems that run on mobile phones, tablets, and other hand-held devices. ISO/IEC 27001 is an Information security management standard that structures how businesses should manage risk associated with information security threats; The General Data Protection Regulation sets guidelines for the collection and processing of personal data of individuals within the European Union; its about how organizations should handle the personal data of individuals https://www.beyondtrust.com/resources/glossary/systems-hardening

• Question 1077:

  Which ol the following is required in order or an IDS and a WAF to be effective on HTTPS traffic?

  A. Hashing
  B. DNS sinkhole
  C. TLS inspection
  D. Data masking
  C. TLS inspection

  ---

  TLS (Transport Layer Security) is a protocol that is used to encrypt data sent over HTTPS (Hypertext Transfer Protocol Secure). In order for an intrusion detection system (IDS) and a web application firewall (WAF) to be effective on HTTPS traffic, they must be able to inspect the encrypted traffic. TLS inspection allows the IDS and WAF to decrypt and inspect the traffic, allowing them to detect any malicious activity. References: [1] CompTIA Security+ Study Guide Exam SY0-601 [1], Sixth Edition, Chapter 11, "Network Security Monitoring" [2] CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, Chapter 7, "Intrusion Detection and Prevention"

• Question 1078:

  Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following Plans would fulfill this requirement?

  A. Communication plan
  B. Disaster recovery plan
  C. Business continuity plan
  D. Risk plan
  A. Communication plan

  ---

  A communication plan is a plan that would fulfill the requirement of keeping stakeholders at an organization aware of any incidents and receiving updates on status changes as they occur. A communication plan is a document that outlines the communication objectives, strategies, methods, channels, frequency, and audience for an incident response process. A communication plan can help an organization communicate effectively and efficiently with internal and external stakeholders during an incident and keep them informed of the incident's impact, progress, resolution, and recovery. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/ comptia-security-sy0-601-exam-objectives https://www.ready.gov/business-continuity-plan

• Question 1079:

  Which of the following would be the best way to block unknown programs from executing?

  A. Access control list
  B. Application allow list
  C. Host-based firewall
  D. DLP solution
  B. Application allow list

  ---

  Application allow list (Application Whitelisting): Application allow listing is a security approach that allows only approved or known applications to run on a system while blocking all others. Unknown or unapproved programs are automatically prevented from executing. It is an effective method for blocking the execution of unauthorized or unknown software and can help prevent malware and unauthorized applications from running on a system.

• Question 1080:

  A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

  

  To better understand what is going on, the analyst runs a command and receives the following output:

  

  Based on the analyst's findings, which of the following attacks is being executed?

  A. Credential harvesting
  B. Keylogger
  C. Brute-force
  D. Spraying
  D. Spraying

  ---

  Brute forcing focuses intensively on one account with every computable password attempt, whereas spraying simply attempts a few or several passwords on an account before moving on.