CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 281:

  Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

  A. Hashing
  B. Tokenization
  C. Masking
  D. Encryption
  A. Hashing

  ---

  Hashing, is the answer. Why? Because, with Hashing the tool can identify a credential without knowing the exact credential , by a mathematical method (ex: multiply the credential by a number, and all different credentials have different results). comparing the Hashing of the local credential with the Hashing of the web credentials the tool can extrapolate if the credential was compromised. https://resources.infosecinstitute.com/topic/10-popular-password-cracking-tools/

• Question 282:

  A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:

  

  Which of the following is MOST likely occurring?

  A. XSS attack
  B. SQLi attack
  C. Replay attack
  D. XSRF attack
  B. SQLi attack

  ---

  SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. The giveaway here is the 1=1 in the query which is essentially creating a condition that will automatically be true. ====================== Helpful Info: XSS (Cross-Site Scripting) attacks -a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Replay Attack - a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a channel to intercept them and resend them under the cloak of authentic messages. CSRF (Cross Sit Request Forgery)- attacks that target functionality that causes a state change on the server, such as changing the victim's email address or password, or purchasing something.

• Question 283:

  An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

  A. Social media
  B. Cloud
  C. Supply chain
  D. Social engineering
  C. Supply chain

  ---

  The attacker is exploiting the supply chain vector. The supply chain refers to the series of processes and organizations involved in the production, distribution, and delivery of goods and services. By infiltrating third-party software vendors, the attacker is attempting to gain access to the supply chain and compromise the software that is used by the organization. This can allow the attacker to launch attacks, steal sensitive data, or disrupt operations by inserting malicious code into the software. Social media, cloud, and social engineering are not directly related to the supply chain and would not be effective for infiltrating third-party software vendors.

• Question 284:

  Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

  A. EF x asset value
  B. ALE / SLE
  C. MTBF x impact
  D. SLE x ARO
  D. SLE x ARO

  ---

  The total loss expected per year due to a threat targeting an asset can be calculated using the Single Loss Expectancy (SLE) multiplied by the Annualized Rate of Occurrence (ARO). SLE is the monetary loss expected from a single event, while ARO is the estimated frequency of that event occurring in a year. Reference: CompTIA Security+ Study Guide: Exam SY0-501, 7th Edition, by Emmett Dulaney and Chuck Easttom, Chapter 9: Risk Management, page 414.

• Question 285:

  A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home.

  Some of the requirements are:

  1.

  Employees must provide an alternate work location (i.e., a home address).

  2.

  Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.

  Which of the following BEST describes the MDM options the company is using?

  A. Geofencing, content management, remote wipe, containerization, and storage segmentation
  B. Content management, remote wipe, geolocation, context-aware authentication, and containerization
  C. Application management, remote wipe, geofencing, context-aware authentication, and containerization
  D. Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption
  B. Content management, remote wipe, geolocation, context-aware authentication, and containerization

  ---

  Geofencing vs Geolocation Application Management vs Content Management From the requirements: * "Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed" [Analisys]: here the company is more concerned about data being loss that software being installed on the device. So DLP is more important which is provided by Content Management * Employees must provide an alternate work location (i.e., a home address). Here they want to know where you live but they don't say they will restrict the usage of your device based on your location. So I think Geolocation fits in here fine.

• Question 286:

  A company develops a complex platform that is composed of a single application. After several issues with upgrades, the systems administrator recommends breaking down the application into unique, independent modules. Which of the following best identifies the systems administrator's recommendation?

  A. Virtualization
  B. Serverless
  C. Microservices
  D. API gateway
  C. Microservices

  ---

  The systems administrator's recommendation is to break down the complex platform into unique, independent modules, which is a characteristic of the microservices architecture. Microservices is an architectural style where a large application is divided into smaller, loosely coupled services that can be independently developed, deployed, and scaled. Each service handles a specific business function and communicates with other services through APIs.

• Question 287:

  A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would BEST support the organization's strategy?

  A. FIM
  B. DLP
  C. EDR
  D. UTM
  C. EDR

  ---

  FIM File Integrity Monitoring DLP Data Loss Prevention EDR Endpoint Detection and Response UTM Unified Threat Management I think the answer is EDR (when signature detection is not enough -> behavioral analysis, machine learning) update from UTM is NGFF

• Question 288:

  An organization wants to minimize the recovery time from backups in case of a disaster. Backups must be retained for one month, while minimizing the storage space used for backups. Which of the following is the best approach for a backup strategy?

  A. Full monthly, incremental daily, and differential weekly
  B. Full weekly and incremental daily
  C. Full weekly and differential daily
  D. Full daily
  C. Full weekly and differential daily

  ---

  The best approach for a backup strategy is C. Full weekly and differential daily. This option will minimize the recovery time, as you only need to restore the latest the latest full backup and latest differential backup to get the most recent data. It will also minimize the storage space, as differential backups only store the changes made since the last full backup, unlike incremental backups that store the changes made since the last backup of any type.

• Question 289:

  A SOC is currently being outsourced. Which of the following is being used?

  A. Microservice
  B. SaaS
  C. MSSP
  D. PaaS
  C. MSSP

• Question 290:

  A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

  A. Enforce the use of a controlled trusted source of container images
  B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers
  C. Define a vulnerability scan to assess container images before being introduced on the environment
  D. Create a dedicated VPC for the containerized environment
  A. Enforce the use of a controlled trusted source of container images

  ---

  Enforcing the use of a controlled and trusted source of container images is the best solution to prevent incidents like the one described. When using containerized applications, it is crucial to ensure that the container images come from trusted sources, such as a private container registry, where the images are scanned for vulnerabilities and controlled by the organization. This way, the risk of downloading images with zero-day vulnerabilities or other malicious code from public registries is minimized.