CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1211:

  Which of the following often operates in a client-server architecture to act as a service repository, providing enterprise consumers access to structured threat intelligence data?

  A. STIX
  B. CIRT
  C. OSINT
  D. TAXII
  D. TAXII

  ---

  Profess Messor notes: Structured Threat Information eXpression (STIX) ?Describes cyber threat information ?Includes motivations, abilities, capabilities, and response information Trusted Automated eXchange of Indicator Information (TAXII) ?Securely shares STIX data Understand STIX/TAXII: Structured Threat Information eXpression (STIX) is a standardized language and repetitional structure for the organization and dissemination of cyberthreat indicators and related information. Trusted Automated eXchange of Intelligence Information (TAXII) is a standardized set of communication services, protocols, and message exchanges to support the effective communication and exchange of cyberthreat indicators.

• Question 1212:

  A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender's email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks?

  A. SOAR playbook
  B. MOM policy
  C. Firewall rules
  D. URL filter
  E. SIEM data collection
  A. SOAR playbook

  ---

  Explanation Explanation/Reference:https://securityboulevard.com/2021/02/your-first-soar-use-case-phishing-triage/

• Question 1213:

  A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

  

  Which of the following best describes the attack that is currently in progress?

  A. MAC flooding
  B. Evil twin
  C. ARP poisoning
  D. DHCP spoofing
  A. MAC flooding

• Question 1214:

  Which of the following would MOST likely support the integrity of a voting machine?

  A. Asymmetric encryption
  B. Blockchain
  C. Transport Layer Security
  D. Perfect forward secrecy
  B. Blockchain

  ---

  As Per notes from Professor Messer Blockchain A distributed ledger -Keep track of transactions Everyone on the blockchain network maintains the ledger -Records and replicates to anyone and everyone Many practical applications ?Payment processing -Digital identification -Supply chain monitoring ?Digital voting

• Question 1215:

  After a recent security breach a security analyst reports that several admimstratrve usemames and passwords are being sent via cieartext across the network to access network devices over prot 23 Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configunng network devices?

  A. SSH
  B. SNMPv3
  C. SFTP
  D. Telnet
  E. FTP
  A. SSH

  ---

  Port 23 (Telnet) and Port 22 (SSH) are network protocols used to remotely access and manage systems however telnet does not encrypt the connection so captured traffic appears in cleartext whereas an ssh connection would be encrypted. ========================= SNMP (Simple Network Management Protocol) - is a protocol for collecting and organizing information about managed devices on networks. Devices that typically support SNMP include servers/desktops, routers, switches, etc. SFTP (Secure File Transfer Protocol) is a secure file transfer protocol that uses SSH encryption to securely sending and receiving file transfers. FTP (File Transfer Protocol) - For file transfers

• Question 1216:

  A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

  A. laC
  B. MSSP
  C. Containers
  D. SaaS
  A. laC

  ---

  Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

• Question 1217:

  A hospital's administration is concerned about a potential loss of patient data that is stored on tablets. A security administrator needs to implement controls to alert the SOC any time the devices are near exits. Which of the following would BEST achieve this objective?

  A. Geotargeting
  B. Geolocation
  C. Geotagging
  D. Geofencing
  B. Geolocation

• Question 1218:

  Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

  A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
  B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
  C. Placing systems into locked key-controlled containers with no access to the USB ports
  D. Installing an endpoint agent to detect connectivity of USB and removable media
  B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

• Question 1219:

  Which of the following is a benefit of including a risk management framework into an organization's security approach?

  A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner
  B. It identifies specific vendor products that have been tested and approved for use in a secure environment.
  C. It provides legal assurances and remedies in the event a data breach occurs
  D. It incorporates control, development, policy, and management activities into IT operations.
  D. It incorporates control, development, policy, and management activities into IT operations.

  ---

  An effective risk management framework will prioritize understanding the risks that your business faces to take the necessary steps to protect your assets and your business

• Question 1220:

  Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

  A. DLP
  B. HIDS
  C. EDR
  D. NIPS
  C. EDR

  ---

  Explanation Explanation/Reference:Endpoint detection and response (EDR) platforms are solutions that monitor endpoints (computers on the network, not the network itself) for suspicious activity. EDR solutions can help monitor and protect against Advanced Persistent Threats (APT), which often use malware-free hacking techniques and security vulnerabilities to gain access to a network. Older anti-virus software is able to detect malware only when there is a matching signature, and is unable to determine that an attacker has access to a computer just by monitoring their activity. Endpoint security is not just an enterprise tool: there are consumer versions of EDR out there these days as well.