CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 381:

  A company is auditing the manner in which its European customers' personal information is handled Which of the following should the company consult?

  A. GDPR
  B. ISO
  C. NIST
  D. PCI DSS
  A. GDPR

  ---

  General Data Protection Regulation is a regulation in EU laws that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ============================== Other Choices: ISO (International Organization for Standardization) - An independent, non-governmental organization that develops standards to ensure the quality, safety and efficiency of products, services and systems. NIST (National Institute of Standards and Technology) - A non-regulatory US government agency created to develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. PCI DSS (Payment Card Industry Data Security Standard) - A set of security standards for organizations that handle credit cards from major card schemes.

• Question 382:

  A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.

  You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incident responses.

  Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all

  actions may be used, and order is not important. If at anytime you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit.

  Once the simulation is submitted, please select the Next button to continue.

  

  Correct Answer. Check the explanation below
  Check the explanation below

  ---

  Explanation/Reference:

  Database server was attacked; actions should be to capture network traffic and Chain of Custody.

  (The database server logs shows the Audit Failure and Audit Success attempts)It is only logical that all the logs will be stored on the database server and the least disruption action on the network to take as a response to the incident would be

  to check the logs (since these are already collected and stored) and maintain a chain of custody of those logs.

  

  

  IDS Server Log:

  

  Web Server Log:

  

  

  Database Server Log:

  

  Users PC Log:

  

• Question 383:

  A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

  A. Preventive
  B. Compensating
  C. Corrective
  D. Detective
  D. Detective

• Question 384:

  Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?

  A. To avoid data leakage
  B. To protect surveillance logs
  C. To ensure availability
  D. To facilitate third-party access
  C. To ensure availability

  ---

  Explanation Explanation/Reference:"HVACKer attacks are only useful for relaying commands into an air-gapped network, but not for stealing data. While malware can control a computer's heat emissions, *HVAC units are not equipped with enough accurate temperature sensors to pick up data* from a computer's almost indiscernible heat emissions."

• Question 385:

  Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

  A. Weak configurations
  B. Integration activities
  C. Unsecure user accounts
  D. Outsourced code development
  A. Weak configurations

  ---

  Customers who are involved with Ul developer agreements should be concerned with weak configurations when considering the use of these products on highly sensitive projects. Weak configurations can lead to security vulnerabilities, which can be exploited by malicious actors. It is important to ensure that all configurations are secure and up-to-date in order to protect sensitive data. Source: UL

• Question 386:

  Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)

  A. Unsecure protocols
  B. Use of penetration-testing utilities
  C. Weak passwords
  D. Included third-party libraries
  E. Vendors/supply chain
  F. Outdated anti-malware software
  D. Included third-party libraries
  E. Vendors/supply chain

  ---

  E. Vendors/supply chain: Supply chain attacks, where attackers compromise vendors or suppliers to introduce vulnerabilities into the software supply chain, are a significant concern. This can result in vulnerable code making its way into the final software releases. D. Included third-party libraries: Third-party libraries are often used in software development to expedite the process. However, if these libraries contain vulnerabilities or are not kept up-to-date, they can introduce security flaws into the software.

• Question 387:

  An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

  A. The business continuity plan
  B. The risk management plan
  C. The communication plan
  D. The incident response plan
  A. The business continuity plan

  ---

  When an organization faces a disruptive event such as a natural disaster that impacts its normal operations, the business continuity plan (BCP) is the most likely plan to be consulted. The business continuity plan outlines the strategies, processes, and procedures that need to be followed to ensure essential business functions can continue or be rapidly resumed during and after the disaster or disruptive event. It addresses how the organization will recover and restore critical business operations and services in an alternative workspace or temporary location.

• Question 388:

  The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?

  A. GDPR compliance attestation
  B. Cloud Security Alliance materials
  C. SOC 2 Type 2 report
  D. NIST RMF workbooks
  C. SOC 2 Type 2 report

  ---

  Explanation Explanation/Reference:GDPR related to EU nothing in question to say they are in EU. SOC type 2 : tests security controls in place https://www.itgovernance.co.uk/soc-reporting

• Question 389:

  After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext across the network to access network devices over port 23. Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configuring network devices?

  A. SSH
  B. SNMPv3
  C. SFTP
  D. Telnet
  E. FTP
  A. SSH

  ---

  Explanation Explanation/Reference:SSH (22) Port 23 (Telnet) and Port 22 (SSH) are network protocols used to remotely access and manage systems however telnet does not encrypt the connection so captured traffic appears in cleartext whereas an ssh connection would be encrypted. ========================= SNMP (Simple Network Management Protocol) - is a protocol for collecting and organizing information about managed devices on networks. Devices that typically support SNMP include servers/desktops, routers, switches, etc. SFTP (Secure File Transfer Protocol) is a secure file transfer protocol that uses SSH encryption to securely sending and receiving file transfers. FTP (File Transfer Protocol) - For file transfers

• Question 390:

  A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

  

  Which of the following BEST explains this type of attack?

  A. DLL injection to hijack administrator services B. SQL on the field to bypass authentication
  C. Execution of a stored XSS on the website
  D. Code to execute a race condition on the server
  C. Execution of a stored XSS on the website