CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1141:

  A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability.

  Which of the following would be the most cost-effective solution for the data center 10 implement?

  A. Uninterruptible power supplies with battery backup
  B. Managed power distribution units lo track these events
  C. A generator to ensure consistent, normalized power delivery
  D. Dual power supplies to distribute the load more evenly
  A. Uninterruptible power supplies with battery backup

  ---

  Uninterruptible power supplies with battery backup would be the most cost-effective solution for the data center to implement to prevent under-voltage events following electrical grid maintenance outside the facility. An uninterruptible power supply (UPS) is a device that provides emergency power to a load when the main power source fails or drops below an acceptable level. A UPS with battery backup can help prevent under-voltage events by switching to battery power when it detects a voltage drop or outage in the main power source. A UPS with battery backup can also protect the data center equipment from power surges or spikes. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.apc.com/us/en/faqs/FA158852/

• Question 1142:

  An administrator is reviewing a single server's security logs and discovers the following:

  

  Which of the following best describes the action captured in this log file?

  A. Brute-force attack
  B. Privilege escalation
  C. Failed password audit
  D. Forgotten password by the user
  A. Brute-force attack

  ---

  Explanation Explanation/Reference:A brute force attack is a type of cyberattack in which an attacker systematically tries all possible combinations of passwords or encryption keys until the correct one is found. It is a straightforward and time-consuming attack method that relies on the attacker's ability to repeatedly attempt different combinations until the correct one is guessed.

• Question 1143:

  A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective?

  A. OAuth
  B. SSO
  C. SAML
  D. PAP
  C. SAML

• Question 1144:

  An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

  A. It allows for the sharing of digital forensics data across organizations
  B. It provides insurance in case of a data breach
  C. It provides complimentary training and certification resources to IT security staff.
  D. It certifies the organization can work with foreign entities that require a security clearance
  E. It assures customers that the organization meets security standards
  E. It assures customers that the organization meets security standards

  ---

  According to the ISO (https://www.iso.org/standard/54534.html): ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

• Question 1145:

  After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall policies would be MOST secure for a web server?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  D. Option D

• Question 1146:

  A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable To improve security? (Select TWO.)

  A. RADIUS
  B. PEAP
  C. WPS
  D. WEP-EKIP
  E. SSL
  F. WPA2-PSK
  A. RADIUS
  F. WPA2-PSK

  ---

  WPA2-PSK: WPA works using discrete modes for enterprise and personal use. The most recent enterprise mode, WPA-EAP, uses a stringent 802.1x authentication. The latest personal mode, WPA-PSK, uses Simultaneous Authentication of Equals (SAE) to create a secure handshake.

• Question 1147:

  After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:

  A. privilege escalation
  B. footprinting
  C. persistence
  D. pivoting.
  D. pivoting.

  ---

  Explanation Explanation/Reference:Pivoting -> The act of an attacker moving from one compromised system to one or more other systems on the network

• Question 1148:

  An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

  1.

  Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.

  2.

  Internal users in question were changing their passwords frequently during that time period.

  3.

  A jump box that several domain administrator users use to connect to remote devices was recently compromised.

  4.

  The authentication method used in the environment is NTLM.

  Which of the following types of attacks is MOST likely being used to gain unauthorized access?

  A. Pass-the-hash
  B. Brute-force
  C. Directory traversal
  D. Replay
  A. Pass-the-hash

  ---

  Explanation Explanation/Reference:Pass-the-hash is an attack technique used to gain access to a system by using the hash value of a user's password, rather than the actual password itself. This attack is particularly effective against systems using NTLM authentication, where the hash of a user's password can be captured and then reused to authenticate as that user without knowing the actual password. The compromise of the jump box used by domain administrator users could also be an indication that the attacker gained access to privileged credentials and is using pass-the-hash to move laterally through the network.

• Question 1149:

  A security administrator suspects an employee has been emailing proprietary information to a competitor.

  Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use?

  A. dd
  B. chmod
  C. dnsenum
  D. logger
  A. dd

  ---

  Explanation Explanation/Reference:The basic purpose of this command is to transfer data from one drive to another while also making sure that the data itself is not changed. https://linuxhint.com/dd%C2%AC_command_forensics/

• Question 1150:

  An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?

  A. TLS
  B. PFS
  C. ESP
  D. AH
  A. TLS

  ---

  Explanation Explanation/Reference:There are three requirements in the question: -transfer data securely between systems -authenticate IP header and dataload AH and ESP both provide authentication for IP header and dataload. However, only ESP provides encryption. So best solution is A AH provides authentication for the entire packet but the analyst only needs authentication on IP header/dataload + transferring file securely between systems. That makes ESP better option