CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 291:

  The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network?

  A. HIPS

  B. DLP

  C. HIDS

  D. EDR

  Correct Answer: B

• Question 292:

  On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

  A. Shoulder surfing

  B. Watering-hole attack

  C. Tailgating

  D. Impersonation

  Correct Answer: C

• Question 293:

  A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that someone could use removable media to install a rootkit. Which of the should the security engineer configure to BEST protect the kiosk computer?

  A. Measured boot

  B. Boot attestation

  C. UEFI

  D. EDR

  Correct Answer: A

• Question 294:

  An upcoming project focuses on secure communications and trust between external parties. Which of the following security components will need to be considered to ensure a chosen trust provider IS used and the selected option is highly scalable?

  A. Self-signed certificate

  B. Certificate attributes

  C. Public key Infrastructure

  D. Domain validation

  Correct Answer: C

  PKI is a security technology that enables secure communication between two parties by using cryptographic functions. It consists of a set of components that are used to create, manage, distribute, store, and revoke digital certificates. PKI provides a secure way to exchange data between two parties, as well as a trust provider to ensure that the data is not tampered with. It also helps to create a highly scalable solution, as the same certificate can be used for multiple parties. According to the CompTIA Security+ Study Guide, "PKI is a technology used to secure communications between two external parties. PKI is based on the concept of digital certificates, which are used to authenticate the sender and recipient of a message. PKI provides a trust provider to ensure that the digital certificate is valid and has not been tampered with. It also provides a scalable solution, as multiple parties can use the same certificate."

• Question 295:

  A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

  A. MAC filtering

  B. Anti-malware

  C. Translation gateway

  D. VPN

  Correct Answer: D

  A VPN (virtual private network) is a secure tunnel used to encrypt traffic and prevent unauthorized access to the internal network. It is a secure way to extend a private network across public networks, such as the Internet, and can be used to allow remote users to securely access resources on the internal network. Additionally, a VPN can be used to prevent malicious traffic from entering the internal network.

• Question 296:

  Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware. Which of the following controls is described in this scenario?

  A. Compensating

  B. Deterrent

  C. Preventive

  D. Detective

  Correct Answer: C

  The scenario describes preventive controls, which are designed to stop malicious actors from gaining access to the organization's servers. This includes using multiple access points, such as a lobby, an access control vestibule, and multiple doors leading to the server floor, as well as caging the organization's hardware. According to the CompTIA Security+ SY0-601 document, preventive controls are "designed to stop malicious actors from performing a malicious activity or gaining access to an asset." These controls can include technical solutions, such as authentication and access control systems, physical security solutions, such as locks and barriers, and administrative solutions such as policy enforcement.

• Question 297:

  A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

  A. pcap reassembly

  B. SSD snapshot

  C. Image volatile memory

  D. Extract from checksums

  Correct Answer: C

  The best technique for the digital forensics team to use to obtain a sample of the malware binary is to image volatile memory. Volatile memory imaging is a process of collecting a snapshot of the contents of a computer's RAM, which can include active malware programs. According to the CompTIA Security+ SY0- 601 Official Text Book, volatile memory imaging can be used to capture active malware programs that are running in memory, but have not yet been committed to disk. This technique is especially useful in cases where the malware is designed to self-destruct or erase itself from the disk after execution.

• Question 298:

  Which of Ihe following control types is patch management classified under?

  A. Deterrent

  B. Physical

  C. Corrective

  D. Detective

  Correct Answer: C

  Patch management is classified as a corrective control because it is used to correct vulnerabilities or weaknesses in systems and applications after they have been identified. It is a reactive approach that aims to fix problems that have already occurred rather than prevent them from happening in the first place. Reference: CompTIA Security+ SY0-601 Official Textbook, page 109.

• Question 299:

  A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user MOST likely experiencing?

  A. Bluejacking

  B. Jamming

  C. Rogue access point

  D. Evil twin

  Correct Answer: C

• Question 300:

  A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?

  A. cat webserver.log | head -4600 | tail +500 |

  B. cat webserver.log | tail -1995400 | tail -500 |

  C. cat webserver.log | tail -4600 | head -500 |

  D. cat webserver.log | head -5100 | tail -500 |

  Correct Answer: D

  the cat command displays the contents of a file, the head command displays the first lines of a file, and the tail command displays the last lines of a file. To display a specific number of lines from a file, you can use a minus sign followed by a number as an option for head or tail. For example, head -10 will display the first 10 lines of a file. To obtain the next 500 lines starting from line 4,600, you need to use both head and tail commands. https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/file-manipulation- tools/