CompTIA CompTIA Security+ SY0-601 Questions & Answers

• Question 1221:

  Which ol the following is required in order or an IDS and a WAF to be effective on HTTPS traffic?

  A. Hashing

  B. DNS sinkhole

  C. TLS inspection

  D. Data masking

  Correct Answer: C

  TLS (Transport Layer Security) is a protocol that is used to encrypt data sent over HTTPS (Hypertext Transfer Protocol Secure). In order for an intrusion detection system (IDS) and a web application firewall (WAF) to be effective on HTTPS traffic, they must be able to inspect the encrypted traffic. TLS inspection allows the IDS and WAF to decrypt and inspect the traffic, allowing them to detect any malicious activity. References:

  [1] CompTIA Security+ Study Guide Exam SY0-601 [1], Sixth Edition, Chapter 11, "Network Security Monitoring" [2] CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, Chapter 7, "Intrusion Detection and Prevention"

• Question 1222:

  A security analyst is using OSINT to gather information to verity whether company data is available publicly. Which of the following is the BEST application for the analyst to use?

  A. Harvester

  B. Cuckoo

  C. Nmap

  D. Nessus

  Correct Answer: A

  TheHarvester is a reconnaissance tool that is used to gather information about a target organization, such as email addresses, subdomains, and IP addresses. It can also be used to gather information about a target individual, such as email addresses, phone numbers, and social media profiles. TheHarvester is specifically designed for OSINT (Open-Source Intelligence) and it can be used to discover publicly available information about a target organization or individual.

• Question 1223:

  A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

  A. Security patches were uninstalled due to user impact.

  B. An adversary altered the vulnerability scan reports

  C. A zero-day vulnerability was used to exploit the web server

  D. The scan reported a false negative for the vulnerability

  Correct Answer: D

• Question 1224:

  A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

  A. Open permissions

  B. Improper or weak patch management

  C. Unsecure root accounts

  D. Default settings

  Correct Answer: B

  The reason for this is that older versions of Windows may have known vulnerabilities that have been patched in more recent versions. If a company is not regularly patching their systems, they are leaving those vulnerabilities open to exploit, which can allow malware to infect the systems. It is important to regularly update and patch systems to address known vulnerabilities and protect against potential malware infections. This is an important aspect of proper security management. Here is a reference to the CompTIA Security+ certification guide which states that "Properly configuring and maintaining software, including patch management, is critical to protecting systems and data." Reference: CompTIA Security+ Study Guide: SY0-601 by Emmett Dulaney, Chuck Easttom https:// www.wiley.com/en-us/CompTIA+Security%2B+Study+Guide%3A+SY0- 601-p-9781119515968

• Question 1225:

  Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days). Which of the following attacks can the account lockout be attributed to?

  A. Backdoor

  B. Brute-force

  C. Rootkit

  D. Trojan

  Correct Answer: B

  The account lockout can be attributed to a brute-force attack. A brute-force attack is a type of attack where an attacker attempts to guess a user's password by continually trying different combinations of characters. In this case, it is likely that the security engineer's account was locked out due to an attacker attempting to guess their password. Backdoor, rootkit, and Trojan attacks are not relevant in this scenario.

• Question 1226:

  An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files. Which of the following controls should the organization consider to mitigate this risk?

  A. EDR

  B. Firewall

  C. HIPS

  D. DLP

  Correct Answer: D

• Question 1227:

  Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

  A. Development

  B. Staging

  C. Production

  D. Test

  Correct Answer: B