CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1091:

  A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

  A. Preventive
  B. Deterrent
  C. Corrective
  D. Detective
  D. Detective

  ---

  The DNS logging tool is a detective control because it monitors the website visited by the users and reports any suspicious ones based on certain criteria. It does not prevent, deter or correct the behaviour of the users, but rather identifies and notifies the administrator of any potential security risks.

• Question 1092:

  A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

  A. Nmapn
  B. Heat maps
  C. Network diagrams
  D. Wireshark
  B. Heat maps

  ---

  Explanation Heat maps directly correlate to wireless technology. A network diagram isn't specific to wireless, and isn't going to solve the issue.

• Question 1093:

  An organization has activated an incident response plan due to a malware outbreak on its network The organization has brought in a forensics team that has identified an internet- facing Windows server as the likely point of initial compromise The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code Which of the following actions would be BEST to prevent reinfection from the initial infection vector?

  A. Prevent connections over TFTP from the internal network
  B. Create a firewall rule that blocks port 22 from the internet to the server
  C. Disable file shanng over port 445 to the server
  D. Block port 3389 inbound from untrusted networks
  D. Block port 3389 inbound from untrusted networks

  ---

  The SMB Protocol (in all its version) doesn't provide functionality to execute files at the remote systems. Its main objective is to support the sharing of file and print resource between machines. The only feasible option left is loggin through RDP and manually executing the file.

• Question 1094:

  An organization is concerned about intellectual property theft by employees who leave the organization. Which of the following should the organization MOST likely implement?

  A. CBT
  B. NDA
  C. MOU
  D. AUP
  B. NDA

• Question 1095:

  A technician enables full disk encryption on a laptop that will be taken on a business tnp. Which of the following does this process BEST protect?

  A. Data in transit
  B. Data in processing
  C. Data at rest
  D. Data tokenization
  C. Data at rest

  ---

  Data at rest: Data at rest is data in its stored or resting state, which is typically on some type of persistent storage such as a hard drive or tape. Symmetric encryption is used in this case.

• Question 1096:

  A security operations technician is searching the log named /vax/messages for any events that were associated with a workstation with the IP address 10.1.1.1.

  Which of the following would provide this information?

  A. cat /var/messages | grep 10.1.1.1
  B. grep 10.1.1.1 | cat /var/messages
  C. grep /var/messages | cat 10.1.1.1
  D. cat 10.1.1.1 | grep /var/messages
  A. cat /var/messages | grep 10.1.1.1

  ---

  the cat command reads the file and streams its content to standard output. The | symbol connects the output of the left command with the input of the right command. The grep command returns all lines that match the regex. The cut command splits each line into fields based on a delimiter and extracts a specific field.

• Question 1097:

  An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:

  

  Which of the following BEST describes the type of password attack the attacker is performing?

  A. Dictionary
  B. Pass-the-hash
  C. Brute-force
  D. Password spraying
  A. Dictionary

• Question 1098:

  A security administrator Is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Select TWO).

  A. IPSec
  B. SFTP
  C. SRTP
  D. LDAPS
  E. S/MIME
  F. SSL VPN
  A. IPSec
  F. SSL VPN

  ---

  IPSec (Internet Protocol Security) is a technology that provides secure communication over the internet by encrypting traffic and authenticating it at both the sender and receiver. It can be used to create secure tunnels between two or more devices, allowing users to access resources securely and privately. SSL VPN (Secure Sockets Layer Virtual Private Network) is a type of VPN that uses an SSL/TLS connection to encrypt traffic between two or more devices. It is a secure and reliable solution for providing remote access, as all traffic is encrypted and authenticated. Additionally, SSL VPNs can also be used to restrict access to certain websites and services, making them a secure and robust solution for remote access.

• Question 1099:

  A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

  A. Logs from each device type and security layer to provide correlation of events
  B. Only firewall logs since that is where attackers will most likely try to breach the network
  C. Email and web-browsing logs because user behavior is often the cause of security breaches
  D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device
  A. Logs from each device type and security layer to provide correlation of events

  ---

  Explanation Explanation/Reference:"A" should be the right exam answer. In the real world, you might have to be a bit more picky which logs to choose, as you have limitations like EPS based licenses for your SIEM or limited hardware resources, so it not always the best solution to feed everything to your SIEM.

• Question 1100:

  A server administrator is reporting performance issues when accessing all internal resources. Upon further investigation, the security team notices the following:

  1.

  A user's endpoint has been compromised and is broadcasting its MAC as the default gateway's MAC throughout the LAN.

  2.

  Traffic to and from that endpoint is significantly greater than all other similar endpoints on the LAN.

  3.

  Network ports on the LAN are not properly configured.

  4.

  Wired traffic is not being encrypted properly.

  Which of the following attacks is most likely occurring?

  A. DDoS
  B. MAC flooding
  C. ARP poisoning
  D. DHCP snooping
  C. ARP poisoning