CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 391:

  The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

  A. A script kiddie
  B. Shadow IT
  C. Hacktivism
  D. White-hat
  B. Shadow IT

  ---

  Shadow IT solutions increase risks with organizational requirements for control, documentation, security, reliability, etc - https://en.wikipedia.org/wiki/Shadow_IT

• Question 392:

  Which of the following roles would MOST likely have direct access to the senior management team?

  A. Data custodian
  B. Data owner
  C. Data protection officer
  D. Data controller
  D. Data controller

• Question 393:

  A security analyst has identified malware spreading through the corporate network and has activated the CSIRT Which of the following should the analyst do NEXT?

  A. Review how the malware was introduced to the network.
  B. Attempt to quarantine all infected hosts to limit further spread.
  C. Create help desk tickets to get infected systems reimaged.
  D. Update all endpoint antivirus solutions with the latest updates.
  B. Attempt to quarantine all infected hosts to limit further spread.

  ---

  Phases in the Incident Response Plan 1. Preparation: The organization plans out how they will respond to attack, this can involve: 2. Identification: Detecting and determining whether an incident has occurred. 3. Containment: Once a threat has been identified, the organization must limit or prevent any further damage. 4. Eradication: The removal of the threat 5. Recovery: Restoring systems affected by the incident 6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack

• Question 394:

  Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

  A. A biometric scanner
  B. A smart card reader
  C. A PKI token
  D. A PIN pad
  A. A biometric scanner

• Question 395:

  A security analyst is evaluating solutions to deploy an additional layer of protection for a web application The goal is to allow only encrypted communications without relying on network devices Which of the following can be implemented?

  A. HTTP security header
  B. DNSSEC implementation
  C. SRTP
  D. S/MIME
  A. HTTP security header

  ---

  When enabled on the server, HTTP Strict Transport Security (HSTS), part of HTTP Security header, enforces the use of encrypted HTTPS connections instead of plain-text HTTP communication.

• Question 396:

  A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed on the recent so the customer can log in.

  Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

  A. WPA-EAP
  B. WEP-TKIP
  C. WPA-PSK
  D. WPS-PIN
  C. WPA-PSK

  ---

  (WPA-EAP) requiring a RADIUS server for authentication. This might be overkill for a coffee shop's guest network and could introduce more overhead than necessary.

• Question 397:

  A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application.

  The security administrator isolated the switch on a separate VLAN and set up a patch routine. Which of the following steps should also be taken to harden the smart switch?

  A. Set up an air gap for the switch.
  B. Change the default password for the switch.
  C. Place the switch In a Faraday cage.
  D. Install a cable lock on the switch
  B. Change the default password for the switch.

  ---

  A. Set up an air gap for the switch. - it uses cloud monitoring, this doesn't work B. Change the default password for the switch. - only one that makes sense, seems to easy, but the other answers are ridiculous given the information. C. Place the switch in a Faraday cage. - this is a red haring D. Install a cable lock on the switch. - you don't do this with switches, like physically locking a switch in place - you could put cable locks on the individual patch cable, but not the switch itself, this is typically secured behind a locked door or locked rack door.

• Question 398:

  During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?

  A. Updating the CRL
  B. Patching the CA
  C. Changing passwords
  D. Implementing SOAR
  B. Patching the CA

• Question 399:

  A security administrator needs to publish multiple application URLs that will run on different internal web servers but use only one external IP address. Which of the following is the best way for the administrator to achieve this goal?

  A. Jump server
  B. Reverse proxy
  C. MAC filtering
  D. Source NAT
  B. Reverse proxy

• Question 400:

  The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

  A. Account audits
  B. AUP
  C. Password reuse
  D. SSO
  A. Account audits

  ---

  Account audits are periodic reviews of user accounts to ensure that they are being used appropriately and that access is being granted and revoked in accordance with the organization's policies and procedures. If the compliance team had been conducting regular account audits, they would have identified the users who left the company six months ago and ensured that their access was revoked in a timely manner. This would have prevented the compliance violation caused by these users still having access to the company's systems. To prevent this compliance violation, the company should implement account audits. An account audit is a regular review of all user accounts to ensure that they are being used properly and that they are in compliance with the company's security policies. By conducting regular account audits, the company can identify inactive or unused accounts and remove access for those users. This will help to prevent compliance violations and ensure that only authorized users have access to the company's systems and data.