CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 231:

  A systems administrator is looking for a solution that will help prevent OAuth applications from being leveraged by hackers to tick users into authorizing the use of their corporate credentials.

  Which of the following BEST describes this solution?

  A. CASB
  B. UEM
  C. WAF
  D. VPC
  B. UEM

• Question 232:

  Which of the following BEST explains the difference between a data owner and a data custodian?

  A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data
  B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data
  C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data
  D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data
  B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

• Question 233:

  A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints.

  Which of the following would BEST meet the requirements? (Choose two.)

  A. Private cloud
  B. SaaS
  C. Hybrid cloud
  D. IaaS
  E. DRaaS
  F. Fog computing
  C. Hybrid cloud
  F. Fog computing

• Question 234:

  A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.

  Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

  A. perform attribution to specific APTs and nation-state actors.
  B. anonymize any PII that is observed within the IoC data.
  C. add metadata to track the utilization of threat intelligence reports.
  D. assist companies with impact assessments based on the observed data
  B. anonymize any PII that is observed within the IoC data.

• Question 235:

  Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:

  1.

  All users share workstations throughout the day.

  2.

  Endpoint protection was disabled on several workstations throughout the network.

  3.

  Travel times on logins from the affected users are impossible.

  4.

  Sensitive data is being uploaded to external sites.

  5.

  All user account passwords were forced to be reset and the issue continued.

  Which of the following attacks is being used to compromise the user accounts?

  A. Brute-force
  B. Keylogger
  C. Dictionary
  D. Rainbow
  B. Keylogger

• Question 236:

  Data exfiltration analysis indicates that an attacker managed to download system configuration notes from a web server. The web-server logs have been deleted, but analysts have determined that the system configuration notes were stored in the database administrator's folder on the web server.

  Which of the following attacks explains what occurred? (Select TWO)

  A. Pass-the- hash
  B. Directory traversal
  C. SQL injection
  D. Privilege escalation
  E. Cross-site scnpting
  F. Request forgery
  B. Directory traversal
  D. Privilege escalation

  ---

  Explanation Explanation/Reference:Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. If the attempt is successful, the threat actor can view restricted files or execute commands on the server. Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

• Question 237:

  A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures, The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?

  A. HIPS
  B. Flm
  C. TPM
  D. DLP
  C. TPM

  ---

  Explanation Explanation/Reference:In this question, an attack has already occurred so preventative measures such as HIPS, FIM, or DLP would not be helpful. Also, the analyst wants to check the integrity of the system, and boot attestation can take place. TPM chips have mechanisms to prevent system tampering and boot attestation can be done with TPM based hardware to verify the state of the firmware, bootloader, etc. TPM is the best option here. ===================== Other Choices HIPS (Host Intrustion Prevention System) - An installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. This aims to stop malware by monitoring the behavior of code. FIM (File Integrity Monitoring) - Technology that monitors and detects file changes that could be indicative of a cyberattack. FIM specifically involves examining files to see if and when they change, how they change, who changed them, and what can be done to restore those files if those modifications are unauthorized. DLP (Data Loss Prevention) - A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. https://docs.microsoft.com/en-us/azure/security/fundamentals/measured- boot-host-attestation

• Question 238:

  When planning to build a virtual environment, an administrator needs to achieve the following:

  1.

  Establish policies to limit who can create new VMs.

  2.

  Allocate resources according to actual utilization.

  3.

  Require justification for requests outside of the standard requirements.

  4.

  Create standardized categories based on size and resource requirements.

  Which of the following is the administrator MOST likely trying to do?

  A. Implement IaaS replication
  B. Product against VM escape
  C. Deploy a PaaS
  D. Avoid VM sprawl
  D. Avoid VM sprawl

  ---

  from the comptia official textbook: "VM sprawl occurs when an organization deploys numerous virtual machines without an overarching IT management or security plan in place. Although VMs are easy to create and clone, they have the same licensing and security management requirements as a metalinstalled OS. Uncontrolled VM creation can quickly lead to a situation where manual oversight cannot keep up with system demand. To prevent or avoid VM sprawl, a policy for developing and deploying VMs must be established and enforced. This should include establishing a library of initial or foundation VM images that are to be used to develop and deploy new services. In some instances, VM sprawl relates to the use of lower-powered equipment that results in poorly performing VMs."

• Question 239:

  Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

  A. NAC
  B. DLP
  C. IDS
  D. MFA
  A. NAC

  ---

  NAC stands for network access control, which is a security solution that enforces policies and controls on devices that attempt to access a network. NAC can help prevent unauthorized devices from accessing the internal network by verifying their identity, compliance, and security posture before granting them access. NAC can also monitor and restrict the activities of authorized devices based on predefined rules and roles. References: https://www.comptia.org/ certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/products/security/what-is-network-access-control-nac.html

• Question 240:

  The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs

  Which of the following is the BEST solution to meet the requirement?

  A. Tokenization
  B. Masking
  C. Full disk encryption
  D. Mirroring
  A. Tokenization

  ---

  Explanation Explanation/Reference:Tokenization is mainly used to protect data at rest whereas masking is used to protect data in use.