CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 181:

  HOTSPOT

  Select the appropriate attack from each drop down list to label the corresponding illustrated attack Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.

  Hot Area:

  

  Correct Answer:

  

  

  1: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization,seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to

  come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source

  of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

  2: The Hoax in this question is designed to make people believe that the fake AV (antivirus) software is genuine.

  3: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he

  or she will profit.

  4: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

  Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website,

  however, is bogus and set up only to steal the information the user enters on the page.

  5: Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit

  spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct

  Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain

  spoofing.

  References:

  http://searchsecurity.techtarget.com/definition/spear-phishing

  http://www.webopedia.com/TERM/V/vishing.html

  http://www.webopedia.com/TERM/P/phishing.html

  http://www.webopedia.com/TERM/P/pharming.html

• Question 182:

  DRAG DROP

  A security administrator has been tasked with implementing controls that meet management goals. Drag and drop the appropriate control used to accomplish the account management goal. Options may be used once or not at all.

  Select and Place:

  

  Correct Answer:

  

• Question 183:

  HOTSPOT

  Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

  INSTRUCTIONS

  Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place:

  

  Correct Answer:

  

  Implement a host-based IDS --> Implement a host-based IPS

• Question 184:

  DRAG DROP

  Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS)

  1.

  Hostname: ws01

  2.

  Domain: comptia.org

  3.

  IPv4: 10.1.9.50

  4.

  IPV4: 10.2.10.50

  5.

  Root: home.aspx

  6.

  DNS CNAME:homesite.

  Instructions:

  Drag the various data points to the correct locations within the CSR. Extension criteria belong in the let hand column and values belong in the corresponding row in the right hand column.

  Select and Place:

  

  Correct Answer:

  

• Question 185:

  DRAG DROP

  A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

  Select and Place:

  

  Correct Answer:

  

• Question 186:

  

  DRAG DROP

  A security engineer is setting up passwordless authentication for the first time.

  INSTRUCTIONS

  Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place:

  

  Correct Answer:

  

• Question 187:

  SIMULATION

  A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

  INSTRUCTIONS

  Click on each firewall to do the following:

  1.

  Deny cleartext web traffic.

  2.

  Ensure secure management protocols are used.

  3.

  Resolve issues at the DR site.

  The ruleset order cannot be modified due to outside constraints.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Firewall 1

  Hot Area:

  

  Correct Answer:

  

  In Firewall 1, HTTP inbound Action should be DENY. As shown below

  Firewall 1: DNS Rule: ANY ->; ANY ->; DNS ->; PERMIT HTTPS Outbound: 10.0.0.1/24 ->; ANY ->; HTTPS ->; PERMIT Management: ANY ->; ANY ->; SSH ->; PERMIT HTTPS Inbound: ANY ->; ANY ->; HTTPS ->; PERMIT HTTP Inbound: ANY ->; ANY ->; HTTP ->; DENY

• Question 188:

  DRAG DROP

  A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

  Select and Place:

  

  Correct Answer:

  

  When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone.

  Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and

  printouts.

  Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and

  expenses associated with the investigation.

• Question 189:

  DRAG DROP

  An attack has occurred against a company.

  INSTRUCTIONS

  You have been tasked to do the following:

  Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1)

  Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2) All objects will be used, but not all placeholders may be

  filled. Objects may only be used once. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Select and Place:

  

  Correct Answer:

  

• Question 190:

  SIMULATION

  A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

  INSTRUCTIONS

  Click on each firewall to do the following:

  1.

  Deny cleartext web traffic.

  2.

  Ensure secure management protocols are used.

  3.

  Resolve issues at the DR site.

  The ruleset order cannot be modified due to outside constraints.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Firewall 2

  Hot Area:

  

  Correct Answer:

  

  Firewall 2: No changes should be made to this firewall