CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 181:

  Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

  A. Watering-hole attack
  B. Credential harvesting
  C. Hybrid warfare
  D. Pharming
  A. Watering-hole attack

  ---

  watering hole attack --> An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

• Question 182:

  Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.

  Which of the following is MOST likely causing the malware alerts?

  A. A worm that has propagated itself across the intranet, which was initiated by presentation media
  B. A fileless virus that is contained on a vCard that is attempting to execute an attack
  C. A Trojan that has passed through and executed malicious code on the hosts
  D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
  B. A fileless virus that is contained on a vCard that is attempting to execute an attack

  ---

  Explanation Explanation/Reference:V-card make perfect sense because it can be embedded with File-less Virus. The statement ''malware alerts coming from each of the employee's workstations" Not everyone would be Carrying a Usb in a trade show, However V-card is a virtual card and it can be stored in your phone and people are more likely to exchange V-card in trade show for information than Usb Sticks.

• Question 183:

  Which of the following is a reason to publish files' hashes?

  A. To validate the integrity of the files
  B. To verify if the software was digitally signed
  C. To use the hash as a software activation key
  D. To use the hash as a decryption passphrase
  A. To validate the integrity of the files

  ---

  Explanation Explanation/Reference:To validate the integrity of the files - Hash function algorithms compares the file's original and current hash values. And if a byte or even a piece of the file's data has been changed, the original and current hash values will be different, and therefore you will know whether it's the same file or not.

• Question 184:

  A security analyst is hardening a network infrastructure. The analyst is given the following requirements:

  1.

  Preserve the use of public IP addresses assigned to equipment on the core router.

  2.

  Enable "in transport" encryption protection to the web server with the strongest ciphers.

  Which of the following should the analyst implement to meet these requirements? (Select TWO).

  A. Configure VLANs on the core router.
  B. Configure NAT on the core router.
  C. Configure BGP on the core router.
  D. Enable AES encryption on the web server.
  E. Enable 3DES encryption on the web server.
  F. Enable TLSv2 encryption on the web server.
  B. Configure NAT on the core router.
  F. Enable TLSv2 encryption on the web server.

• Question 185:

  A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

  A. Security research publications
  B. The MITRE ATTandCK framework
  C. The Diamond Model of Intrusion Analysis
  D. The Cyber Kill Chain
  B. The MITRE ATTandCK framework

• Question 186:

  A user contacts the help desk to report the following:

  1.

  Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID.

  2.

  This had never happened before, but the user entered the information as requested.

  3.

  The user was able to access the Internet but had trouble accessing the department share until the next day.

  4.

  The user is now getting notifications from the bank about unauthorized transactions.

  Which of the following attack vectors was MOST likely used in this scenario?

  A. Rogue access point
  B. Evil twin
  C. DNS poisoning
  D. ARP poisoning
  B. Evil twin

  ---

  The person started seeing fraudulent bank activity after connecting to the wireless network. On top of that a rogue access point would most likely NOT have the same SSID as the corporate network. https://security.stackexchange.com/questions/152816/whats-the-difference-between-an-evil-twin-and-a-rogue-access-point#:~:text=A%20rogue%20access%20point%20is,network%20or%20even%20to%20internet.

• Question 187:

  During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

  A. dd
  B. memdump
  C. tcpdump
  D. head
  A. dd

  ---

  The analyst can use dd to continue the investigation and also return the laptop to the user as soon as possible. dd is a command-line utility that is used to create a disk image of a storage device. By creating a disk image of the laptop using dd, the analyst can preserve the current state of the device and continue the investigation without disrupting the user or altering the contents of the laptop. This would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible. memdump, tcpdump, and head are not directly related to creating a disk image of a storage device and would not be effective for continuing the investigation while also returning the laptop to the user.

• Question 188:

  A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The file-sharing service is the same one used by company staff as one of its approved third- party applications. After further investigation, the security team determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from reoccurring but does not want to impact existing business processes.

  Which of the following would BEST meet the CSO's objectives?

  A. DLP
  B. SWG
  C. CASB
  D. Virtual network segmentation
  E. Container security
  A. DLP

• Question 189:

  A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

  A. Create a new network for the mobile devices and block the communication to the internal network and servers
  B. Use a captive portal for user authentication.
  C. Authenticate users using OAuth for more resiliency
  D. Implement SSO and allow communication to the internal network
  E. Use the existing network and allow communication to the internal network and servers.
  F. Use a new and updated RADIUS server to maintain the best solution
  B. Use a captive portal for user authentication.
  C. Authenticate users using OAuth for more resiliency

• Question 190:

  An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

  A. A spear-phishing attack
  B. A watering-hole attack
  C. Typo squatting
  D. A phishing attack
  B. A watering-hole attack

  ---

  Explanation Explanation/Reference:Watering-hole - An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.