CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1201:

  An organization suffered an outage and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes Which of the following is the 60- minute expectation an example of:

  A. MTBF
  B. RPO
  C. MTTR
  D. RTO
  D. RTO

  ---

  RTO (Recovery Time Objective): is a measure that defines the maximum allowable downtime for a system or service. It represents the time within which a system must be recovered and become operational again after an incident. In the given scenario, the 60-minute expectation of having the critical system available again falls under RTO. RTO specifies the organization's recovery goals for system availability. https://www.enterprisestorageforum.com/management/rpo-and-rto- understanding-the-differences/

• Question 1202:

  A company implemented an MDM policy to mitigate risks after repeated instances of employees losing company-provided mobile phones. In several cases, the lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Choose two.)

  A. Screen locks
  B. Remote wipe
  C. Full device encryption
  D. Push notifications
  E. Application management
  F. Geolocation
  B. Remote wipe
  C. Full device encryption

  ---

  B. Remote wipe C. Full device encryption The above two options are better options to solve the issue mentioned in theQuestion than other options there.

• Question 1203:

  A company ts required to continue using legacy softveare to support a critical service. Which of the following BEST explains a reek of this prachce?

  A. Default system configuraton
  B. Unsecure protocols
  C. Lack of vendor support
  D. Weak encryption
  C. Lack of vendor support

• Question 1204:

  A security analyst has identified malware spreading through the corporate network and has activated the CSIRT

  Which of the following should the analyst do NEXT?

  A. Review how the malware was introduced to the network
  B. Attempt to quarantine all infected hosts to limit further spread
  C. Create help desk tickets to get infected systems reimaged
  D. Update all endpoint antivirus solutions with the latest updates
  B. Attempt to quarantine all infected hosts to limit further spread

  ---

  Phases in the Incident Response Plan 1. Preparation: The organization plans out how they will respond to attack, this can involve: 2. Identification: Detecting and determining whether an incident has occurred. 3. Containment: Once a threat has been identified, the organization must limit or prevent any further damage. 4. Eradication: The removal of the threat 5. Recovery: Restoring systems affected by the incident 6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack

• Question 1205:

  A user's login credentials were recently compromised. During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password. However, the trusted website does not use a pop-up for entering user credentials. Which of the following attacks occurred?

  A. Cross-site scripting
  B. SQL injection
  C. DNS poisoning
  D. Certificate forgery
  A. Cross-site scripting

  ---

  The scenario described is indicative of a cross-site scripting (XSS) attack. In an XSS attack, an attacker injects malicious scripts into a trusted website, which then executes those scripts in the browsers of unsuspecting users. This can happen when the website fails to properly validate and sanitize user input, allowing the attacker to inject malicious code. In this case, the pop-up window used to collect user credentials is not a legitimate part of the trusted website's design. The attacker has injected a script that creates the pop-up and tricks the user into entering their login credentials into the fake form. The credentials are then captured and sent to the attacker, compromising the user's account. To prevent XSS attacks, web applications should implement proper input validation and output encoding to ensure that user-supplied data is treated as data and not executable code. Additionally, using security mechanisms like Content Security Policy (CSP) and sanitizing user input can help protect against XSS vulnerabilities.

• Question 1206:

  An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

  A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly
  B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.
  C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly.
  D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.
  B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly.

  ---

  Explanation Explanation/Reference:Cannot mix differential with incremental plus full. It must be Full+Diff or Full+Incr

• Question 1207:

  A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

  

  Which of the following best describes the type of attack?

  A. SQLi
  B. CSRF
  C. API attacks
  D. Directory traversal
  D. Directory traversal

• Question 1208:

  Rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

  A. Configure the perimeter firewall to deny inbound external connections to SMB ports.
  B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections.
  C. Deny unauthenticated users access to shared network folders.
  D. Verify computers are set to install monthly operating system, updates automatically
  A. Configure the perimeter firewall to deny inbound external connections to SMB ports.

  ---

  Because of it is zero-day, detection system will not trigger alert, because it is still unknown vulnerability. Of course it can block a lot of other functions, which uses SMB, however it is better than ransomware hit, which blocks everything.

• Question 1209:

  A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to implement a high availability pair to:

  A. ned that business may be negatecrease the mean time between failures.
  B. remove the single point of failure.
  C. cut down the mean time to repair,
  D. reduce the recovery time objective.
  B. remove the single point of failure.

• Question 1210:

  HOTSPOT

  You are a security administrator investigating a potential infection on a network.

  INSTRUCTIONS

  Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Hot Area:

  

  Explanation/Reference:

  ---