CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1131:

  Which of the following is the first step to take when creating an anomaly detection process?

  A. Selecting events
  B. Building a baseline
  C. Selecting logging options
  D. Creating an event log
  B. Building a baseline

• Question 1132:

  A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

  A. Shadow IT
  B. Script kiddies
  C. APT
  D. Insider threat
  C. APT

  ---

  An APT attack is characterized by using toolkits to achieve a presence on a target network and then, instead of just moving to steal information, focusing on the long game by maintaining a persistent presence on the target network. The tactics, tools, and procedures of APTs are focused on maintaining administrative access to the target network and avoiding detection. Then, over the long haul, the attacker can remove intellectual property and more from the organization, typically undetected.

• Question 1133:

  Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

  A. Business recovery plan
  B. Incident response plan
  C. Communication plan
  D. Continuity of operations plan
  D. Continuity of operations plan

  ---

  COOP is similar to BCP, but a federal initiative that intends to encourage organizations to address how critical operations will continue under a broad range of negative circumstances. it addresses emergencies from all hazard approach instead of focusing on a specific event.

• Question 1134:

  A security analyst is reviewing the following logs:

  

  Which of the following attacks is most likely occurring?

  A. Password spraying
  B. Account forgery
  C. Pass-the-hash
  D. Brute-force
  A. Password spraying

• Question 1135:

  Which of the following should an organization consider implementing In the event executives need to speak to the media after a publicized data breach?

  A. Incident response plan
  B. Business continuity plan
  C. Communication plan
  D. Disaster recovery plan
  C. Communication plan

  ---

  Explanation Explanation/Reference:A communication plan is a policy-driven approach to providing company stakeholders with certain information

• Question 1136:

  The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files

  The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again.

  Which of the following is MOST capable of accomplishing both tasks?

  A. HIDS
  B. Allow list
  C. TPM
  D. NGFW
  C. TPM

• Question 1137:

  Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?

  A. Production
  B. Test
  C. Staging
  D. Development
  D. Development

  ---

  Explanation Explanation/Reference:A development environment is essentially what is on the development team's computers. It's where the developers are writing their code, making code updates, and where all their commits and branches exist. The development environment does not affect what the end user sees. Instead, it allows development to try out new features and updates before pushing them forward to deployment. A lot of preliminary testing is done at this point before moving to the next environment the stage environment. https://www.pagerduty.com/resources/learn/what-is-production-environment/

• Question 1138:

  A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

  

  Which of the following network attacks is the researcher MOST likely experiencing?

  A. MAC cloning
  B. Evil twin
  C. Man-in-the-middle
  D. ARP poisoning
  C. Man-in-the-middle

  ---

  Explanation Explanation/Reference:Note: Man in the middle = MITM is now also known as On-Path-Attack.

• Question 1139:

  Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

  A. USB data blocker
  B. Faraday cage
  C. Proximity reader
  D. Cable lock
  A. USB data blocker

  ---

  Explanation Explanation/Reference:A USB data blocker, also known as a "USB condom" (really, no kidding!), is a device that allows you to plug into USB charging ports including charging kiosks, and USB ports on gadgets owned by other people. The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute any malicious code to access your data.

• Question 1140:

  A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

  

  Which of the following MOST likely would have prevented the attacker from learning the service account name?

  A. Race condition testing
  B. Proper error handling
  C. Forward web server logs to a SIEM
  D. Input sanitization
  B. Proper error handling