CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 311:

  A security analyst needs to implement an MDM solution for BYOD users that willallow the company to retain control over company emails residing on the devices andlimit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO).

  A. Full-device encryption

  B. Network usage rules

  C. Geofencing

  D. Containerization

  E. Application whitelisting

  F. Remote control

  Correct Answer: DF

• Question 312:

  Which of the following would be indicative of a hidden audio file found inside of a piece of source code?

  A. Steganography

  B. Homomotphic encryption

  C. Cipher surte

  D. Blockchain

  Correct Answer: A

  Steganography is the technique of hiding secret data within an ordinary, non- secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data. The word steganography is derived from the Greek words steganos (meaning hidden or covered) and the Greek root graph (meaning to write).

• Question 313:

  An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization is enabling risk:

  A. avoidance

  B. acceptance

  C. mitigation

  D. transference

  Correct Answer: D

  Risk Transference is transferring risk to a third party such as a vendor. In cyber security, that can be through utilizing cyber-risk insurance. Cyber insurance generally covers a business' liability for a data breach involving sensitive customer

  information, such as account numbers, credit card numbers, health records etc.

  ==============================================

  Other Choices:

  Risk Avoidance - Strategy that eliminates risk by avoiding activities that would expose themselves to the risk.

  Risk Mitigation - the practice of reducing the impact of risks through preventative and reactive planning

  Risk Acceptance - When a business or individual accepts the potential loss from a risk. Generally occurs when the business or individual feels that the risk does not warrant the countermeasures.

• Question 314:

  A SOC operator is analyzing a log file that contains the following entries:

  

  Which of the following explains these log entries?

  A. SQL injection and improper input-handling attempts

  B. Cross-site scripting and resource exhaustion attempts

  C. Command injection and directory traversal attempts

  D. Error handling and privilege escalation attempts

  Correct Answer: C

  Directory traversal is when an attacker uses the software on a web server to access data in a directory other than the server's root directory. If the attempt is successful, the threat actor can view restricted files or execute commands on the

  server.

  Command injection is an attack that involves executing commands on a host. Typically, the threat actor injects the commands by exploiting an application vulnerability, such as insufficient input validation.

  The attacker is attempting to traverse the directory of the host and execute the cat command which could be used to print the contents of a file.

• Question 315:

  A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?

  A. Red-team exercise

  B. Capture-the-flag exercise

  C. Tabletop exercise

  D. Phishing exercise

  Correct Answer: C

• Question 316:

  A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

  A. CYOD

  B. MDM

  C. COPE

  D. VDI

  Correct Answer: D

  According to Professor Messer's video1, VDI stands for Virtual Desktop Infrastructure and it is a deployment model where employees use their personal computers to access a virtual machine that runs the company's operating system and applications.

  In the scenario described, the company is implementing a virtual desktop infrastructure (VDI) deployment model [1]. This allows employees to access the cloud computing environment using their personal computers, while the company manages the operating system. The VDI model is suitable for remote work scenarios because it provides secure and centralized desktop management, while allowing employees to access desktops from any device.

• Question 317:

  Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

  A. Walk-throughs

  B. Lessons learned

  C. Attack framework alignment

  D. Containment

  Correct Answer: B

  After the root cause of a security incident has been identified, it is important to take the time to analyze what went wrong and how it could have been prevented. This process is known as "lessons learned" and allows organizations to identify potential improvements to their security processes and protocols. Lessons learned typically involve a review of the incident and the steps taken to address it, a review of the security systems and procedures in place, and an analysis of any potential changes that can be made to prevent similar incidents from occurring in the future.

• Question 318:

  Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities After further investigation, a security analyst notices the following

  1.

  All users share workstations throughout the day

  2.

  Endpoint protection was disabled on several workstations throughout the network.

  3.

  Travel times on logins from the affected users are impossible

  4.

  Sensitive data is being uploaded to external sites

  5.

  All usee account passwords were forced lo be reset and the issue continued

  Which of the following attacks is being used to compromise the user accounts?

  A. Brute-force

  B. Keylogger

  C. Dictionary

  D. Rainbow

  Correct Answer: B

  Enduser protection is disabled and someone installed a keyloggers since workstations are being shared. Changing password doesn't uninstall this keylogger which is likely recording the new changed passwords and sending them out to the attacker.

• Question 319:

  The Chief Compliance Officer from a bank has approved a background check policy for all new hires Which of the following is the policy MOST likely protecting against?

  A. Preventing any current employees' siblings from working at the bank to prevent nepotism

  B. Hiring an employee who has been convicted of theft to adhere to industry compliance

  C. Filtenng applicants who have added false information to resumes so they appear better qualified

  D. Ensuring no new hires have worked at other banks that may be trying to steal customer information

  Correct Answer: B

  Source: https://www.pcicomplianceguide.org/what-does-the-pci-dss-say-about-employee-background-checks/

  PCI DSS requires background checks for employees handling credit card holder data.

• Question 320:

  A company is considering transitioning to the cloud. The company employs individuals from various locations around the world The company does not want to increase its on-premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

  A. Private cloud

  B. Hybrid environment

  C. Managed security service provider

  D. Hot backup site

  Correct Answer: B

  A hybrid environment is a cloud computing model that combines on-premises infrastructure with a cloud infrastructure. This type of solution would allow the company to retain control over some of its infrastructure while also taking advantage of the flexibility and scalability of the cloud. This would allow the company to pay for additional compute power as needed and avoid the need to increase its on-premises infrastructure.

  A private cloud is a cloud infrastructure that is operated solely for a single organization. It is not suitable for a company with employees located around the world because it does not provide the flexibility and scalability of a public cloud. A managed security service provider is a third-party that provides security services to an organization. It is not directly related to the company's need to transition to the cloud. A hot backup site is a backup site that is always active and ready to take over in the event of a disaster. It is not related to the company's need to transition to the cloud.