CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1261:

  DRAG DROP

  A security engineer is setting up passwordless authentication for the first time.

  INSTRUCTIONS

  Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place:

  

  

  ---

  Explanation/Reference:

• Question 1262:

  A secunity engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

  A. An air gap
  B. A hot site
  C. A VUAN
  D. A screened subnet
  D. A screened subnet

• Question 1263:

  DRAG DROP

  A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

  Select and Place:

  

  

  ---

  Explanation/Reference:

  When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone.

  Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts.

  Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation.

• Question 1264:

  A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system

  Which of the following would be BEST suited for this task?

  A. Social media analysis
  B. Annual information security training
  C. Gamification
  D. Phishing campaign
  D. Phishing campaign

• Question 1265:

  An employee's company account was used in a data breach Interviews with the employee revealed:

  The employee was able to avoid changing passwords by using a previous password again. The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries.

  Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)

  A. Geographic dispersal
  B. Password complexity
  C. Password history
  D. Geotagging
  E. Password lockout
  F. Geofencing
  C. Password history
  F. Geofencing

• Question 1266:

  Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid. Which of the following is impacted the MOST?

  A. Identify theft
  B. Data loss
  C. Data exfiltration
  D. Reputation
  C. Data exfiltration

  ---

  Data exfiltration occurs when malware and/or a malicious actor carries out an unauthorized data transfer from a computer. It is also commonly called data extrusion or data exportation. Data exfiltration is also considered a form of data theft.

• Question 1267:

  A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

  

  Which of the following describes the method that was used to compromise the laptop?

  A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack
  B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file
  C. An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook
  D. An attacker was able to phish user credentials successfully from an Outlook user profile
  B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

• Question 1268:

  During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

  A. User behavior analytics
  B. Dump files
  C. Bandwidth monitors
  D. Protocol analyzer output
  A. User behavior analytics

• Question 1269:

  A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

  A. Dump file
  B. System log
  C. Web application log
  D. Security too
  B. System log

• Question 1270:

  An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO)

  A. MAC filtering
  B. Zero trust segmentation
  C. Network access control
  D. Access control vestibules
  E. Guards
  F. Bollards
  D. Access control vestibules
  E. Guards