CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1151:

  A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats. Which of the following should the security operations center implement?

  A. Harvester
  B. Nessus
  C. Cuckoo
  D. Sniper
  C. Cuckoo

• Question 1152:

  An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that is being used?

  A. White-box
  B. Red-team
  C. Bug bounty
  D. Gray-box
  E. Black-box
  B. Red-team

  ---

  Definitions from the most up to date Comptia handbook. bug bounty=Reward scheme operated by software and web services vendors for reporting vulnerabilities. Where a pen test is performed on a contractual basis, costed by the consultant, a bug bounty program is a way of crowd sourcing detection of vulnerabilities. Some bug bounties are operated as internal programs, with rewards for employees only. Most are open to public submissions (tripwire.com/state-of-security/security-data-protection/cyber-security/essential-bugbounty-programs). red team=The "hostile" or attacking team in a penetration test or incident response exercise.

• Question 1153:

  Which of the following incident response steps occurs before containment?

  A. Eradication
  B. Recovery
  C. Lessons learned
  D. Identification
  D. Identification

• Question 1154:

  To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset?

  A. A password reuse policy
  B. Account lockout after three failed attempts
  C. Encrypted credentials in transit
  D. A geofencing policy based on login history
  A. A password reuse policy

  ---

  Explanation Explanation/Reference:1) Data breach -> password leak 2) Reset -> new password 3) User's reuse password for 1) -> account easily compromised A password resue policy would mean that you cannot use the same or previously used password. This is also the most common option you see whenever there is a big data leak that was done.

• Question 1155:

  A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:

  

  Which of the following is the most likely cause of the security control bypass?

  A. IP address allow list
  B. User-agent spoofing
  C. WAF bypass
  D. Referrer manipulation
  B. User-agent spoofing

• Question 1156:

  Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?

  A. OWASP
  B. Obfuscation/camouflage
  C. Test environment
  D. Prevent of information exposure
  D. Prevent of information exposure

  ---

  Preventing information exposure is a secure application development concept that aims to block verbose error messages from being shown in a user's interface. Verbose error messages are detailed messages that provide information about errors or exceptions that occur in an application. Verbose error messages may reveal sensitive information about the application's structure, configuration, logic, or data that could be exploited by attackers. Therefore, preventing information exposure involves implementing proper error handling mechanisms that display generic or user-friendly messages instead of verbose error messages. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration

• Question 1157:

  Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

  A. Hashing
  B. DNS sinkhole
  C. TLS inspection
  D. Data masking
  C. TLS inspection

• Question 1158:

  A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on- site customer support. Which of the following should the administrator employ to meet these criteria?

  A. Implement NAC.
  B. Implement an SWG.
  C. Implement a URL filter.
  D. Implement an MDM.
  B. Implement an SWG.

  ---

  Explanation Explanation/Reference:What is SWG in cyber security? " A secure web gateway (SWG) protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies. Instead of connecting directly to a website, a user accesses the SWG, which is then responsible for connecting the user to the desired website and performing functions such as URL filtering, web visibility, malicious content inspection, web access controls and other security measures." This hits all the points.

• Question 1159:

  A company's help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the break room only have 512KB of storage. Which of the following is MOST likely the cause?

  A. The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512KB of storage.
  B. The new flash drives need a driver that is being blocked by the AV software because the flash drives are not on the application's allow list, temporarily restricting the drives to 512KB of storage.
  C. The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives.
  D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.
  D. The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory.

  ---

  The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory. The presence of Mimikatz alerts and reports of new company flash drives having only 512KB of storage indicate a potential security incident involving malicious activity. Mimikatz is a well-known tool used for extracting plaintext passwords and other sensitive information from memory, which could indicate an attempt to compromise the security of the systems. Additionally, the fact that the new flash drives have been tampered with and do not have their original storage capacity suggests that a malicious actor is using the flash drives to bypass the Group Policy Object (GPO) settings that block the use of flash drives. This could be an attempt to introduce malware or exfiltrate data using unauthorized hardware.

• Question 1160:

  Which of the following is an example of transference of risk?

  A. Purchasing insurance
  B. Patching vulnerable servers
  C. Retiring outdated applications
  D. Application owner risk sign-off
  A. Purchasing insurance