CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 391:

  A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

  A. User training

  B. CASB

  C. MDM

  D. DLP

  Correct Answer: B

• Question 392:

  A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen: Please use a combination of numbers, special characters, and letters in the password field. Which of the following concepts does this message describe?

  A. Password complexity

  B. Password reuse

  C. Password history

  D. Password age

  Correct Answer: A

  Password complexity - is the method that obligate users to use passwords this some characteristics.

• Question 393:

  The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.

  Which of the following is the BEST security solution to reduce this risk?

  A. CASB

  B. VPN concentrator

  C. MFA

  D. VPC endpoint

  Correct Answer: A

  The best security solution to reduce the risk of shadow IT and unsanctioned high-risk SaaS applications is a Cloud Access Security Broker (CASB). A CASB is a security solution that is designed to provide visibility and control over cloud applications and services. It can be used to block access to unsanctioned applications and to enforce security policies and compliance requirements for cloud services. In this case, the CASB would be used to block access to unsanctioned high-risk SaaS applications, reducing the risk of shadow IT and helping the organization to maintain control over its cloud environment. Options B, C, and D are not specifically related to reducing the risk of shadow IT and unsanctioned SaaS applications. A VPN concentrator is a network device that is used to manage and terminate VPN connections, MFA is a security control that requires multiple factors for authentication, and a VPC endpoint is a networking feature that allows private access to AWS services.

• Question 394:

  A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization:

  

  Which of the following attacks has taken place?

  A. Domain reputation

  B. Domain hijacking

  C. Disassociation

  D. DNS poisoning

  Correct Answer: D

  DNS server cache poisoning aims to corrupt the records held by the DNS server itself. This can be accomplished by performing DoS against the server that holds the authorized records for the domain, and then spoofing replies to requests from other name servers. Another attack involves getting the victim name server to respond to a recursive query from the attacking host. A recursive query compels the DNS server to query the authoritative server for the answer on behalf of the client.

• Question 395:

  A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

  A. Autopsy

  B. Memdump

  C. FTK imager

  D. Wireshark

  Correct Answer: D

  PCAP or Packet Capture is an interface used for capturing live network packet data. PCAP files like 'host1.pcap' are data files created by network analyzers like Wireshark that are used to collect and record packet data from a network. These

  files which can be used for analyzing the network traffic.

  ==================================

  Other Tools/Options

  (A)

  Autopsy - A platform that provides digital forensic tools

  (B)

  Memdump - The memdump tool is a program that can do memory dumps. A memory dump is the process of taking all data in RAM and storing it on a hard drive for like applications or for the case of a system crash. The memdump tool will dump the contents of physical memory by default.

  (c)

  FTk Imager - Forensic Toolkit (FTK) is forensics software and FTK Imager a tool that can be used to create forensic images. Forensic images is basically a copy of an entire physical hard drive including files, folders etc.

• Question 396:

  An employee received a word processing file that was delivered as an email attachment The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

  A. Embedded Python code

  B. Macro-enabled file

  C. Bash scripting

  D. Credential-harvesting website

  Correct Answer: B

  Phishing emails with a word document attachment typically will have macros that can be ran for malicious purposes. Macros are scripts that can run whatever you want and however many times you want it to run, it's generally used for automating frequently used tasks.

  Since macros can practically do whatever you want, they can be used for malicious purposes such as infecting other files, or downloading/installing other malicious software.

  Macros would normally run as soon as the document is opened but now macros are disabled in Office apps by default so you would need to manually enable marcos on the file for them to run.

• Question 397:

  A Chief Information Security Officer has defined resiliency requirements for a new data center architecture The requirements are as follows

  1.

  Critical fileshares will remain accessible during and after a natural disaster

  2.

  Frve percent of hard disks can fail at any given time without impacting the data.

  3.

  Systems will be forced to shut down gracefully when battery levels are below 20%

  Which of the following are required to BEST meet these objectives? (Select THREE)

  A. Fiber switching

  B. laC

  C. NAS

  D. RAID

  E. UPS

  F. Redundant power supplies

  G. Geographic dispersal

  H. Snapshots

  I. Load balancing

  Correct Answer: DEG

  To BEST meet the objectives described in the question, the following solutions are required:

  D. RAID: Using RAID (Redundant Array of Independent Disks) technology allows for data to be distributed across multiple disks, providing protection against disk failures.

  E. UPS: Using an uninterruptible power supply (UPS) will ensure that systems can shut down gracefully when battery levels are low, protecting against data loss due to sudden power outages.

  G. Geographic dispersal: Spreading critical data across multiple data centers in different geographic locations will ensure that it remains accessible even if one data center is affected by a natural disaster.

• Question 398:

  Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?

  A. Acceptance

  B. Transference

  C. Avoidance

  D. Mitigation

  Correct Answer: A

  The key word in the question is "Legacy". Legacy equipment is no longer supported by the vendor, which means no new patches will ever be released for this equipment again, there is no mitigation here. If a company is using legacy equipment with known risks, they have accepted those risks.

• Question 399:

  A security analyst has been asked by the Chief Information Security Officer to ?develop a secure method of providing centralized management of infrastructure

  1.

  reduce the need to constantly replace aging end user machines

  2.

  provide a consistent user desktop expenence Which of the following BEST meets these requirements?

  A. BYOD

  B. Mobile device management

  C. VDI

  D. Containers ation

  Correct Answer: C

  Virtual Desktop Infrastructure (VDI) is a technology that refers to the use of virtual machines to provide and manage virtual desktops. VDI hosts desktop environments on a centralized server and deploys them to end-users on request.

• Question 400:

  Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

  A. Shut down the VDI and copy off the event logs.

  B. Take a memory snapshot of the running system.

  C. Use NetFlow to identify command-and-control IPs.

  D. Run a full on-demand scan of the root volume.

  Correct Answer: B

  The best way to analyze diskless malware that has infected a VDI would be to take a memory snapshot of the running system. This would capture the state of the system's memory at the time the snapshot was taken, including any malware that may be present in memory. This would allow analysts to examine the malware without running the risk of infecting other systems or allowing the malware to continue operating. Additionally, taking a memory snapshot would allow analysts to examine the malware without shutting down the VDI, which could disrupt other users and potentially cause data loss. Using NetFlow to identify command-and-control IPs and running a full on-demand scan of the root volume would not be as effective in analyzing diskless malware, as they would not provide direct access to the malware itself. Copying off the event logs would also not be as effective, as they may not contain detailed information about the malware.