CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 311:

  While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:

  

  Which of the following attack types best describes the root cause of the unusual behavior?

  A. Server-side request forgery
  B. Improper error handling
  C. Buffer overflow
  D. SQL injection
  D. SQL injection

  ---

  SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input12. A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system3. According to the pseudocode given in the question, the application takes a user input for display name and concatenates it with a SQL query to update the user's profile. This is a vulnerable practice that allows an attacker to inject malicious SQL code into the query and execute it on the database. For example, an attacker could enter something like this as their display name: John'; DROP TABLE users; -This would result in the following SQL query being executed: UPDATE profile SET displayname = 'John'; DROP TABLE users; --' WHERE userid = 1; The semicolon (;) terminates the original update statement and starts a new one that drops the users table. The double dash (? comments out the rest of the query. This would cause a catastrophic loss of data for the application.

• Question 312:

  After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time.

  Which of the following BEST explains what happened?

  A. The unexpected traffic correlated against multiple rules, generating multiple alerts.
  B. Multiple alerts were generated due to an attack occurring at the same time.
  C. An error in the correlation rules triggered multiple alerts.
  D. The SIEM was unable to correlate the rules, triggering the alerts.
  A. The unexpected traffic correlated against multiple rules, generating multiple alerts.

  ---

  The unexpected traffic correlated against multiple rules, generating multiple alerts.

• Question 313:

  An organization's finance department is implementing a policy to protect against collusion. Which of the following control types and corresponding procedures should the organization implement to fulfill this policy's requirement? (Select TWO).

  A. Corrective
  B. Deterrent
  C. Preventive
  D. Mandatory vacations
  E. Job rotation
  F. Separation of duties
  D. Mandatory vacations
  E. Job rotation

• Question 314:

  An attacker is attempting to exploit users by creating a fake website with the URL users. Which of the following social-engineering attacks does this describe?

  A. Information elicitation
  B. Type squatting
  C. Impersonation
  D. Watering-hole attack
  D. Watering-hole attack

  ---

  Explanation Explanation/Reference:It's really the only logical answer. Everything else is more plausible to eliminate. Information elicitation is done directly in-person, meaning it's typically conversational in nature. Impersonation centers around PERSONS, not websites. You can't impersonate websites; you can only create similar-looking ones. Water-hole attacks are performed on third-party websites one suspects the targeted organization uses; this can't be the case here if the attacker created the website themselves. That leaves typosquatting. While it doesn't explicitly say it's a misspelling of another website, we can't outright rule out that possibility either. It's literally the only applicable answer for creating a website that imitates a legitimate one, after all, and it implies it's not the original site by saying it's emulating the "look and feel of a legitimate website." Either way, it's ridiculously ambiguous. I'm hoping CompTIA weights answers so that not ALL of them award zero points. https://www.kaspersky.com/resource-center/definitions/what-is-typosquatting

• Question 315:

  After entering a username and password, and administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

  A. Multifactor authentication
  B. Something you can do
  C. Biometric
  D. Two-factor authentication
  B. Something you can do

  ---

  The something you can do authentication factor refers to actions you can take such as gestures on a touch screen. As an example, Microsoft Windows 10 supports picture passwords. Users first select a picture, and then they can add three gestures as their picture password. Gestures include tapping in specific places on the picture, drawing lines between items with a finger, or drawing a circle around an item such as someone's head. After registering the picture and their gestures, users repeat these gestures to log on again later.

• Question 316:

  A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

  A. MOU
  B. SLA
  C. EOL
  D. NDA
  B. SLA

• Question 317:

  A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

  A. Physical
  B. Detective
  C. Preventive
  D. Compensating
  D. Compensating

  ---

  Explanation Explanation/Reference:To reduce the risk created by this situation, compensating controls should be used. Compensating controls are alternative measures that can be put in place when a primary control is not feasible or effective. These controls are designed to compensate for the lack of a primary control and reduce the risk to an acceptable level. In this case, the company could implement compensating controls such as increasing the frequency of security audits, implementing intrusion detection systems, and restricting access to sensitive data.

• Question 318:

  A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?

  A. Insider threat
  B. RAT
  C. Backdoor
  D. Skimming
  E. NFC attack
  D. Skimming

• Question 319:

  The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?

  A. DLP
  B. USB data blocker
  C. USB OTG
  D. Disabling USB ports
  B. USB data blocker

  ---

  Explanation Explanation/Reference:The best solution to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations would be to use a USB data blocker. A USB data blocker is a device that can be used to physically block the data pins on a USB cable, preventing data transfer while still allowing the device to be charged. This would prevent employees from accidentally or maliciously transferring sensitive data from their cell phones to the public charging station. Options A, C, and D would not be effective in preventing this type of data exfiltration

• Question 320:

  A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:

  A. Loss of proprietary information
  B. Damage to the company's reputation
  C. Social engineering
  D. Credential exposure
  A. Loss of proprietary information