CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 351:

  A security analyst needs to be able to search and correlate logs from multiple sources in a single tool

  Which of the following would BEST allow a security analyst to have this ability?

  A. SOAR

  B. SIEM

  C. Log collectors

  D. Network-attached storage

  Correct Answer: B

  SIEM event correlation is an essential part of any SIEM solution. It aggregates and analyzes log data from across your network applications, systems, and devices, making it possible to discover security threats and malicious patterns of behaviors that otherwise go unnoticed and can lead to compromise or data loss.

• Question 352:

  After reluming from a conference, a user's laptop has been operating slower than normal and overheating and the fans have been running constantly Dunng the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard

  Which of the following attack vectors was exploited to install the hardware?

  A. Removable media

  B. Spear phishing

  C. Supply chain

  D. Direct access

  Correct Answer: D

  DIRECT-ACCESS ATTACKS A direct-access attack is simply gaining physical access to the targeted computer system. This would enable the attacker to damage the hardware and software, to install keyloggers, worms, viruses and covert listening devices or to manually copy sensitive information and data from the device. https://www.interelectronix.com/computer-security.html

• Question 353:

  Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a secunty analyst for further review The security analyst reviews the following metrics:

  

  Which of the following is MOST likely the result of the security analyst's review?

  A. The ISP is dropping outbound connections

  B. The user of the Sales-PC fell for a phishing attack C. Corporate PCs have been turned into a botnet

  D. An on-path attack is taking place between PCs and the router

  Correct Answer: C

  The metrics show a significant increase in both CPU utilization and network connections for all the listed PCs compared to their normal values. This could indicate that the machines are being used for unauthorized activities. The current CPU utilization of all the PCs is significantly higher than the normal CPU utilization. This indicates that the PCs are running a lot of processes, which is a common symptom of a botnet infection. The number of current network connections for all the PCs is also significantly higher than the normal number of network connections. This is another common symptom of a botnet infection. A botnet is a network of computers that have been infected with malware and controlled by a remote attacker. The attacker can use the botnet to carry out a variety of malicious activities, such as sending spam, launching DDoS attacks, or stealing data.

• Question 354:

  A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity modem response team The caller asks the technician to verify the network's internal firewall IP address

  Which of the following 15 the technician's BEST course of action?

  A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller

  B. Ask for the callers name, verify the persons identity in the email directory and provide the requested information over the phone

  C. Write down the phone number of the carter if possible, the name of the person requesting the information hang up. and notify the organization's cybersecurity officer

  D. Request the caller send an email for identity verification and provide the requested information via email to the caller

  Correct Answer: C

  Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.

  In this scenario, the help desk technician should be wary of the person's request as help desk technicians would not have this information. Also, if the person claimed to be from the cybersecurity incident response team, they would more likely to have access to this information anyway, or at least know who to contact.

  For the sake of the technician, it would be best to get as much information as possible and delegate the task of confirming the person's identity to the cybersecurity officer. Even in the very slim chance that it was a legitimate request, it would still be best for the cyber security officer to provide this information instead of a tech.

• Question 355:

  Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

  A. EOL

  B. SLA

  C. MOU

  D. EOSL

  Correct Answer: B

  A document that provides expectations at a technical level for quality, availability, and responsibilities is a Service Level Agreement (SLA). An SLA is a contract between a service provider and a customer that specifies the level of service that the provider will deliver. This typically includes technical details such as uptime, response times, and performance criteria. The SLA is used to ensure that the customer receives the level of service that they have agreed to and that the provider is held accountable for meeting those expectations. Options A, C, and D are not related to the technical level of service expectations. EOL refers to the end of life for a product or service, MOU is a memorandum of understanding, and EOSL is the end of service life.

• Question 356:

  The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?

  A. DLP

  B. USB data blocker

  C. USB OTG

  D. Disabling USB ports

  Correct Answer: B

  The best solution to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations would be to use a USB data blocker. A USB data blocker is a device that can be used to physically block the data pins on a USB cable, preventing data transfer while still allowing the device to be charged. This would prevent employees from accidentally or maliciously transferring sensitive data from their cell phones to the public charging station. Options A, C, and D would not be effective in preventing this type of data exfiltration

• Question 357:

  Several universities are participating m a collaborative research project and need to share compute and storage resources Which of the following cloud deployment strategies would BEST meet this need?

  A. Community

  B. Private

  C. Public

  D. Hybrid

  Correct Answer: A

  Community cloud storage is a variation of the private cloud storage model, which offers cloud solutions for specific businesses or communities. In this model, cloud storage providers offer their cloud architecture, software and other development tools to meet the requirements of the community. A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally.

• Question 358:

  Digital signatures use asymmetric encryption. This means the message is encrypted with:

  A. the sender's private key and decrypted with the sender's public key

  B. the sender's public key and decrypted with the sender's private key

  C. the sender's private key and decrypted with the recipient's public key.

  D. the sender's public key and decrypted with the recipient's private key

  Correct Answer: A

  There are 2 general ways to use asymetric algorithm.

  1 - For communication between 2 hosts: If bob sends a message to Alice, bob uses Alice's public key to encrypt the message, and Alice uses her private key to decrypt the message. 2 - For digital signature/Authentication: If ALice need to

  authenticate Bob, BOB uses his private key to sign the message, and Alice uses the public key of bob to decrypt the message. This process help to make sure the signature is owned by Bob.

  On this example, A is totally correct.

• Question 359:

  An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

  A. Delete the private key from the repository.

  B. Verify the public key is not exposed as well.

  C. Update the DLP solution to check for private keys.

  D. Revoke the code-signing certificate.

  Correct Answer: D

  We need to revoke the code-signing certificate as this is the most secure way to ensure that the comprised key wont be used by attackers. Usually there are bots crawking all over repos searching this kind of human errors.

• Question 360:

  After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analyst are spending a long time to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

  A. CASB

  B. VPC

  C. SWG

  D. CMS

  Correct Answer: A

  CASB vs SWG CASB is the more optimal solution for multiple on premises security solutions CASB services are explicitly designed to fit the needs of large enterprises You can access link and read about it: https://www.gend.co/blog/casb-or-swg-which-is-best-option-for-your-enterprise