CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 401:

  Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

  A. Watering-hole attack
  B. Credential harvesting
  C. Hybrid warfare
  D. Pharming
  A. Watering-hole attack

  ---

  Explanation Explanation/Reference:An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

• Question 402:

  Which of the following should be addressed first on security devices before connecting to the network?

  A. Open permissions
  B. Default settings
  C. API integration configuration
  D. Weak encryption
  B. Default settings

  ---

  Before connecting security devices to the network, it is crucial to address default settings first. Manufacturers often ship devices with default settings that include default usernames, passwords, and configurations. These settings are widely known and can be easily exploited by attackers. Changing default settings helps to secure the device and prevent unauthorized access. Reference: CompTIA Security+ SY0-501 Exam Objectives, Section 3.2: "Given a scenario, implement secure systems design." (https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf)

• Question 403:

  Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

  A. Tabletop
  B. Parallel
  C. Full interruption
  D. Simulation
  A. Tabletop

  ---

  Explanation Explanation/Reference:Its Tabletop exercise , the simulation is more time consuming.Tabletop , is the cheapest and fastets, after walktrough(from memory) and then simulation (more recources, tedious,time consuming)

• Question 404:

  While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team.

  Which of the following mitigations would BEST secure the server environment?

  A. Revoke the code signing certificate used by both programs.
  B. Block all unapproved file hashes from installation.
  C. Add the accounting application file hash to the allowed list.
  D. Update the code signing certificate for the approved application.
  A. Revoke the code signing certificate used by both programs.

• Question 405:

  A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

  A. Open-source intelligence
  B. Bug bounty
  C. Red team
  D. Penetration testing
  B. Bug bounty

  ---

  Bug bounty programs are initiatives where organizations invite external security researchers or "white-hat" hackers to find and report security vulnerabilities in their systems. Researchers are rewarded with compensation based on the severity and impact of the discovered vulnerabilities.

• Question 406:

  A news article states hackers have been selling access to IoT camera feeds. Which of the following is the Most likely reason for this issue?

  A. Outdated software
  B. Weak credentials
  C. Lack of encryption
  D. Backdoors
  B. Weak credentials

  ---

  Explanation Explanation/Reference:Most of the IoT devices have the same password given by the manufacturer. In my opinion B (Weak credentials) is the most common point of attack.

• Question 407:

  A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

  A. RAID
  B. UPS
  C. NIC teaming
  D. Load balancing
  C. NIC teaming

• Question 408:

  A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan Types would produce the BEST vulnerability scan report?

  A. Port
  B. Intrusive
  C. Host discovery
  D. Credentialed
  D. Credentialed

  ---

  You'll get the most access and therefore the best intel regarding vulnerabilities if you have credentials to access the system.

• Question 409:

  Asecurity engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses

  Which of the following will the engineer MOST likely recommend?

  A. A content filter
  B. A WAF
  C. A next-generation firewall
  D. An IDS
  B. A WAF

  ---

  A next-generation firewall (NGFW) offers advanced capabilities, including application awareness, protocol inspection, intrusion prevention, and deep packet inspection. These features make NGFWs well-suited to identify and block malicious actors misusing protocols and ensure that they do not bypass network defenses.

• Question 410:

  Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time?

  A. PoC
  B. Production
  C. Test
  D. Development
  A. PoC