CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 291:

  A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

  

  Which of the following types of attack is MOST likely being conducted?

  A. SQLi
  B. CSRF
  C. Session replay
  D. API
  B. CSRF

  ---

  Session replay, needs session info to replay attack. not enough information on the img to indicate that. CSRF is more likely, assuming a bunch of email with get request link being send to Yourbank.com's customers for clicks(assuming users are already logged in). Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.

• Question 292:

  A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network. Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?

  A. WPS
  B. WPA2
  C. WAP
  D. HTTPS
  B. WPA2

• Question 293:

  A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

  A. Implementation of preventive controls
  B. Implementation of detective controls
  C. Implementation of deterrent controls
  D. Implementation of corrective controls
  B. Implementation of detective controls

  ---

  Its a CompTIA tricky one like always: The reason that B is the answer is because the SIEM is simply sending alerts [Detecting], the Antivirus is already implementing the preventive controls by blocking malicious activity, the SIEMs job is to detect when something is prevented by the Antivirus.

• Question 294:

  A user is having network connectivity issues when working from a coffee shop. The user has used the coffee shop as a workspace for several months without any issues. None of the other customers at the coffee shop are experiencing these issues. A help desk analyst at the user's company reviews the following Wi-Fi log:

  

  Which of the following best describes what is causing this issue?

  A. Another customer has configured a rogue access point.
  B. The coffee shop network is using multiple frequencies.
  C. A denial-of-service attack by disassociation is occurring.
  D. An evil twin access point is being utilized.
  C. A denial-of-service attack by disassociation is occurring.

• Question 295:

  A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization's executives determine the next course of action?

  A. An incident response plan
  B. A communications plan
  C. A disaster recovery plan
  D. A business continuity plan
  D. A business continuity plan

• Question 296:

  A systems administrator wants to implement a backup solution. The solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

  A. Incremental
  B. Storage area network
  C. Differential
  D. Image
  D. Image

• Question 297:

  Which of the following scenarios BEST describes a risk reduction technique?

  A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
  B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
  C. A security control objective cannot be met through a technical change, so the company changes as method of operation
  D. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.
  B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

  ---

  A and D are transference/acceptance. C is not active mitigation

• Question 298:

  DRAG DROP

  A Security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and Drop the applicable controls to each asset type. Instructions: Controls can be used multiple times and not all placeholders needs to be filled. When you have completed the simulation, Please select Done to submit.

  Select and Place:

  

  

  ---

  Explanation/Reference:

  Cable locks are used as a hardware lock mechanism - thus best used on a Data Center Terminal Server.

  Network monitors are also known as sniffers - thus best used on a Data Center Terminal Server.

  Install antivirus software. Antivirus software should be installed and definitions kept current on all hosts. Antivirus software should run on the server as well as on every workstation. In addition to active monitoring of incoming fi les, scans should be conducted regularly to catch any infections that have slipped through- thus best used on a Data Center Terminal Server.

  Proximity readers are used as part of physical barriers which makes it more appropriate to use on a center's entrance to protect the terminal server.

  Mentor app is an Apple application used for personal development and is best used on a mobile device such as a smart phone.

  Remote wipe is an application that can be used on devices that are stolen to keep data safe. It is basically a command to a phone that will remotely clear the data on that phone.

  This process is known as a remote wipe, and it is intended to be used if the phone is stolen or going to another user.

  Should a device be stolen, GPS (Global Positioning System) tracking can be used to identify its location and allow authorities to find it - thus best used on a smart phone.

  Screen Lock is where the display should be configured to time out after a short period of inactivity and the screen locked with a password. To be able to access the system again, the user must provide the password. After a certain number of attempts, the user should not be allowed to attempt any additional logons; this is called lockout - thus best used on a smart phone.

  Strong Password since passwords are always important, but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values - thus best use strong passwords on a smartphone as it can be stolen more easily than a terminal server in a data center.

  Device Encryption- Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a usable form without the correct passwords. It is recommended to you use Trusted Platform Module (TPM) for all mobile devices where possible.

  Use pop-up blockers. Not only are pop-ups irritating, but they are also a security threat.

  Pop-ups (including pop-unders) represent unwanted programs running on the system, and they can jeopardize the system's well-being. This will be more effective on a mobile device rather than a terminal server.

  Use host-based firewalls. A firewall is the first line of defense against attackers and malware. Almost every current operating system includes a firewall, and most are turned on by Default- thus best used on a Data Center Terminal Server.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 221, 222, 369, 418

  http://www.mentor-app.com/

• Question 299:

  A security administrator needs to create a RAID configuration that is focused on high read/write speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

  A. RA1D 0
  B. RAID1
  C. RAID 5
  D. RAID 10
  D. RAID 10

  ---

  RAID 0 - no fault tollerance/ high write speed RAID 1 - low write speed RAID 5 - low write speed RAID 10 - fault tolerance of RAID 1 + high speed of RAID 0 https://techgenix.com/raid-10-vs-raid-5/

• Question 300:

  An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely. Which of the following is the organization experiencing?

  A. Reputation damage
  B. Identity theft
  C. Anonymlzation
  D. Interrupted supply chain
  A. Reputation damage