CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 271:

  Which of the following methods is the most effective for reducing vulnerabilities?

  A. Joining an information-sharing organization
  B. Using a scan-patch-scan process
  C. Implementing a bug bounty program
  D. Patching low-scoring vulnerabilities first
  B. Using a scan-patch-scan process

  ---

  Vulnerability scanning: Conducting regular vulnerability scans to identify potential security weaknesses in the organization's systems, networks, and applications. Patching: Addressing the identified vulnerabilities by applying the necessary security patches and updates to the affected systems. Patching helps to close the known security holes that could be exploited by attackers. Re-scanning: After applying the patches, conducting another round of vulnerability scanning to verify that the identified vulnerabilities have been properly addressed and that the systems are no longer at risk.

• Question 272:

  Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

  A. White team
  B. Purple team
  C. Green team
  D. Blue team
  E. Red team
  A. White team

• Question 273:

  A network engineer needs to build a solution that will allow guests at the company's headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet.

  Which of the following should the engineer employ to meet these requirements?

  A. Implement open PSK on the APs
  B. Deploy a WAF
  C. Configure WIPS on the APs
  D. Install a captive portal
  D. Install a captive portal

  ---

  captive portal = a webpage where the user has to sign in

• Question 274:

  Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

  A. Data encryption
  B. Data masking
  C. Data deduplication
  D. Data minimization
  B. Data masking

• Question 275:

  Ann. a forensic analyst. needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

  A. Chain of custody
  B. Checksums
  C. Non-repudiaton
  D. Legal hold
  B. Checksums

  ---

  Explanation Explanation/Reference:If the checksum of the original file is known, an authorized user can run a checksum/hashing utility on the file to match the resulting checksum to the original checksum. If these two checksums match, the file is identical. However, if they don't match, the user can identify a fake version of the original file. Checksums are used to check files and other data for errors or manipulation that might have occurred during data transmission or storage.

• Question 276:

  During an investigation, events from two affected servers in the same subnetwork occurred at the same time:

  Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin' Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin'

  Which of the following should be consistently configured to prevent the issue seen in the logs?

  A. Geolocation
  B. TOTP
  C. NTP
  D. MFA
  C. NTP

• Question 277:

  A SOC is implementing an in sider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat?

  A. A honeyfile
  B. ADMZ
  C. DLP
  D. File integrity monitoring
  A. A honeyfile

• Question 278:

  Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

  A. SPIM
  B. vishing
  C. Hopping
  D. Phishing
  E. Credential harvesting
  F. Tailgating
  B. vishing
  E. Credential harvesting

  ---

  Explanation Explanation/Reference:after heavy consideration and reading through multiple sec+ books, i m kinda going with B and D. vishing and credential harvesting as being the most common attacks, as hopping doesnt ever seem to come up in the material. https://fitsmallbusiness.com/voip-security-threats/

• Question 279:

  A security administrator checks the table of a network switch, which shows the following output:

  

  Which of the following is happening to this switch?

  A. MAC Flooding
  B. DNS poisoning
  C. MAC cloning
  D. ARP poisoning
  A. MAC Flooding

  ---

  Explanation Explanation/Reference:The MAC Flooding is an attacking method intended to compromise the security of the network switches. Usually, the switches maintain a table structure called MAC Table. This MAC Table consists of individual MAC addresses of the host computers on the network which are connected to ports of the switch. This table allows the switches to direct the data out of the ports where the recipient is located. The aim of the MAC Flooding is to takedown this MAC Table. In a typical MAC Flooding attack, the attacker sends Ethernet Frames in a huge number. When sending many Ethernet Frames to the switch, these frames will have various sender addresses. The intention of the attacker is consuming the memory of the switch that is used to store the MAC address table. The MAC addresses of legitimate users will be pushed out of the MAC Table. Now the switch cannot deliver the incoming data to the destination system. So considerable number of incoming frames will be flooded at all ports. https://www.interserver.net/tips/kb/mac-flooding-prevent/

• Question 280:

  A company's security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?

  A. Deterrent
  B. Compensating
  C. Detective
  D. Preventive
  B. Compensating

  ---

  Compensating control looks to be correct here. Open to correction however A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.