CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1241:

  Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

  A. Implement proper network access restrictions
  B. Initiate a bug bounty program
  C. Classify the system as shadow IT.
  D. Increase the frequency of vulnerability scans
  A. Implement proper network access restrictions

• Question 1242:

  A financial analyst has been accused of violating the company's AUP and there is forensic evidence to substantiate the allegation, Which of the following would dispute the analyst's claim of innocence?

  A. Legal hold
  B. Order of volatility
  C. Non-repudiation
  D. Chain of custody
  C. Non-repudiation

  ---

  Chapter 30 Digital Forensics Nonrepudiation Nonrepudiation is a characteristic that refers to the inability to deny an action has taken place. This can be a very important issue in transactions via computers that involve money or things of value.

• Question 1243:

  SIMULATION

  A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

  INSTRUCTIONS

  Click on each firewall to do the following:

  1. Deny cleartext web traffic.

  2. Ensure secure management protocols are used.

  3. Resolve issues at the DR site.

  The ruleset order cannot be modified due to outside constraints.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Firewall 1

  Hot Area:

  

  

  ---

  Explanation/Reference:

  In Firewall 1, HTTP inbound Action should be DENY. As shown below

  Firewall 1: DNS Rule: ANY ->; ANY ->; DNS ->; PERMIT HTTPS Outbound: 10.0.0.1/24 ->; ANY ->; HTTPS ->; PERMIT Management: ANY ->; ANY ->; SSH ->; PERMIT HTTPS Inbound: ANY ->; ANY ->; HTTPS ->; PERMIT HTTP Inbound: ANY ->; ANY ->; HTTP ->; DENY

• Question 1244:

  Which of the following describes the continuous delivery software development methodology?

  A. Waterfall
  B. Spiral
  C. V-shaped
  D. Agile
  D. Agile

  ---

  Agile seems right. Its a fast paced life cycle which iterates features according to the user's feedback.

• Question 1245:

  Which of the following components can be used to consolidate and forward inbound Internet traffic to multiple cloud environments though a single firewall?

  A. Transit gateway
  B. Cloud hot site
  C. Edge computing
  D. DNS sinkhole
  A. Transit gateway

  ---

  VPC peering relationships can quickly become difficult to manage, especially if each VPC must interconnect in a mesh-like structure. A transit gateway is a simpler means of managing these interconnections. Essentially, a transit gateway is a virtual router that handles routing between the subnets in each attached VPC and any attached VPN gateways (aws.amazon.com/transit-gateway).

• Question 1246:

  A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:

  

  Which of the following attacks does the analyst MOST likely see in this packet capture?

  A. Session replay
  B. Evil twin
  C. Bluejacking
  D. ARP poisoning
  B. Evil twin

  ---

  Explanation Explanation/Reference:https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack One of the main purposes of deauthentication used in the hacking community is to force clients to connect to an evil twin access point which then can be used to capture network packets transferred between the client and the access point.

• Question 1247:

  Which of the following is the purpose of a risk register?

  A. To define the level or risk using probability and likelihood
  B. To register the risk with the required regulatory agencies
  C. To identify the risk, the risk owner, and the risk measures
  D. To formally log the type of risk mitigation strategy the organization is using
  C. To identify the risk, the risk owner, and the risk measures

  ---

  Explanation Explanation/Reference:The Risk Register displays a list of all risks recorded and displays various risk details, including the residual risk level, risk source, risk owner, risk stage, and the treatment status of the risk. https://kb.wisc.edu/security/110450

• Question 1248:

  After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

  A. The public ledger
  B. The NetFlow data
  C. A checksum
  D. The event log
  A. The public ledger

  ---

  Explanation Explanation/Reference:Blockchain is commonly defined as a distributed, decentralized, public ledger. Each block maintains three parts: Information about the transaction such as date time and amount, Information on the partied involved in the transaction. However, this does not include the actual names but uses digital signatures and a unique harsh that distinguishes the block from other blocks. https://www.investopedia.com/tech/what-cryptocurrency-public-ledger/

• Question 1249:

  A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

  A. Default system configuration
  B. Unsecure protocols
  C. Lack of vendor support
  D. Weak encryption
  C. Lack of vendor support

  ---

  Explanation Explanation/Reference:Going with the most correct answer here would be C as I searche dthe definition of Legacy online and saw that it literall means "out of date" systems and I am reminded of the recent updates such as how phone companies say they wont support old phones made only 5 years ago (im shocked to think that so many resources go into making a device so short lived - what happened to long life products lol)

• Question 1250:

  A small, local company experienced a ransomware attack. The company has one web- facing server and a few workstations. Everything is behind an ISP firewall. A single web- facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

  A. Install DLP software to prevent data loss.
  B. Use the latest version of software.
  C. Install a SIEM device.
  D. Implement MDM.
  E. Implement a screened subnet for the web server.
  F. Install an endpoint security solution.
  G. Update the website certificate and revoke the existing ones.
  H. Deploy additional network sensors.
  B. Use the latest version of software.
  E. Implement a screened subnet for the web server.
  F. Install an endpoint security solution.