CompTIA CompTIA Security+ SY0-601 Questions & Answers

• Question 21:

  A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1, Which of the following BEST explains the findings?

  A. Default settings on the servers

  B. Unsecured administrator accounts

  C. Open ports and services

  D. Weak Data encryption

  Correct Answer: C

• Question 22:

  An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Select TWO).

  A. ISO

  B. PCI DSS

  C. SOC

  D. GDPR

  E. CSA

  F. NIST

  Correct Answer: BD

  No need for ISO as we are only in EU and USA region GDPR will do just fine, PCI DSS for card processing is always needed. It CompTIA they are tricky with there wording and they try to throw you off.

• Question 23:

  Which of the following often operates in a client-server architecture to act as a service repository, providing enterprise consumers access to structured threat intelligence data?

  A. STIX

  B. CIRT

  C. OSINT

  D. TAXII

  Correct Answer: D

  From Sec+ Book - STIX represents the cyber-threat information (threat intelligence) while TAXII defines how the information is exchanged. You can think of TAXII as "how you get there. Look at this Pic >https://oasis-open.github.io/ctidocumentation/taxii/intro.html - There is a TAXII client/TAXII Server. KEY word are "providing enterprise consumers access to structured threat intelligence data?"

• Question 24:

  A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

  A. A malicious USB was introduced by an unsuspecting employee.

  B. The ICS firmware was outdated

  C. A local machine has a RAT installed.

  D. The HVAC was connected to the maintenance vendor.

  Correct Answer: A

• Question 25:

  While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator's NEXT step to detect if there is a rague system without impacting availability?

  

  A. Conduct a ping sweep.

  B. Physically check each system.

  C. Deny Internet access to the "UNKNOWN" hostname.

  D. Apply MAC filtering.

  Correct Answer: A

  NEED FOR PING SWEEP

  Ping sweep is used for various purposes, such as improving and maintaining network security. It can also be used to:

  Discover active IP addresses on the network

  Ensure IP addresses on the network match the documentation

  Detect rogue devices connected to the network

• Question 26:

  

  DRAG DROP

  A security engineer is setting up passwordless authentication for the first time.

  INSTRUCTIONS

  Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Select and Place:

  

  Correct Answer:

  

• Question 27:

  Which of the following will MOST likely cause machine-learning and AI-enabled systems to operate with unintended consequences?

  A. Stored procedures

  B. Buffer overflows

  C. Data bias

  D. Code reuse

  Correct Answer: C

• Question 28:

  An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

  A. The baseline

  B. The endpoint configurations

  C. The adversary behavior profiles

  D. The IPS signatures

  Correct Answer: A

  Professor Messer notes : Anomaly-based ?Build a baseline of what's "normal" Behavior-based ?Observe and report

  Behavior based systems need baseline behavior data to be able to observe abnormal behavior that is different from normal (baseline)

• Question 29:

  To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used?

  A. PFS

  B. SPF

  C. DMARC

  D. DNSSEC

  Correct Answer: B

  1.

  DNSSEC

  2.

  Domain Name System Security Extensions

  3.

  Validate DNS responses

  4.

  Origin authentication, data integrit

• Question 30:

  A security operations analyst is using the company's SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of?

  A. Eradication

  B. Recovery

  C. Identification

  D. Preparation

  Correct Answer: C

  C: Identification

  Incident response lifecycle:

  -preparation

  -detection and analysis

  -containment, eradication, recovery

  -post-incident activity