CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 201:

  A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found.

  Which of the following attacks was MOST likely used to cause the data toss?

  A. Logic bomb
  B. Ransomware
  C. Fileless virus
  D. Remote access Trojans
  E. Rootkit
  A. Logic bomb

  ---

  Explanation Explanation/Reference:"software was configured to delete data deliberately from those servers"

• Question 202:

  An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

  A. The DLP appliance should be integrated into a NGFW.
  B. Split-tunnel connections can negatively impact the DLP appliance's performance
  C. Encrypted VPN traffic will not be inspected when entering or leaving the network
  D. Adding two hops in the VPN tunnel may slow down remote connections
  C. Encrypted VPN traffic will not be inspected when entering or leaving the network

  ---

  In this scenario, the weakest design element is that encrypted VPN traffic will not be inspected when entering or leaving the network. Since the traffic is encrypted, the DLP (Data Loss Prevention) appliance will not be able to inspect the content of the data packets passing through the VPN tunnel. This lack of inspection can potentially allow malicious or unauthorized data to be transmitted without detection. To enhance security, it is essential to implement a solution that allows for the inspection of encrypted VPN traffic. One approach is to deploy a next-generation firewall (NGFW) with SSL/TLS decryption capabilities. The NGFW can decrypt the VPN traffic, inspect it for potential threats or sensitive data, and then re-encrypt it before sending it to its destination. By doing so, the organization can maintain security while still enabling remote users to access corporate resources through the VPN.

• Question 203:

  A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

  A. SPF
  B. GPO
  C. NAC
  D. FIM
  D. FIM

  ---

  File Integrity Monitoring (FIM) is a security feature that tracks changes to files and directories on a system. It helps administrators detect unauthorized changes, modifications, or deletions to critical files and data. FIM solutions use checksums or hash values to verify the integrity of files, comparing them to baseline values or known good states. If any discrepancies are found, alerts are generated, and administrators can take appropriate action to investigate and respond to potential security incidents. FIM is commonly used in environments where data security is essential, as it provides visibility into changes made to files, helping to detect potential security breaches or unauthorized access.

• Question 204:

  A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

  A. MDM
  B. RFID
  C. DLR
  D. SIEM
  A. MDM

  ---

  MDM stands for Mobile Device Management, which is a solution that can be used to manage and secure personal devices that access company data. MDM can enforce policies and rules, such as password protection, encryption, remote wipe, device lock, application control, and more. MDM can help a company enable BYOD (Bring Your Own Device) while protecting sensitive organizational information.

• Question 205:

  Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

  A. Unsecured root accounts
  B. Zero--day
  C. Shared tenancy
  D. Insider threat
  C. Shared tenancy

  ---

  A risk that is specifically associated with hosting applications in the public cloud is shared tenancy. Shared tenancy refers to the practice of multiple customers sharing the same physical infrastructure in a cloud environment. This can create security risks, as the actions of one customer can potentially impact the security and performance of other customers on the same infrastructure. Options A, B, and D are not specifically associated with hosting applications in the public cloud, although they can be potential risks in any computing environment.

• Question 206:

  Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public Which of the following security solutions would mitigate the risk of future data disclosures?

  A. FDE
  B. TPM
  C. HIDS D. VPN
  A. FDE

• Question 207:

  A security analyst is reviewing logs on a server and observes the following output:

  

  Which of the following is the security analyst observing?

  A. A rainbow table attack
  B. A password-spraying attack
  C. A dictionary attack
  D. A keylogger attack
  C. A dictionary attack

  ---

  Explanation Explanation/Reference:predefined list of words = dictionary attack https://www.imperva.com/learn/application-security/brute-force-attack/

• Question 208:

  An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

  

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

  ---

  Explanation Explanation/Reference:This is just a breakdown of the ports: 67 and 68 = DHCP (Dynamic Host Configuration Protocol): DHCP a client/server protocol that automatically provides IP addresses to clients. UDP Port 67 is used by the DHCP server to dynamically assign IP addresses. UDP Port 68 is the DHCP client port which is used by clients to obtain an IP address from a DHCP server. 20 and 21 = FTP (File Transfer Protocol): FTP is used to communicate and transfer files between computers. TCP Port 20 is the "data port" where the actual data transfer occurs and Port 21 is the "control port" where the client makes the connection request and management. 22 = SSH (Secure Shell) and SFTP (Secure File Transfer Protocol): SSH is a protocol that enables two computers to communicate securely by encrypting the connection. SFTP is a secure file transfer protocol that uses SSH encryption to securely send and receive file transfers. 80 and 443 = HTTP / HTTPS: HTTP(80) is a default network port used to send and receive unencrypted web pages. HTTPS(443) is HTTP but uses TLS to encrypt normal HTTP requests/responses.

• Question 209:

  Which of the following measures the average time that equipment will operate before it breaks?

  A. SLE
  B. MTBF
  C. RTO
  D. ARO
  B. MTBF

• Question 210:

  Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

  A. The data owner
  B. The data processor
  C. The data steward
  D. The data privacy officer.
  C. The data steward