CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 361:

  Business partners are working on a secunty mechanism lo validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign encrypt, and decrypt transaction files.

  Which of the following is the BEST solution to adopt?

  A. PKI
  B. Blockchain
  C. SAML
  D. OAuth
  A. PKI

  ---

  Ref the following: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786417(v=ws.11)

• Question 362:

  After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest, Which of the following compliance frameworks would address the compliance team's GREATEST concern?

  A. PCI DSS
  B. GDPR
  C. ISO 27001
  D. NIST CSF
  A. PCI DSS

• Question 363:

  After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software flaw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

  A. The vulnerability scan output
  B. The IDS logs
  C. The full packet capture data
  D. The SIEM alerts
  A. The vulnerability scan output

  ---

  By using a venerability scanner you can check for any points that may have caused the attacker to get their way into the network. They want a list of priority for forensic review. Having the vulnerability scan output would give you a list of potentially machines that could be compromised. If it was the SIEM you wouldn't need that list, just check the alerts.

• Question 364:

  Which of the following biometric authentication methods is the MOST accurate?

  A. Gait
  B. Retina
  C. Signature
  D. Voice
  B. Retina

  ---

  Explanation Explanation/Reference:Retina authentication is the most accurate biometric authentication method. Retina authentication is based on recognizing the unique pattern of blood vessels and other features in the retina. This makes it virtually impossible to duplicate or bypass, making it the most secure form of biometric authentication currently available.

• Question 365:

  Which of the following is a difference between a DRP and a BCP?

  A. A BCP keeps operations running during a disaster while a DRP does not.
  B. A BCP prepares for any operational interruption while a DRP prepares for natural disasters.
  C. BCP is a technical response to disasters while a DRP is operational.
  D. A BCP is formally written and approved while a DRP is not.
  C. BCP is a technical response to disasters while a DRP is operational.

• Question 366:

  An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on other company servers without issue.

  Which of the following is the MOST likely reason for this finding?

  A. The required intermediate certificate is not loaded as part of the certificate chain.
  B. The certificate is on the CRL and is no longer valid.
  C. The corporate CA has expired on every server, causing the certificate to fail verification.
  D. The scanner is incorrectly configured to not trust this certificate when detected on the server.
  A. The required intermediate certificate is not loaded as part of the certificate chain.

• Question 367:

  A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

  A. Evil twin
  B. Jamming
  C. DNS poisoning
  D. Bluesnarfing
  E. DDoS
  A. Evil twin

  ---

  In an Evil Twin attack, the attacker sets up a rogue wireless access point (WAP) with the same SSID as a legitimate WAP to mimic it and trick users into connecting to the rogue WAP. The rogue WAP is configured to perform various malicious activities, such as intercepting sensitive data, stealing credentials, and performing man-in-the-middle attacks. In this scenario, the large amount of sensitive data being downloaded from various mobile devices to an external site is likely being intercepted and exfiltrated by the attacker via the rogue WAP. The "impossible travel times" in successful login attempts indicate that the attacker is likely performing man-in-the-middle attacks, intercepting user login credentials, and using them to access the company's internal resources and download the sensitive data. The presence of two WAPs using the same SSID with non-standard DHCP configurations and overlapping channels suggests the existence of the rogue WAP, which is characteristic of an Evil Twin attack.

• Question 368:

  Which of the following describes the BEST approach for deploying application patches?

  A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.
  B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems
  C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment
  D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment
  A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

  ---

  Explanation Explanation/Reference:A is the only one that was in the correct order. Having a patch in a testing server should be the first to test the patch and only after it has been tested should it be staged. test -> stage -> production. https://oroinc.com/b2b-ecommerce/blog/testing-and-staging-environments-in-ecommerce-implementation/

• Question 369:

  A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

  A. Input validation
  B. Dynamic code analysis
  C. Fuzzing
  D. Manual code review
  B. Dynamic code analysis

• Question 370:

  A penetration tester successfully gained access to a company's network The investigating analyst determines malicious traffic connected through the WAP despite filtering rules being in place. Logging in to the connected switch, the analyst sees the following m the ARP table:

  

  Which of the following cid the penetration tester MOST liely use?

  A. ARP poisoning
  B. MAC cloning
  C. Man in the middle
  D. Evil twin
  A. ARP poisoning