CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1091:

  A business operations manager is concerned that a PC that is critical to business operations will have a costly hardware failure soon. The manager is looking for options to continue business operations without incurring large costs.

  Which of the following would mitigate the manager's concerns?

  A. Implement a full system upgrade

  B. Perform a physical-to-virtual migration

  C. Install uninterruptible power supplies

  D. Purchase cybersecurity insurance

  Correct Answer: B

  A Physical to virtual migration (P2V), is the migration of physical machines to virtual machines. Converting the PC to a VM temporarily will allow the PC to continue to its operations on a different host. The other options would require that PC be turned off so the organization would not have access to its function.

• Question 1092:

  Which of the following components can be used to consolidate and forward inbound Internet traffic to multiple cloud environments though a single firewall?

  A. Transit gateway

  B. Cloud hot site

  C. Edge computing

  D. DNS sinkhole

  Correct Answer: A

  VPC peering relationships can quickly become difficult to manage, especially if each VPC must interconnect in a mesh-like structure. A transit gateway is a simpler means of managing these interconnections. Essentially, a transit gateway is a virtual router that handles routing between the subnets in each attached VPC and any attached VPN gateways (aws.amazon.com/transit-gateway).

• Question 1093:

  A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether odified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

  A. Check the hash of the installation file

  B. Match the file names

  C. Verify the URL download location

  D. Verify the code-signing certificate

  Correct Answer: A

  The hardware manufacturer will post the hash of the file publicly, and anyone who receives a copy of that file will be able to run a checksum on the file themselves, and compare them to the official manufacturer-provided checksum. Hashing is almost always the correct answer in these type of questions. You'll see a lot of Github repositories using hashed checksums as well for verification, and I recently just installed Java onto my new computer. Java provided me with a hashed checksum for the setup executable.

• Question 1094:

  A technician enables full disk encryption on a laptop that will be taken on a business tnp. Which of the following does this process BEST protect?

  A. Data in transit

  B. Data in processing

  C. Data at rest

  D. Data tokenization

  Correct Answer: C

  Data at rest: Data at rest is data in its stored or resting state, which is typically on some type of persistent storage such as a hard drive or tape. Symmetric encryption is used in this case.

• Question 1095:

  A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?

  A. Preventive controls

  B. Compensating controls

  C. Deterrent controls

  D. Detective controls

  Correct Answer: C

  Deterrent makes sense on further thought. The question just states unauthorized access. It doesn't state the intent of any unauthorized intruders. Deterrence is designed to reduce the occurrence of unintentional bystanders or unmotivated malicious agents from entering the site. Should the agent be motivated enough, a preventative measure is needed. But again, the question doesn't list intentions. Therefore this method works to limit the number of unauthorized visitors by weeding out everyone but the motivated, and the truly stupid.

• Question 1096:

  A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website The malicious actor posted an entry in an attempt to trick users into cltckmg the following:

  

  Which of the following was MOST likely observed?

  A. DLL injection

  B. Session replay

  C. SOLI

  D. XSS

  Correct Answer: D

  URL Structure: The URL starts with "https://www.c0mpt1a.com/contact-us/," which is a typical URL structure for a website's contact page. This part appears normal.

  Query Parameter: Following the "/", there is a query parameter represented as "?name=". Query parameters in a URL are often used to pass data to a web application.

  Payload: After the "name=" query parameter, there is a URL-encoded string: "%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E". Let's decode and analyze this payload step by step:

  "%3C" represents "<" in URL encoding, and "%3E" represents ">".

  So, "%3Cscript%3E" is "" in HTML.

  Between the "" tags, there is JavaScript code: "alert(document.cookie)".

• Question 1097:

  A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security contral standards.

  Which of the following is the MOST likely source of the breach?

  A. Side channel

  B. Supply chain

  C. Cryptographic downgrade

  D. Malware

  Correct Answer: B

  Based on the information provided, the most likely source of the breach is the supply chain. The breach occurred when customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor. This indicates that the vendor, who is part of the supply chain, may not have the same level of security control standards as the company itself, making it a potential weak link in the overall security posture. Supply chain attacks involve targeting third-party vendors, suppliers, or business partners as a means to gain unauthorized access to the main target organization's systems or data.

• Question 1098:

  Which of the following incident response steps occurs before containment?

  A. Eradication

  B. Recovery

  C. Lessons learned

  D. Identification

  Correct Answer: D

• Question 1099:

  Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

  A. SPIM

  B. vishing

  C. Hopping

  D. Phishing

  E. Credential harvesting

  F. Tailgating

  Correct Answer: BE

  after heavy consideration and reading through multiple sec+ books, i m kinda going with B and D. vishing and credential harvesting as being the most common attacks, as hopping doesnt ever seem to come up in the material. https://fitsmallbusiness.com/voip-security-threats/

• Question 1100:

  Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

  A. File integrity monitoring

  B. Honeynets

  C. Tcpreplay

  D. Data loss prevention

  Correct Answer: D