CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 131:

  Administrators have allowed employees to access their company email from personal computers. However, the administrators are concerned that these computers are another attack

  Surface and can result in user accounts being breached by foreign actors. Which of the following actions would provide the MOST secure solution?

  A. Enable an option in the administration center so accounts can be locked if they are accessed from different geographical areas.
  B. Implement a 16-character minimum length and 30-day expiration password policy.
  C. Set up a global mail rule to disallow the forwarding of any company email to email addresses outside the organization,
  D. Enforce a policy that allows employees to be able to access their email only while they are connected to the Internet via VPN.
  A. Enable an option in the administration center so accounts can be locked if they are accessed from different geographical areas.

• Question 132:

  Which of the following BEST helps to demonstrate integrity during a forensic investigation?

  A. Event logs
  B. Encryption
  C. Hashing
  D. Snapshots
  C. Hashing

  ---

  Hahshing = Checksum = Integrity

• Question 133:

  A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling

  internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been.

  Which of the following statements BEST explains the issue?

  A. OpenID is mandatory to make the MFA requirements work
  B. An incorrect browser has been detected by the SAML application
  C. The access device has a trusted certificate installed that is overwriting the session token
  D. The user's IP address is changing between logins, bur the application is not invalidating the token
  D. The user's IP address is changing between logins, bur the application is not invalidating the token

• Question 134:

  A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

  A. WAF
  B. CASB
  C. VPN
  D. TLS
  B. CASB

• Question 135:

  An organization is building backup server rooms in geographically diverse locations The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room

  Which of the following should the systems engineer consider?

  A. Purchasing hardware from different vendors
  B. Migrating workloads to public cloud infrastructure
  C. Implementing a robust patch management solution
  D. Designing new detective security controls
  A. Purchasing hardware from different vendors

  ---

  Explanation Explanation/Reference:different vendors, different products, different vulns on the devices. if you have all cisco equipment the vulns on the switches are the same.

• Question 136:

  A retail company that is launching @ new website to showcase the company's product line and other information for online shoppers registered the following URLs:

  1.

  www companysite com

  2.

  shop companysite com

  3.

  about-us companysite com

  4.

  contact-us. companysite com

  5.

  secure-logon companysite com

  Which of the following should the company use to secure its website rf the company is concerned with convenience and cost?

  A. A self-signed certificate
  B. A root certificate
  C. A code-signing certificate
  D. A wildcard certificate
  E. An extended validation certificate
  D. A wildcard certificate

  ---

  A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. Wildcard notation consists of an asterisk and a period before the domain name. Secure

• Question 137:

  A recent security audit reveaied that @ popular website with IP address 172.16 1 also has an FTP service thal employees were using to store sensitive corporate data. The organization's outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

• Question 138:

  When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

  A. Acceptance
  B. Mitigation
  C. Avoidance
  D. Transference
  D. Transference

  ---

  Explanation Explanation/Reference:Risk Transference refers to the shifting of the burden of loss for a risk to another party through legislation, contract, insurance or other means. https://www.bcmpedia.org/wiki/Risk_Transference

• Question 139:

  Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

  A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
  B. The document is a backup file if the system needs to be recovered.
  C. The document is a standard file that the OS needs to verify the login credentials.
  D. The document is a keylogger that stores all keystrokes should the account be compromised.
  A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.

  ---

  Explanation Explanation/Reference:A honeyfile is a file used to attract an attacker. The primary way a file can attract an attacker is by the name. An example of a file named pssword.txt is a clear example of a honeyfile.

• Question 140:

  A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device. Which of the following tools should the engineer select?

  A. HIDS
  B. AV
  C. NGF-W
  D. DLP
  A. HIDS

  ---

  The security engineer should select a Host Intrusion Detection System (HIDS) to address the concern. HIDS monitors and analyzes the internals of a computing system, such as key files and network traffic, for any suspicious activity. Unlike antivirus software (AV), which relies on known signatures of malware, HIDS can detect anomalies, policy violations, and previously undefined attacks by monitoring system behavior and the network traffic of the device. References: 1. CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf 2. Scarfone, K., and Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS): Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-94. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf