CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 371:

  An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

  A. Application allow list

  B. SWG

  C. Host-based firewall

  D. VPN

  Correct Answer: C

  Host-based firewall - This is a firewall on a host where you can configured rules for ports/connections allowed on that specific host.

  As the question specifically is asking for web-server ports to be blocked, it would make more sense to configure rules to block the ports on each web server.

  ========================

  Other Choices:

  Application allow list - A list of applications and application components that are permitted to reside or perform actions on a device SWG(Secure Web Gateway) - A security product that operates between employees and the internet by filtering

  unsafe content from web traffic to stop cyber threats and data breaches. They also block risky or unauthorized user behavior.

  SWGs usually analyses the content of traffic.

  VPN (Virtual Private Network) - A service that establishes a secure encrypted connection between networks over the internet. Hosts connected on the network will behave logically as if they're on the same network even if they are a physically

  not.

• Question 372:

  A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

  A. Accept the risk if there is a clear road map for timely decommission

  B. Deny the risk due to the end-of-life status of the application.

  C. Use containerization to segment the application from other applications to eliminate the risk

  D. Outsource the application to a third-party developer group

  Correct Answer: A

  Accept the risk if there is a clear road map for timely decommission.

  The audit found low-criticality vulnerabilities so, from the organization's perspective, it's not an issue that requires immediate attention. If the organization's understands the level of severity of the vulnerabilities and plans to decommission the

  application when they see fit, then that would be the most prudent(practical) action for them.

  There are still users that are using the application, so there should be time given to notify the users when it is time to decommission the application to minimize disruption.

• Question 373:

  Which of the following control types is focused primarily on reducing risk before an incident occurs?

  A. Preventive

  B. Deterrent

  C. Corrective

  D. Detective

  Correct Answer: A

  "Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of success from the perspective of the attacker".

• Question 374:

  Which of the following is the MOST effective control against zero-day vulnerabilities?

  A. Network segmentation

  B. Patch management

  C. Intrusion prevention system

  D. Multiple vulnerability scanners

  Correct Answer: A

  IPS can only protect against known host and application-based attacks and exploits. IPS inspects traffic against signatures and anomalies, it does cover a broad spectrum of attack types, most of them signature-based, and signatures alone cannot protect against zero-day attacks. (www.rawcode7.medium.com)

  However, with network segmentation, you're able to isolate critical assets into different segments. And when a zero-day attack occurs, you're not at risk of losing all and are able to isolate the attack's effect to one segment.

• Question 375:

  An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organizations requirement?

  A. Perform OSINT investigations

  B. Subscribe to threat intelligence feeds

  C. Submit RFCs

  D. Implement a TAXII server

  Correct Answer: D

  A TAXII server is a client that exchanges standardized and anonymized cyber threat intelligence among users. It works as a venue for sharing and collecting Indicators of compromise, which have been anonymized to protect privacy.

• Question 376:

  An organization is planning lo open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?

  A. Geographic dispersal

  B. Generator power

  C. Fire suppression

  D. Facility automation

  Correct Answer: A

  Placing that datacenter far away, maybe in another country can help protect against disasters like an earthquake

• Question 377:

  An organization has developed an application that needs a patch to fix a critical vulnerability In which of the following environments should the patch be deployed LAST?

  A. Test

  B. Staging

  C. Development

  D. Production

  Correct Answer: D

  Production should be the last place where to apply patches as you have already tested properly

• Question 378:

  An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

  A. On-path attack

  B. Protocol poisoning

  C. Domain hijacking

  D. Bluejacking

  Correct Answer: A

  On path attack is often known as man in the middle.

• Question 379:

  As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

  A. User behavior analysis

  B. Packet captures

  C. Configuration reviews

  D. Log analysis

  Correct Answer: C

• Question 380:

  A company is auditing the manner in which its European customers' personal information is handled Which of the following should the company consult?

  A. GDPR

  B. ISO

  C. NIST

  D. PCI DSS

  Correct Answer: A

  General Data Protection Regulation is a regulation in EU laws that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

  ==============================

  Other Choices:

  ISO (International Organization for Standardization) - An independent, non-governmental organization that develops standards to ensure the quality, safety and efficiency of products, services and systems.

  NIST (National Institute of Standards and Technology) - A non-regulatory US government agency created to develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal

  agencies and the broader public.

  PCI DSS (Payment Card Industry Data Security Standard) - A set of security standards for organizations that handle credit cards from major card schemes.