CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 231:

  Which of the following methods is the most effective for reducing vulnerabilities?

  A. Joining an information-sharing organization

  B. Using a scan-patch-scan process

  C. Implementing a bug bounty program

  D. Patching low-scoring vulnerabilities first

  Correct Answer: B

  Vulnerability scanning: Conducting regular vulnerability scans to identify potential security weaknesses in the organization's systems, networks, and applications.

  Patching: Addressing the identified vulnerabilities by applying the necessary security patches and updates to the affected systems. Patching helps to close the known security holes that could be exploited by attackers.

  Re-scanning: After applying the patches, conducting another round of vulnerability scanning to verify that the identified vulnerabilities have been properly addressed and that the systems are no longer at risk.

• Question 232:

  A network manager wants to protect the company's VPN by multifactor authentication that uses:

  1.

  Something you know

  2.

  Something you have

  3.

  Somewhere you are

  Which of the following would accomplish the manager's goal?

  A. Domain name. PKI, GeoIP lookup

  B. VPN IP address, company ID. partner site

  C. Password, authentication token, thumbprint

  D. Company URL, TLS certificate, home address

  Correct Answer: C

• Question 233:

  A marketing coordinator is trying to access a social media application on a company laptop but is getting blocked. The coordinator opens a help desk ticket to report the issue. Which of the following documents should a security analyst review to determine whether accessing social media applications on a company device is permitted?

  A. Incident response policy

  B. Business continuity policy

  C. Change management policy

  D. Acceptable use policy

  Correct Answer: D

  The acceptable use policy (AUP) defines the rules and guidelines for using company resources, including computers, laptops, and other devices. It typically specifies what activities are allowed and prohibited on company devices, such as accessing social media applications. By reviewing the AUP, a security analyst can determine whether accessing social media applications on a company device is permitted or not.

• Question 234:

  Which of the following can best protect against an employee inadvertently installing malware on a company system?

  A. Host-based firewall

  B. System isolation

  C. Least privilege

  D. Application allow list

  Correct Answer: D

  CompTIA Security+ emphasizes the importance of application control and whitelisting as a strong security practice. An application allow list ensures that only approved and authorized applications can run on a system, effectively preventing the execution of unauthorized or potentially malicious software. This practice aligns with the principle of minimizing attack surfaces and reducing the risk of malware infections caused by inadvertently installing unapproved software.

  While the principle of least privilege (Option C) is also an important security principle, it focuses on restricting user permissions to the minimum necessary level. Application allow lists provide more direct protection against unauthorized software execution in the context of malware prevention.

• Question 235:

  A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access points are up and running. One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

  A. Someone near the building is jamming the signal.

  B. A user has set up a rogue access point near the building.

  C. Someone set up an evil twin access point in the affected area.

  D. The APs in the affected area have been unplugged from the network.

  Correct Answer: A

  The most likely reason for the wireless network outage in the affected building near the parking lot is that someone is jamming the wireless signal. Jamming is a deliberate attempt to disrupt wireless communication by transmitting interference on the same frequency as the wireless network, causing the access points and clients to experience connectivity issues.

  Jamming can be carried out using various devices that emit radio frequency signals, interfering with the normal operation of wireless devices. This interference prevents legitimate users from connecting to the wireless network and disrupts the communication between access points and clients.

• Question 236:

  A large retail store's network was breached recently, and this news was made public. The store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the store lost revenue after the breach. Which of the following is the most likely reason for this issue?

  A. Employee training

  B. Leadership changes

  C. Reputation damage

  D. Identity theft

  Correct Answer: C

  Even though no intellectual property or customer information was stolen, the fact that the breach became public knowledge could have significantly damaged the store's reputation. Customers may lose trust in the store's ability to protect their data and personal information, leading to a decline in sales and customer loyalty. A damaged reputation can result in negative publicity, reduced customer confidence, and a decrease in the store's overall market value, all of which can impact the company's revenue and profitability.

• Question 237:

  A government organization is developing an advanced Al defense system. Developers are using information collected from third-party providers. Analysts are noticing inconsistencies in the expected progress of the Al learning and attribute the outcome to a recent attack on one of the suppliers. Which of the following is the most likely reason for the inaccuracy of the system?

  A. Improper algorithms security

  B. Tainted training data

  C. Fileless virus

  D. Cryptomalware

  Correct Answer: B

  Tainted training data refers to the situation where the data used to train the AI system is corrupted or influenced by malicious actors. In this case, the third-party providers might have provided data that was compromised or manipulated by attackers, leading to inconsistencies in the expected progress of the AI learning. If the training data contains incorrect or malicious information, the AI system's ability to accurately detect and defend against threats can be compromised. This is a common challenge in AI development, and ensuring the integrity and security of the training data is crucial to building effective AI defense systems.

• Question 238:

  A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

  A. DDoS

  B. Privilege escalation

  C. DNS poisoning

  D. Buffer overflow

  Correct Answer: A

  The scenario described in the question is indicative of a Distributed Denial of Service (DDoS) attack. In a DDoS attack, the attacker floods a target system or network with a massive amount of traffic, overwhelming its resources and causing services to become unavailable to legitimate users.

  In this case, the security analyst identified and blocked a specific source IP address involved in the attack, but the attack is still ongoing from multiple other source IP addresses. DDoS attacks typically involve a large number of compromised or maliciously controlled devices (such as botnets) that are distributed across various locations, making it difficult to stop the attack by simply blocking individual sources.

• Question 239:

  Which of the following can be used to identify potential attacker activities without affecting production servers?

  A. Honeypot

  B. Video surveillance

  C. Zero trust

  D. Geofencing

  Correct Answer: A

  A honeypot is a cybersecurity strategy used to identify potential attacker activities without affecting production servers. It involves setting up a decoy system or network with the appearance of being a valuable target to attackers. The honeypot is designed to attract and lure attackers, allowing security teams to monitor their actions, study their techniques, and gather information about their tactics without putting the actual production environment at risk.

  By analyzing the activities of attackers on the honeypot, security professionals can gain insights into potential threats, vulnerabilities, and attack patterns. It provides an opportunity to detect and understand new and emerging threats before they impact the organization's critical systems and data.

• Question 240:

  During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

  A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

  B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

  C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

  D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

  Correct Answer: B

  In this rule, the source IP address 10.1.4.9 is denied access to any destination IP address (0.0.0.0/0) in the organization's network. This effectively blocks the malicious IP address from accessing any resources within the network.