CompTIA CompTIA Security+ SY0-601 Questions & Answers

• Question 1211:

  A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution?

  A. OAuth

  B. TACACS+

  C. SAML

  D. RADIUS

  Correct Answer: C

  OAuth is an AUTHORIZATION protocol, not an authentication protocol. "Determines what resources a user will be able to access. Twitter/Google/Facebook login on 3rd party sites" - Prof Messer SAML is a secure authentication and authorization system that uses third parties

  SAML is authentication OAuth is authorization, not authentication SSO is the process PAP is a password-based authentication protocol

• Question 1212:

  A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?

  A. MSSP

  B. SOAR

  C. IaaS

  D. PaaS

  Correct Answer: A

  Read this article : https://doubleoctopus.com/blog/general/small-business-security-to-mssp-or-not-to-mssp/

  Small businesses must afford MSSP model (or risk shutting the business off).

  To me , SOAR deos not make sense with (NO security staff). SOAR is a product to be procured. This leaves me with this question , Who would take the ownership of the product evalutaion, configuration, operations etc.. ? you cannot just

  plugandplay a SOAR

• Question 1213:

  An information security policy states that separation of duties is required for all highly sensitive database changes that involve customers' financial data. Which of the following will this be BEST to prevent?

  A. Least privilege

  B. An insider threat

  C. Adata breach

  D. A change control violation

  Correct Answer: B

• Question 1214:

  Asecurity engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses Which of the following will the engineer MOST likely recommend?

  A. A content filter

  B. A WAF

  C. A next-generation firewall

  D. An IDS

  Correct Answer: B

  A next-generation firewall (NGFW) offers advanced capabilities, including application awareness, protocol inspection, intrusion prevention, and deep packet inspection. These features make NGFWs well-suited to identify and block malicious actors misusing protocols and ensure that they do not bypass network defenses.

• Question 1215:

  Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?

  A. DDoS

  B. Man-in-the-middle

  C. MAC flooding

  D. Domain hijacking

  Correct Answer: A

  Password spraying is a type of brute-force attack used by hackers to gain unauthorized access to user accounts, systems, or services. Unlike traditional brute-force attacks that attempt to guess the password for a single user account by trying various combinations of characters, password spraying involves trying a small number of commonly used passwords against multiple accounts. The goal is to avoid detection by avoiding excessive failed login attempts for a single account, which could trigger account lockouts or other security measures.

  In a password spraying attack, the attacker typically selects a few common passwords (such as "password," "123456," "admin," etc.) and tries these passwords against many user accounts. This approach takes advantage of the fact that many users often choose weak and easily guessable passwords, and the attacker hopes that at least one of the accounts will have a weak password that matches the ones attempted.

• Question 1216:

  After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

  A. Risk acceptance

  B. Risk avoidance

  C. Risk transference

  D. Risk mitigation

  Correct Answer: C

  whenever risk management is outsourced the risk is said to be transfered

• Question 1217:

  A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

  A. The last incremental backup that was conducted 72 hours ago Most Voted

  B. The last known-good configuration Most Voted

  C. The last full backup that was conducted seven days ago

  D. The baseline OS configuration

  Correct Answer: C

  A -No - The last incremental backup that was conducted 72 hours ago - If we can say the infection happened 72 hours ago then a backup from 72 hours ago does us no good. B - No - The last known-good configuration - This would reverse all non-security-related changes made to the Registry during the last session.. Thus the system may still be infected C - Yes! -The last full backup that was conducted seven days ago D - No - The baseline OS configuration - Would remove the possibility of the system being infected but would not be the quickest method

• Question 1218:

  Which of the following scenarios BEST describes a risk reduction technique?

  A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

  B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

  C. A security control objective cannot be met through a technical change, so the company changes as method of operation

  D. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.

  Correct Answer: B

  A and D are transference/acceptance. C is not active mitigation

• Question 1219:

  A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

  A. Digitally sign the relevant game files.

  B. Embed a watermark using steganography.

  C. Implement TLS on the license activation server.

  D. Fuzz the application for unknown vulnerabilities.

  Correct Answer: A

• Question 1220:

  The Chief information Securtty Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside cornpany. Additionally, the CISO would Ske this solution to provide the same protections even when a company laptop or mobile device ts away from # home office. Which of the following should the CISO choose?

  A. CASB

  B. Next-generation SWG

  C. NGFW

  D. Web-application firewall

  Correct Answer: A