CompTIA CompTIA Security+ SY0-601 Questions & Answers

• Question 11:

  a user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?

  A. Something you know, something you have, and somewhere you are

  B. Something you know, something you can do, and somewhere you are

  C. Something you are, something you know, and something you can exhibit

  D. Something you have, somewhere you are, and someone you know

  Correct Answer: A

  Something you know = password Something you have = USB key Somewhere you are = state where company resides

• Question 12:

  Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

  A. An RTO report

  B. A risk register

  C. A business impact analysis

  D. An asset value register

  E. A disaster recovery plan

  Correct Answer: B

  A risk register is a document that records all of your organisation's identified risks, the likelihood and consequences of a risk occurring, the actions you are taking to reduce those risks and who is responsible for managing them

• Question 13:

  To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?

  A. Install a hypervisor firewall to filter east-west traffic

  B. Add more VLANs to the hypervisor network switches

  C. Move exposed or vulnerable VMs to the DMZ.

  D. Implement a zero-trust policy and physically segregate the hypervisor servers.

  Correct Answer: B

  Vlans segment traffic so I guess so I guess that's what they mean by segregate

• Question 14:

  Which of the following is the correct order of volatility from MOST to LEAST volatile?

  A. Memory, temporary filesystems, routing tables, disk, network storage

  B. Cache, memory, temporary filesystems, disk, archival media

  C. Memory, disk, temporary filesystems, cache, archival media

  D. Cache, disk, temporary filesystems, network storage, archival media

  Correct Answer: B

  https://www.computer-forensics-recruiter.com/order-of-volatility/

  The IETF and the Order of Volatility

  The Internet Engineering Task Force (IETF) released a document titled, Guidelines for Evidence Collection and Archiving. It is also known as RFC 3227. This document explains that the collection of evidence should start with the most volatile

  item and end with the least volatile item. So, according to the IETF, the Order of Volatility is as follows:

  1.

  Registers, Cache

  2.

  Routing Table, ARP Cache, Process Table, Kernel Statistics, Memory

  3.

  Temporary File Systems

  4.

  Disk

  5.

  Remote Logging and Monitoring Data that is Relevant to the System in Question

  6.

  Physical Configuration, Network Topology

  7.

  Archival Media

• Question 15:

  A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees. Which of the following controls should the company consider using as part of its IAM strategy? (Select TWO).

  A. A complex password policy

  B. Geolocation

  C. An impossible travel policy

  D. Self-service password reset

  E. Geofencing

  F. Time-based logins

  Correct Answer: AB

• Question 16:

  Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?

  A. Cameras

  B. Faraday cage

  C. Access control vestibule

  D. Sensors

  E. Guards

  Correct Answer: C

• Question 17:

  An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

  A. Always On

  B. Remote access

  C. Site-to-site

  D. Full tunnel

  Correct Answer: C

  key word "expanded its operations" - a new office has been opened that needs to connect to already existing offices.

• Question 18:

  The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure.

  The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established.

  Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories?

  A. VLAN zoning with a file-transfer server in an external-facing zone

  B. DLP running on hosts to prevent file transfers between networks

  C. NAC that permits only data-transfer agents to move data between networks

  D. VPN with full tunneling and NAS authenticating through the Active Directory

  Correct Answer: A

  The labs are not part of the network so data access/loss controls within the network will not solve the issue. Network design (segmentation) with a FS accessible to the labs solves better as only authorised data is stored and no access to internal network/data. Of course other security measures for data at rest and in transit will be applied to FS i.e firewalls, VPN to authenticate and secure connections from the labs but the issue here is what data are they allowed access

• Question 19:

  A web server administrator has redundant servers and needs to ensure failover to the secondary server when the primary server goes down. Which of the following should the administrator implement to avoid disruption?

  A. NIC teaming

  B. High availability

  C. Dual power supply

  D. laaS

  Correct Answer: B

  Failover is the key word in here. We can get redundancy with NIC Teaming. But they dont take the fail over. The traffic is directed automaticly to another NIC. it is not a failover.

• Question 20:

  A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

  1.

  The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.

  2.

  One of the websites the manager used recently experienced a data breach

  3.

  The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country Which of the following attacks has MOST likely been used to compromise the manager's corporate account?

  A. Remote access Trojan

  B. Brute-force

  C. Dictionary

  D. Credential stuffing

  E. Password spraying

  Correct Answer: D

  "Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts"