CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1311:

  A security analyst is reviewing web-application logs and finds the following log:

  

  Which of the following attacks is being observed?

  A. Directory traversal
  B. XSS
  C. CSRF
  D. On-path attack
  A. Directory traversal

• Question 1312:

  Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?

  A. SIEM
  B. CASB
  C. UTM
  D. DLP
  B. CASB

  ---

  Microsoft has a straightforward definition and it includes DLP. "is a security policy enforcement point positioned between enterprise users and cloud service providers" https://www.microsoft.com/en-us/security/business/security-101/what-is-acloud-access- security-broker-casb A cloud access security broker (CASB) works by securing data flowing to and from in- house IT architectures and cloud vendor environments using an organization's security policies. CASBs protect enterprise systems against cyberattacks through malware prevention and provide data security through encryption, making data streams unreadable to outside parties. CASBs were created with one thing in mind: protecting proprietary data stored in external, third-party media. CASBs deliver capabilities not generally available in traditional controls such as secure web gateways (SWGs) and enterprise firewalls. CASBs provide policy and governance concurrently across multiple cloud services and provide granular visibility into and control over user activities. https://www.forcepoint.com/cyber- edu/casb-cloud-access-security-broker

• Question 1313:

  When a newly developed application was tested, a specific internal resource was unable to be accessed. Which of the following should be done to ensure the application works correctly?

  A. Modify the allow/deny list for those specific resources.
  B. Follow the secure coding practices for the internal resource.
  C. Configure the application in a sandbox environment.
  D. Utilize standard network protocols.
  A. Modify the allow/deny list for those specific resources.

• Question 1314:

  An organidation recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation, a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved. Which of the following attacks MOST likely explains the behavior?

  A. Birthday
  B. Rainbow table
  C. Impersonation
  D. Whaling
  C. Impersonation

• Question 1315:

  A security analyst Is reviewing the following output from a system:

  

  Which of the following is MOST likely being observed?

  A. ARP poisoning
  B. Man in the middle
  C. Denial of service
  D. DNS poisoning
  C. Denial of service

  ---

  TIME_WAIT means it's waiting for a reply or connection. this often happens when a port is activated and the connection has not yet. been established

• Question 1316:

  The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?

  A. SAML
  B. TACACS+
  C. Password vaults
  D. OAuth
  B. TACACS+

• Question 1317:

  A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?

  A. cat webserver.log | head -4600 | tail +500 |
  B. cat webserver.log | tail -1995400 | tail -500 |
  C. cat webserver.log | tail -4600 | head -500 |
  D. cat webserver.log | head -5100 | tail -500 |
  D. cat webserver.log | head -5100 | tail -500 |

  ---

  the cat command displays the contents of a file, the head command displays the first lines of a file, and the tail command displays the last lines of a file. To display a specific number of lines from a file, you can use a minus sign followed by a number as an option for head or tail. For example, head -10 will display the first 10 lines of a file. To obtain the next 500 lines starting from line 4,600, you need to use both head and tail commands. https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/file-manipulation- tools/

• Question 1318:

  A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:

  1.

  Protection from power outages

  2.

  Always-available connectivity In case of an outage The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

  A. Lease a point-to-point circuit to provide dedicated access.
  B. Connect the business router to its own dedicated UPS.
  C. Purchase services from a cloud provider for high availability
  D. Replace the business's wired network with a wireless network
  C. Purchase services from a cloud provider for high availability

  ---

  Explanation Explanation/Reference:Read it again if the owner transfers everything to a reliable High-Availability data center, he won't have to worry about buying infrastructure or backup internet connection. So he can simply store everything with a reliable Cloud provider

• Question 1319:

  Which of the following would be best suited for constantly changing environments?

  A. RTOS
  B. Containers
  C. Embedded systems
  D. SCADA
  B. Containers

  ---

  Containers are well-suited for constantly changing environments because they provide a consistent and isolated environment for applications to run, regardless of the underlying infrastructure. They are highly portable and can be quickly deployed, making them a flexible solution for dynamic environments where applications need to be scaled, updated, or moved frequently. Real-time operating systems (RTOS) are designed for predictable and deterministic tasks, while embedded systems and SCADA are more specialized and may not be as adaptable to rapidly changing conditions.

• Question 1320:

  A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running. Which of the following should the engineer is to quickly contain the incident with the least amount of impact?

  A. Configure firewall rules to block malicious inbound access.
  B. Manually uninstall the update that contains the backdoor.
  C. Add the application hash to the organization's blocklist.
  D. Tum off all computers that have the application installed.
  C. Add the application hash to the organization's blocklist.

  ---

  A reverse proxy backdoor is a malicious reverse proxy that can intercept and manipulate the traffic between the client and the web server3. This can allow an attacker to access sensitive data or execute commands on the web server. One possible way to quickly contain the incident with the least amount of impact is to add the application hash to the organization's blocklist. A blocklist is a list of applications or files that are not allowed to run on a system or network. By adding the application hash to the blocklist, the security engineer can prevent the malicious application from running and communicating with the reverse proxy backdoor.