CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 341:

  Which of the following will increase cryptographic security?

  A. High data entropy

  B. Algorithms that require less computing power

  C. Longer key longevity

  D. Hashing

  Correct Answer: A

  Entropy is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming language or data structure. The plaintext must be ordered for it to be intelligible to a person, computer processor, or database. One of the requirements of a strong cryptographic algorithm is to produce a disordered ciphertext. Put another way, the ciphertext must exhibit a high level of entropy. If any elements of order from the plaintext persist, it will make the ciphertext vulnerable to cryptanalysis, and the algorithm can be shown to be weak.

• Question 342:

  Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

  A. Implement proper network access restrictions

  B. Initiate a bug bounty program

  C. Classify the system as shadow IT.

  D. Increase the frequency of vulnerability scans

  Correct Answer: A

• Question 343:

  A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?

  A. Public

  B. Community

  C. Hybrid

  D. Private

  Correct Answer: C

  Hybrid cloud refers to a mixed computing, storage, and services environment made up of on-premises infrastructure, private cloud services, and a public cloud--such as Amazon Web Services (AWS) or Microsoft Azure--with orchestration among the various platforms

• Question 344:

  A security analyst is evaluating solutions to deploy an additional layer of protection for a web application The goal is to allow only encrypted communications without relying on network devices Which of the following can be implemented?

  A. HTTP security header

  B. DNSSEC implementation

  C. SRTP

  D. S/MIME

  Correct Answer: A

  When enabled on the server, HTTP Strict Transport Security (HSTS), part of HTTP Security header, enforces the use of encrypted HTTPS connections instead of plain-text HTTP communication.

• Question 345:

  Which of the following would BEST provide detective and corrective controls for thermal regulation?

  A. A smoke detector

  B. A fire alarm

  C. An HVAC system

  D. A fire suppression system

  E. Guards

  Correct Answer: C

  What are the functions of an HVAC system?

  An HVAC system is designed to control the environment in which it works. It achieves this by controlling the temperature (THERMAL) of a room through heating and cooling. It also controls the humidity level in that environment by controlling the movement and distribution of air inside the room. So it provides detective and corrective controls for THERMAL regulation.

• Question 346:

  After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of: A. privilege escalation

  B. footprinting

  C. persistence

  D. pivoting.

  Correct Answer: D

  Pivoting -> The act of an attacker moving from one compromised system to one or more other systems on the network

• Question 347:

  While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

  A. Utilizing SIEM correlation engines

  B. Deploying Netflow at the network border

  C. Disabling session tokens for all sites

  D. Deploying a WAF for the web server

  Correct Answer: A

  The initial compromise was a malicious request on a web server. Moments later the token created with SSO was used on another service, the question does not specify what type of service. Deploying a WAF on the web server will detect the attacker but only on that server. If the attacker issues the same malicious request to get another SSO token correlating that event with using that SSO token in other services would allows to detect the malicious activity.

• Question 348:

  A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

  A. It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future

  B. It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed

  C. It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point

  D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

  Correct Answer: A

  The final phase of the incident response is also called the lessons learned or remediation step.

  =======================

  Phases of the Incident Response Plan:

  1.

  Preparation - Preparing for an attack and how to respond

  2.

  Identification - Identifying the threat

  3.

  Containment - Containing the threat

  4.

  Eradication - Removing the threat

  5.

  Recovery - Recovering affected systems

  6.

  Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.

• Question 349:

  A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents Which of the following backup types should be used?

  A. Snapshot

  B. Differential

  C. Cloud

  D. Full

  E. Incremental

  Correct Answer: A

  A snapshot preserves the state and data of a virtual machine at a specific point in time.

  The state includes the virtual machine's power state (for example, powered-on, powered-off, suspended).

  The data includes all of the files that make up the virtual machine. This includes disks, memory, and other devices, such as virtual network interface cards. A virtual machine provides several operations for creating and managing snapshots

  and snapshot chains. These operations let you create snapshots, revert to any snapshot in the chain, and remove snapshots. You can create extensive snapshot trees.

• Question 350:

  A security analyst wants to fingerpnnt a web server Which of the following tools will the security analyst MOST likely use to accomplish this task?

  A. nmap -p1-65S35 192.168.0.10

  B. dig 192.168.0.10

  C. cur1 --htad http://192.168.0.10

  D. ping 192.168.0.10

  Correct Answer: C

  HTTP/1.1 301 Moved Permanently Server: cloudflare Date: Thu, 01 Sep 2022 22:36:50 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Location: https://1.1.1.1/ CF-RAY: 74417cb04d6b9a50-MFE