CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 161:

  A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

  1.

  Must be able to differentiate between users connected to WiFi

  2.

  The encryption keys need to change routinely without interrupting the users or forcing reauthentication

  3.

  Must be able to integrate with RADIUS

  4.

  Must not have any open SSIDs

  Which of the following options BEST accommodates these requirements?

  A. WPA2-Enterprise
  B. WPA3-PSK
  C. 802.11n
  D. WPS
  A. WPA2-Enterprise

  ---

  WPA2-Enterprise Deploying WPA2-Enterprise requires a RADIUS server, which handles the task of authenticating network users access. The actual authentication process is based on the 802.1x policy and comes in several different systems labelled EAP. Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network. https://www.securew2.com/solutions/wpa2-enterprise-and-802-1x-simplified

• Question 162:

  A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts. Which of the following would best enable the reduction in manual work?

  A. SOAR
  B. SIEM
  C. MDM
  D. DLP
  A. SOAR

• Question 163:

  Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

  A. Stored procedures
  B. Code reuse
  C. Version control
  D. Continunus
  C. Version control

  ---

  Version control is a solution that can help a development team to analyze the deletion or editing of data sets without affecting the original copy. Version control is a system that records changes to a file or set of files over time so that specific versions can be recalled later. Version control can help developers track and manage changes to code, data, or documents, as well as collaborate with other developers and resolve conflicts. References: https://www.comptia.org/ certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.atlassian.com/git/tutorials/what-is-version-control

• Question 164:

  An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.)

  A. SFTP. FIPS
  B. SNMPv2, SNMPv3
  C. HTTP, HTTPS
  D. TFTP, FTP
  E. SNMPyt, SNMPy2
  F. Tenet, SSH
  G. TLS, SSL
  H. POP, IMAP
  I. Login, nogin
  B. SNMPv2, SNMPv3
  C. HTTP, HTTPS
  F. Tenet, SSH

  ---

  snmpv2 vs snmpv3 - v3 offers encryption capabilities to secure secure data communications http vs https - http will transfer the data in plain text while https will add the capability to encrypt the data during transit with either SSL/TLS Telnet vs ssh - Same there here, telnet transfers your data in an unencrypted format, while SSH encrypts it. A. SFTP, FTPS -SFTP is FTP over SSH, FTPS is FTP over SSL/TLS which means they both have encryption mechanisms built in. B. SNMPv2, SNMPv3 -v2 has no encryption. v3 does. C. HTTP, HTTPS -HTTP is plaintext. HTTPS is HTTP Secure (SSL and now TLS). D. TFTP, FTP -Neither of these are secure protocols. E. SNMPv1, SNMPv2 -Neither of these feature encryption, although as stated up v3 does. F. Telnet, SSH -Telnet is in the clear. SSH in encrypted. G. TLS, SSL -Both cryptographic protocols, TLS is an upgrade to SSL, not the other way around. While SSL in considered insecure, it's supposed to be, and these protocols don't have "default ports". H. POP, IMAP -You'd probably be looking for POP->POP3 or IMAP->IMAPS here. These email protocols that work a bit differently. I. Login, rlogin -These are not in the SY0-601 objectives from what I remember. I had to do a quick search: rlogin is a remote access protocol for Linux that sends passwords in-the-clear and was basically replaced by SSH.

• Question 165:

  The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

  A. Requiring all new, on-site visitors to configure their devices to use WPS
  B. Implementing a new SSID for every event hosted by the college that has visitors
  C. Creating a unique PSK for every visitor when they arrive at the reception area
  D. Deploying a captive portal to capture visitors' MAC addresses and names
  D. Deploying a captive portal to capture visitors' MAC addresses and names

• Question 166:

  During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

  A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
  B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
  C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
  D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32
  B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

  ---

  In this rule, the source IP address 10.1.4.9 is denied access to any destination IP address (0.0.0.0/0) in the organization's network. This effectively blocks the malicious IP address from accessing any resources within the network.

• Question 167:

  During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

  A. Check for any recent SMB CVEs
  B. Install AV on the affected server
  C. Block unneeded TCP 445 connections
  D. Deploy a NIDS in the affected subnet
  C. Block unneeded TCP 445 connections

  ---

  Explanation Explanation/Reference:C. Block unneeded TCP 445 connections. - only blocking unneeded SMB can have "preventive" character. Blocking unneeded TCP 445 connections should be performed FIRST as it would prevent the SMB vulnerability from being used.

• Question 168:

  A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

  Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.

  Which of the following BEST describe this type of attack? (Choose two.)

  A. DoS
  B. SSL stripping
  C. Memory leak
  D. Race condition
  E. Shimming
  F. Refactoring
  A. DoS
  C. Memory leak

  ---

  A DoS attack is a type of cyber attack that is designed to disrupt the availability of a network, system, or service. In this case, the attacker is using the exploit outlined in the CVE to disrupt the availability of Internet and VoIP services at the university's remote campuses. A Memory Leak is a type of software bug that occurs when a program or application allocates memory for a task, but fails to release the memory when it is no longer needed. This can lead to a depletion of available memory resources, causing the system to crash or become unstable. The fact that the outages at the university are occurring at random intervals and are being caused by system reloads suggests that a Memory Leak may be present.

• Question 169:

  A security team discovered a large number of company-issued devices with non-work- related software installed. Which of the following policies would most likely contain language that would prohibit this activity?

  A. NDA
  B. BPA
  C. AUP D. SLA
  C. AUP D. SLA

  ---

  AUP stands for acceptable use policy, which is a document that defines the rules and guidelines for using an organization's network, systems, devices, and resources. An AUP typically covers topics such as authorized and unauthorized activities, security requirements, data protection, user responsibilities, and consequences for violations. An AUP can help prevent non-work-related software installation on company-issued devices by clearly stating what types of software are allowed or prohibited, and what actions will be taken if users do not comply with the policy. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.techopedia.com/definition/2471/acceptable-use-policy-aup

• Question 170:

  A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

  A. Semi-authorized hackers
  B. State actors
  C. Script kiddies
  D. Advanced persistent threats
  B. State actors

  ---

  Comptia's handbook: APT=An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.