CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 251:

  An organization is planning to roll out a new mobile device policy and issue each employee a new laptop, These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles.

  Which of the following deployment models is being utilized?

  A. MDM and application management
  B. BYOO and containers
  C. COPE and VDI
  D. CYOD and VMs
  C. COPE and VDI

  ---

  COPE: Corporate-Owned Personally Enabled. The question states that the company is handing out laptops but then they can use them outside of business requirements. VDI (Virtual Desktop Infrastructure): You can access Operating Systems Virtually, It's like a whole desktop, but virtual. Regarding the question, the employees can access company data through VDI, while being able to use the laptops for personal stuff.

• Question 252:

  During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC.

  Which of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the nsk that the adversary would notice any changes?

  A. Physically move the PC to a separate Internet point of presence.
  B. Create and apply microsegmentation rules,
  C. Emulate the malware in a heavily monitored DMZ segment
  D. Apply network blacklisting rules for the adversary domain
  B. Create and apply microsegmentation rules,

  ---

  AH secure in entire packet

• Question 253:

  Which of the following is required in order (or an IDS and a WAF to be effective on HTTPS traffic?

  A. Hashing
  B. DNS sinkhole
  C. TLS inspection
  D. Data masking
  C. TLS inspection

  ---

  TLS (Transport Layer Security) is a protocol that is used to encrypt data sent over HTTPS (Hypertext Transfer Protocol Secure). In order for an intrusion detection system (IDS) and a web application firewall (WAF) to be effective on HTTPS traffic, they must be able to inspect the encrypted traffic. TLS inspection allows the IDS and WAF to decrypt and inspect the traffic, allowing them to detect any malicious activity. References: [1] CompTIA Security+ Study Guide Exam SY0-601 [1], Sixth Edition, Chapter 11, "Network Security Monitoring" [2] CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, Chapter 7, "Intrusion Detection and Prevention"

• Question 254:

  A security administrator examines the ARP table of an access switch and sees the following output:

  

  A. DDoS on Fa0/2 port
  B. MAC flooding on Fa0/2 port
  C. ARP poisoning on Fa0/1 port
  D. DNS poisoning on port Fa0/1
  B. MAC flooding on Fa0/2 port

• Question 255:

  A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

  A. Smart card
  B. PIN code
  C. Knowledge-based question
  D. Secret key
  A. Smart card

• Question 256:

  A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.

  Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

  A. perform attribution to specific APTs and nation-state actors.
  B. anonymize any PII that is observed within the IoC data.
  C. add metadata to track the utilization of threat intelligence reports.
  D. assist companies with impact assessments based on the observed data
  B. anonymize any PII that is observed within the IoC data.

• Question 257:

  A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

  A. Security information and event management
  B. A web application firewall
  C. A vulnerability scanner
  D. A next-generation firewall
  A. Security information and event management

  ---

  Explanation Explanation/Reference:Security information and event management (SIEM) is the technology that will accomplish the objective of centralizing logs to create a baseline and gain visibility on security events. SIEM is a comprehensive approach to security management that involves the collection, aggregation, analysis, and correlation of log data from various sources throughout an organization's IT infrastructure. It allows security teams to monitor, detect, and respond to security incidents effectively. A SIEM system can collect log data from various sources, such as firewalls, network devices, servers, applications, and endpoints, and then normalize and correlate this data to provide a centralized view of security events and activities. It can help identify suspicious or anomalous behavior, detect security incidents, and provide real-time alerts for potential threats.

• Question 258:

  A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the company implement?

  A. PEAP
  B. PSK
  C. WPA3
  D. WPS
  A. PEAP

  ---

  PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that can provide secure authentication for wireless networks. PEAP can use certificates to authenticate the server and the client, or only the server. PEAP can also use other methods, such as passwords or tokens, to authenticate the client. PEAP can ensure only employees with a valid certificate can authenticate to the network.

• Question 259:

  Which of the following is the correct order of volatility from MOST to LEAST volatile?

  A. Memory, temporary filesystems, routing tables, disk, network storage
  B. Cache, memory, temporary filesystems, disk, archival media
  C. Memory, disk, temporary filesystems, cache, archival media
  D. Cache, disk, temporary filesystems, network storage, archival media
  B. Cache, memory, temporary filesystems, disk, archival media

  ---

  https://www.computer-forensics-recruiter.com/order-of-volatility/ The IETF and the Order of Volatility The Internet Engineering Task Force (IETF) released a document titled, Guidelines for Evidence Collection and Archiving. It is also known as RFC 3227. This document explains that the collection of evidence should start with the most volatile item and end with the least volatile item. So, according to the IETF, the Order of Volatility is as follows: 1. Registers, Cache 2. Routing Table, ARP Cache, Process Table, Kernel Statistics, Memory 3. Temporary File Systems 4. Disk 5. Remote Logging and Monitoring Data that is Relevant to the System in Question 6. Physical Configuration, Network Topology 7. Archival Media

• Question 260:

  A user recently attended an exposition and received some digital promotional materials The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open Which of the following is MOST likely the cause of the reported issue?

  A. There was a drive-by download of malware
  B. The user installed a cryptominer
  C. The OS was corrupted
  D. There was malicious code on the USB drive
  D. There was malicious code on the USB drive