CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 361:

  An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

  A. Perform a mathematical operation on the passwords that will convert them into umgue stnngs

  B. Add extra data to the passwords so their length is increased, making them harder to brute force

  C. Store all passwords in the system in a rainbow table that has a centralized location

  D. Enforce the use of one-time passwords that are changed for every login session.

  Correct Answer: A

  Admin is being advised to hash. A is the definition of hashing

• Question 362:

  An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup but every time the Chief Financial Officer logs in to the file server, the same files are deleted again No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

  A. Logic bomb

  B. Crypto malware

  C. Spyware

  D. Remote access Trojan

  Correct Answer: A

  Logic bomb: a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.

• Question 363:

  Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?

  A. MOU

  B. ISA

  C. SLA

  D. NDA

  Correct Answer: A

  A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high- level roles and responsibilities in management of a cross-domain connection.

  https://csrc.nist.gov/glossary/term/interconnection_security_agreement

• Question 364:

  The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed Which of the following solutions should the SOC consider to BEST improve its response time?

  A. Configure a NIDS appliance using a Switched Port Analyzer

  B. Collect OSINT and catalog the artifacts in a central repository

  C. Implement a SOAR with customizable playbooks

  D. Install a SIEM with community-driven threat intelligence

  Correct Answer: C

  SOAR (Security Orchestration, Automation, and Response) Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level threats. (frees up some of the CSIRT time)

• Question 365:

  An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

  A. CASB

  B. WAF

  C. Load balancer

  D. VPN

  Correct Answer: A

• Question 366:

  An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following should the organization consider before implementation? (Select TWO).

  A. The back-end directory source

  B. The identity federation protocol

  C. The hashing method

  D. The encryption method

  E. The registration authority

  F. The certificate authority

  Correct Answer: BF

• Question 367:

  Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

  A. USB data blocker

  B. Faraday cage

  C. Proximity reader

  D. Cable lock

  Correct Answer: A

  A USB data blocker, also known as a "USB condom" (really, no kidding!), is a device that allows you to plug into USB charging ports including charging kiosks, and USB ports on gadgets owned by other people. The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute any malicious code to access your data.

• Question 368:

  Which of the following is a known security risk associated with data archives that contain financial information?

  A. Data can become a liability if archived longer than required by regulatory guidance

  B. Data must be archived off-site to avoid breaches and meet business requirements

  C. Companies are prohibited from providing archived data to e-discovery requests

  D. Unencrypted archives should be preserved as long as possible and encrypted

  Correct Answer: A

  Data minimization has to be done to decrease liability

• Question 369:

  An organization would like to give remote workers the ability to use applications hosted inside the corporate network Users will be allowed to use their personal computers or they will be provided organization assets Either way no data or applications will be installed locally on any user systems

  Which of the following mobile solutions would accomplish these goals?

  A. VDI

  B. MDM

  C. COPE

  D. UTM

  Correct Answer: A

  MDM would require something to be installed. VDI, virtual desktop infrastructure, would allow employees to use run apps on the company network without installing locally.

• Question 370:

  A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL. https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?

  A. On-path

  B. Domain hijacking

  C. DNS poisoning

  D. Evil twin

  Correct Answer: C

  DNS poisoning - DNS poisoning occurs when hackers gain access to a DNS server and begins to redirect traffic to a different IP address by alternating a DNS record. For this question, DNS poisoning on HTTPS will result in a certificate mismatch error, which means a DNS record has been altered.