CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1171:

  A security analyst Is investigating a malware incident at a company. The malware is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in / logfiles/messages. Which of the following commands would be BEST for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

  A. head -500 www.comptia.com | grep /logfiles/messages
  B. cat /logfiles/messages | tail -500 wew.comptia.com
  C. tail -500 /legfiles/messages | grep www.comptia.com
  D. grep -500 /logfiles/messages | cat www.comptia.com
  C. tail -500 /legfiles/messages | grep www.comptia.com

• Question 1172:

  After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

  A. Supply chain attack
  B. Ransomware attack
  C. Cryptographic attack
  D. Password attack
  A. Supply chain attack

  ---

  A supply chain attack is a type of attack that involves compromising a trusted third-party provider or vendor and using their products or services to deliver malware or gain access to the target organization. The attacker can exploit the trust and dependency that the organization has on the provider or vendor and bypass their security controls. In this case, the attacker may have tampered with the patch for the security appliance and used it to exfiltrate data from the organization.

• Question 1173:

  An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering it the organization may need to scale down just as quickly as it scaled up. The ClO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the ClO's concerns?

  A. Disallow new hires from using mobile devices for six months
  B. Select four devices for the sales department to use in a CYOD model
  C. Implement BYOD for the sates department while leveraging the MDM
  D. Deploy mobile devices using the COPE methodology
  C. Implement BYOD for the sates department while leveraging the MDM

  ---

  BEST way to deal with scale issue is not buying any

• Question 1174:

  A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

  A. A RAT
  B. Ransomware
  C. Polymophic
  D. A worm
  C. Polymophic

• Question 1175:

  Which of the following would be used to find the MOST common web-application vulnerabilities?

  A. OWASP
  B. MITRE ATTandCK
  C. Cyber Kill Chain
  D. SDLC
  A. OWASP

  ---

  Explanation Explanation/Reference:Anything related to WEB APPLICATION SECURITY = OWASP The Open Web Application Security Project (FRAMEWORK) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Open Web Application Security Project provides free and open resources. MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATTandCKTM) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's lifecycle and the platforms they are known to target. ATTandCK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

• Question 1176:

  An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

  A. Always On
  B. Remote access
  C. Site-to-site
  D. Full tunnel
  C. Site-to-site

  ---

  key word "expanded its operations" - a new office has been opened that needs to connect to already existing offices.

• Question 1177:

  As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level. Which of the following certificate properties will meet these requirements?

  A. HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00 2022
  B. HTTPS://app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022
  C. HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022
  D. HTTPS://.comptia.org, Valid from April 10 00:00:00 2021 - April 8 12:00:00
  C. HTTPS:// app1.comptia.org, Valid from April 10 00:00:00 2021-April 8 12:00:00 2022

• Question 1178:

  Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

  A. Steganography
  B. Homomotphic encryption
  C. Cipher surte
  D. Blockchain
  A. Steganography

  ---

  Explanation Explanation/Reference:Steganography is the technique of hiding secret data within an ordinary, non- secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data. The word steganography is derived from the Greek words steganos (meaning hidden or covered) and the Greek root graph (meaning to write).

• Question 1179:

  A security analyst is reviewing an IDS alert and sees the following:

  C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe byPass -nonI -wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\\*.lnk > %USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents \iijlqe.psi;exit

  Which of the following triggered the IDS alert?

  A. Bluesnarfing attack
  B. URL redirection attack
  C. Fileless malware execution
  D. Macro-based denial of service
  C. Fileless malware execution

• Question 1180:

  A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:

  1.

  Sensitive customer data must be safeguarded.

  2.

  Documents from managed sources should not be opened in unmanaged destinations.

  3.

  Sharing of managed documents must be disabled.

  4.

  Employees should not be able to download emailed images to their devices.

  5.

  Personal photos and contact lists must be kept private.

  6.

  IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.

  Which of the following are the best features to enable to meet these requirements? (Choose two.)

  A. Remote wipe
  B. VPN connection
  C. Biometric authentication
  D. Device location tracking
  E. Geofencing
  F. Application approve list
  G. Containerization
  A. Remote wipe
  G. Containerization

  ---

  Containerization: Containerization involves creating a separate and secure container or workspace on the device for business applications and data. This allows for the isolation of business data from personal data and enables better control over the business-related activities on the device. Remote wipe: Remote wipe is a crucial security feature that allows the IT team to remotely erase all data on a lost or stolen device. This helps in safeguarding sensitive customer data and ensuring that company information does not fall into the wrong hands