CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 241:

  Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

  A. Preparation

  B. Recovery

  C. Lessons learned

  D. Analysis

  Correct Answer: A

  During the "Preparation" phase of the incident response process, roles and responsibilities are defined, and the incident response plan is developed. This includes identifying and assigning specific roles to team members, establishing communication channels, and clarifying responsibilities for each member of the incident response team. This phase ensures that everyone involved in incident response knows their duties and is prepared to respond effectively when an incident occurs.

• Question 242:

  A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

  A. Patch availability

  B. Product software compatibility

  C. Ease of recovery

  D. Cost of replacement

  Correct Answer: A

  The security team is most likely to document "Patch availability" as a security implication of the current architecture.

  End-of-life operating systems are no longer supported by the vendor, which means they do not receive regular security updates or patches. This lack of patch availability leaves the kiosks vulnerable to known and potentially exploitable security vulnerabilities. Attackers can target these vulnerabilities to compromise the kiosks and gain unauthorized access to the systems or customer information.

  It is crucial for the security team to highlight the risk associated with using end-of-life operating systems and recommend upgrading to a supported and more secure operating system to mitigate potential security threats.

• Question 243:

  A website visitor is required to provide properly formatted information in a specific field on a website form. Which of the following security measures is most likely used for this mandate?

  A. Input validation

  B. Code signing

  C. SQL injection

  D. Form submission

  Correct Answer: A

• Question 244:

  A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

  A. Setting an explicit deny to all traffic using port 80 instead of 443

  B. Moving the implicit deny from the bottom of the rule set to the top

  C. Configuring the first line in the rule set to allow all traffic

  D. Ensuring that port 53 has been explicitly allowed in the rule set

  Correct Answer: D

• Question 245:

  A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

  A. Private

  B. Critical

  C. Sensitive

  D. Public

  Correct Answer: C

  In the context of securing patient data in a hospital setting, the most appropriate data classification to use is "Sensitive." Patient data is considered sensitive information that must be protected from unauthorized access, disclosure, or

  alteration. It often contains personally identifiable information (PII) and protected health information (PHI), which is subject to strict privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United

  States. Safeguarding sensitive data is crucial to maintaining patient privacy and complying with relevant data protection laws and regulations.

  In section 5.5 of Professor Messer's course notes he has PHI, PII, and Intellectual Property as Sensitive data.

  https://www.youtube.com/watch?v=wt1HwxaCx3Uandlist=PLG49S3nxzAnkL2ulFS3132mOVKuzzBxA8andindex=175 Go to 2:30

• Question 246:

  The following IP information was provided to internal auditors to help assess organizational security:

  

  Which of the following tools would most likely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.)

  A. ipconfig

  B. ping

  C. chmod

  D. netstat

  E. traceroute

  F. route

  Correct Answer: DE

• Question 247:

  A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

  

  Which of the following best describes the type of attack?

  A. SQLi

  B. CSRF

  C. API attacks

  D. Directory traversal

  Correct Answer: D

• Question 248:

  An administrator receives the following network requirements for a data integration with a third-party vendor:

  

  Which of the following is the most appropriate response for the administrator to send?

  A. FTP is an insecure protocol and should not be used.

  B. Port 8080 is a non-standard port and should be blocked.

  C. SSH protocol version 1 is obsolete and should not be used.

  D. Certificate stapling on port 443 is a security risk that should be mitigated.

  Correct Answer: A

• Question 249:

  A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

  A. MOU

  B. SLA

  C. EOL

  D. NDA

  Correct Answer: B

• Question 250:

  A security analyst is assessing a new y developed web application by testing SQL injection, CSRF, and XML injection. Which of the follow ng frameworks should the analyst consider?

  A. ISO

  B. MITRE ATTandCK

  C. OWASP

  D. NIST

  Correct Answer: C