CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 331:

  After a recent security breach a security analyst reports that several admimstratrve usemames and passwords are being sent via cieartext across the network to access network devices over prot 23 Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configunng network devices?

  A. SSH

  B. SNMPv3

  C. SFTP

  D. Telnet

  E. FTP

  Correct Answer: A

  Port 23 (Telnet) and Port 22 (SSH) are network protocols used to remotely access and manage systems however telnet does not encrypt the connection so captured traffic appears in cleartext whereas an ssh connection would be encrypted. =========================

  SNMP (Simple Network Management Protocol) - is a protocol for collecting and organizing information about managed devices on networks. Devices that typically support SNMP include servers/desktops, routers, switches, etc.

  SFTP (Secure File Transfer Protocol) is a secure file transfer protocol that uses SSH encryption to securely sending and receiving file transfers.

  FTP (File Transfer Protocol) - For file transfers

• Question 332:

  Field workers in an organization are issued mobile phones on a daily basis All the work is performed within one city and the mobile phones are not used for any purpose other than work The organization does not want these pnones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the pnones do not need to be reissued every day Qven the conditions described, which of the following technologies would BEST meet these requirements'

  A. Geofencing

  B. Mobile device management

  C. Containenzation

  D. Remote wiping

  Correct Answer: B

  MDM is the best solution here, Company wants to issue a COBO device therefore no containerization < - tailored to BYOD

  Geofencing and remote wiping are capabilites that are provided by an MDM solution

• Question 333:

  Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

  A. CVSS

  B. SIEM

  C. SOAR

  D. CVE

  Correct Answer: A

  CVSS is maintained by the Forum of Incident Response and Security Teams (first.org/cvss). CVSS metrics generate a score from 0 to 10 based on characteristics of the vulnerability, such as whether it can be triggered remotely or needs local access, whether user intervention is required, and so on

• Question 334:

  Which of the following employee roles is responsible for protecting an organization's collected personal information?

  A. CTO

  B. DPO

  C. CEO

  D. DBA

  Correct Answer: B

  Many companies also have a data protection officer or DPO. This is a higher-level manager who is responsible for the organization's overall data privacy policies. https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/dataroles-and- responsibilities/#:~:text=Many%20companies%20also%20have%20a,organization's%20ov erall%20data%20privacy%20policies.

• Question 335:

  A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?

  A. DNS poisoning

  B. MAC flooding

  C. DDoS attack

  D. ARP poisoning

  Correct Answer: C

  Most denial of service (DoS) attacks against websites and gateways are distributed DoS (DDoS). This means that the attack is launched from multiple hosts simultaneously. Typically, a threat actor will compromise machines to use as handlers in a command and control network. The handlers are used to compromise hundreds or thousands or millions of hosts with DoS tools (bots) forming a botnet.

  The internal network has not been affected by the attack.

• Question 336:

  Which of the following terms describes a broad range of information that is sensitive to a specific organization?

  A. Public

  B. Top secret

  C. Proprietary

  D. Open-source

  Correct Answer: C

  Proprietary information, also known as a trade secret, is information a company wishes to keep confidential

• Question 337:

  A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days.

  The administrator runs an analysis tool and sees the following output:

  ==3214== timeAttend.exe analyzed

  ==3214== ERROR SUMMARY:

  ==3214== malloc/free: in use at exit: 4608 bytes in 18 blocks.

  ==3214== checked 82116 bytes

  ==3214== definitely lost: 4608 bytes in 18 blocks.

  The administrator terminates the timeAttend.exe, observes system performance over the next few days, and notices that the system performance does not degrade.

  Which of the following issues is MOST likely occurring?

  A. DLL injection

  B. API attack

  C. Buffer oveiflow

  D. Memory leak

  Correct Answer: D

  Definitely memory leak ' key sentence' -> The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days. Memory leak occurs when programmers create a memory in heap and forget to delete it.

  The consequences of memory leak is that it reduces the performance of the computer by reducing the amount of available memory. Eventually, in the worst case, too much of the available memory may become allocated and all or part of the system or device stops working correctly, the application fails, or the system slows down vastly .

• Question 338:

  A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfilltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the exfilltrated credentials?

  A. MFA

  B. Lockout

  C. Time-based logins

  D. Password history

  Correct Answer: A

  The CISO should use MFA (multi-factor authentication) to prevent someone from using the exfiltrated credentials.

  MFA is a security measure that requires multiple forms of authentication to access a system or data. MFA typically involves the use of two or more of the following factors: something the user knows (e.g. a password or PIN), something the user has (e.g. a security token or smart card), or something the user is (e.g. a biometric characteristic). By requiring multiple forms of authentication, MFA helps to prevent unauthorized access to a system or data, even if a user's credentials are exfiltrated. The report delivered to the CISO indicates that some user credentials could be exfiltrated, and that users tend to choose the same credentials on different systems and applications. This means that if an attacker were to obtain a user's credentials, they could potentially use them to gain access to multiple systems or applications. MFA would help to prevent this by requiring additional forms of authentication, making it more difficult for an attacker to gain access to a system or data.

• Question 339:

  An IT manager is estimating the mobile device budget for the upcoming year Over the last five years, the number of devices that were replaced due to loss damage or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

  A. ALE

  B. ARO

  C. RPO

  D. SLE

  Correct Answer: B

  ARO - annualized rate of occurrence is a representation of the frequency of the event, measured in a standard year. In our case number of the defecive device per year. Annual loss expectancy (ALE) is the loss (amount of money) due ARO.

• Question 340:

  An organization has activated an incident response plan due to a malware outbreak on its network The organization has brought in a forensics team that has identified an internet- facing Windows server as the likely point of initial compromise The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code Which of the following actions would be BEST to prevent reinfection from the initial infection vector?

  A. Prevent connections over TFTP from the internal network

  B. Create a firewall rule that blocks port 22 from the internet to the server

  C. Disable file shanng over port 445 to the server

  D. Block port 3389 inbound from untrusted networks

  Correct Answer: D

  The SMB Protocol (in all its version) doesn't provide functionality to execute files at the remote systems. Its main objective is to support the sharing of file and print resource between machines.

  The only feasible option left is loggin through RDP and manually executing the file.