CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1161:

  A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

  A. Air gap the system.
  B. Move the system to a different network segment.
  C. Create a change control request.
  D. Apply the patch to the system.
  C. Create a change control request.

  ---

  Before applying a high-priority patch to a production system, it is essential to follow proper change management procedures. Creating a change control request allows the organization to document and track the proposed change, assess its potential impact, and get approval from relevant stakeholders. This process ensures that the patching procedure is well-documented, planned, and communicated to all necessary parties, reducing the risk of unexpected issues or disruptions to the production environment. After the change control request is approved and the necessary preparations are made, the technician can proceed with applying the patch to the production system.

• Question 1162:

  An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

  A. Application
  B. Authentication
  C. Error
  D. Network
  E. Firewall
  F. System
  D. Network
  E. Firewall

  ---

  To identify the impacted host in a cybersecurity incident involving a command-and-control server, you should focus on analyzing network logs (Option D) and firewall logs (Option E). Both of these logs can provide insights into network traffic, connections, and communication with external servers, which is crucial for identifying the affected host. Network logs can show you connections to and from the command-and-control server, while firewall logs can reveal attempts to communicate with external servers, including the malicious command-and-control server.

• Question 1163:

  Which of the following is the BEST action to foster a consistent and auditable incident response process?

  A. Incent new hires to constantly update the document with external knowledge.
  B. Publish the document in a central repository that is easily accessible to the organization.
  C. Restrict eligibility to comment on the process to subject matter experts of each IT silo.
  D. Rotate CIRT members to foster a shared responsibility model in the organization.
  B. Publish the document in a central repository that is easily accessible to the organization.

  ---

  Not sure if shared responsibility promotes consistency. In reality, It feels more like each member will have varying sense of responsibility, and sharing them does not help with auditing in terms of individual accountability. Shared responsibility make sense in Cloud Services, although there is still a clear line drawn between the Provider and the Customer responsibility. On the other hand, well documented policies and procedure ensure everyone follow the same step-by-step action repeatedly without fail, and can be easily be audited (authoritatively) as required.

• Question 1164:

  Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

  A. Shut down the VDI and copy off the event logs.
  B. Take a memory snapshot of the running system.
  C. Use NetFlow to identify command-and-control IPs.
  D. Run a full on-demand scan of the root volume.
  B. Take a memory snapshot of the running system.

  ---

  The best way to analyze diskless malware that has infected a VDI would be to take a memory snapshot of the running system. This would capture the state of the system's memory at the time the snapshot was taken, including any malware that may be present in memory. This would allow analysts to examine the malware without running the risk of infecting other systems or allowing the malware to continue operating. Additionally, taking a memory snapshot would allow analysts to examine the malware without shutting down the VDI, which could disrupt other users and potentially cause data loss. Using NetFlow to identify command-and-control IPs and running a full on-demand scan of the root volume would not be as effective in analyzing diskless malware, as they would not provide direct access to the malware itself. Copying off the event logs would also not be as effective, as they may not contain detailed information about the malware.

• Question 1165:

  A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet this objective?

  A. SIEM
  B. HIDS
  C. CASB
  D. EDR
  A. SIEM

  ---

  SIEM stands for Security Information and Event Management, which is a solution that can collect, correlate, and analyze security logs and events from various devices on a network. SIEM can provide better visibility into user activities by generating reports, alerts, dashboards, and metrics. SIEM can also help detect and respond to security incidents, comply with regulations, and improve security posture.

• Question 1166:

  Which of the following characteristics of tokenization explains how credit card information that is stored in a database is protected?

  A. The fields are irreversible.
  B. Symmetric algorithms are used.
  C. Only authorized card holders have access.
  D. The data is relabeled.
  D. The data is relabeled.

  ---

  Tokenization does not maake the fileds irreversible, use symmetric algorithms, or restrict access to authorizeed card holders. It simply chnages the data into a different format that has no value outside the context of the transaction.

• Question 1167:

  A software developer needs to perform code-execution testing, black-box testing, and non- functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

  A. Verification
  B. Validation
  C. Normalization
  D. Staging
  D. Staging

  ---

  Staging moves the code from the developers' computers onto servers, bringing the product closer to deployment, but with controls to do critical testing. Non-functional testing tests everything outside the primary function of the code. This includes security testing and performance testing. Black-box testing separates the tester from the source code. The tester inserts inputs and checks the outputs, looking for weaknesses or flaws. Staging often employs sandboxing, the use of virtual machines (VMs) to enable aggressive testing of the application without risking any problems with the rest of the network.

• Question 1168:

  The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?

  A. Authentication protocol
  B. Encryption type
  C. WAP placement
  D. VPN configuration
  C. WAP placement

• Question 1169:

  A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

  A. Mobile device management
  B. Full-device encryption
  C. Remote wipe
  D. Biometrics
  A. Mobile device management

  ---

  A would be the only reasonable answer. When it comes to someone else device you cannot expect to implement a remote wipe or even a full data encryption. This is only really done in a system that was given out by the company. While biometrics would help I would not say its the best answer to choose as it only provide a basic layer of security. Having proper Mobile Device Management polices put in place and having it taught to employees is a better and safer alternative than just having biometrics setup.

• Question 1170:

  DRAG DROP

  You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan-Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.

  Select and Place:

  

  

  ---

  Explanation/Reference:

  Cable locks - Adding a cable lock between a laptop and a desk prevents someone from picking it up and walking away

  Proximity badge + reader

  Safe is a hardware/physical security measure

  Mantrap can be used to control access to sensitive areas.

  CCTV can be used as video surveillance.

  Biometric reader can be used to control and prevent unauthorized access.

  Locking cabinets can be used to protect backup media, documentation and other physical artefacts.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 369