CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 401:

  Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

  A. Recovery

  B. Deterrent

  C. Corrective

  D. Detective

  Correct Answer: D

  Detective controls are designed to identify and report on security incidents, such as fraud or misuse of resources, and are best used to reduce losses from fraudulent transactions. Examples of detective controls in an accounting department include regular audits, transaction monitoring, and access logs that track who is making changes to financial records.

• Question 402:

  An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

  A. FRR

  B. Difficulty of use

  C. Cost

  D. FAR

  E. CER

  Correct Answer: D

  The Crossover Error Rate (CER) describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal. CER is also known as the Equal Error Rate (EER). The Crossover Error Rate describes the overall accuracy of a biometric system.

• Question 403:

  After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall policies would be MOST secure for a web server?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: D

• Question 404:

  Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?

  A. Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports

  B. Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced

  C. Placing systems into locked key-controlled containers with no access to the USB ports

  D. Installing an endpoint agent to detect connectivity of USB and removable media

  Correct Answer: B

• Question 405:

  A security analyst receives an alert from trie company's SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192 168.3426. Which of the following describes this type of alert?

  A. True positive

  B. True negative

  C. False positive

  D. False negative

  Correct Answer: C

  True Positive: A legitimate attack which triggers to produce an alarm. You have a brute force alert, and it triggers. You investigate the alert and find out that somebody was indeed trying to break into one of your systems via brute force

  methods.

  False Positive: An event signalling to produce an alarm when no attack has taken place. You investigate another of these brute force alerts and find out that it was just some user who mistyped their password a bunch of times, not a real

  attack.

  False Negative: When no alarm is raised when an attack has taken place. Someone was trying to break into your system, but they did so below the threshold of your brute force attack logic. For example, you set your rule to look for ten failed

  login in a minute, and the attacker did only 9. The attack occurred, but your control was unable to detect it.

  True Negative: An event when no attack has taken place and no detection is made. No attack occurred, and your rule didn't make fire.

• Question 406:

  Which of the following would detect intrusions at the perimeter of an airport?

  A. Signage

  B. Fencing

  C. Motion sensors

  D. Lighting

  E. Bollards

  Correct Answer: C

• Question 407:

  A systems administrator is troubleshooting a server's connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?

  A. ipconfig

  B. ssh

  C. Ping

  D. Netstat

  Correct Answer: D

  A. ipconfig - Just shows you the IP information for your current machine

  B. ssh - this is used for file transfers (ftp etc etc)

  C. ping - this is just to reach out to a node to get a response from it

  https://www.sciencedirect.com/topics/computer-science/listening-port

• Question 408:

  A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:

  

  Which of the following is MOST likely occurring?

  A. XSS attack

  B. SQLi attack

  C. Replay attack

  D. XSRF attack

  Correct Answer: B

  SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. The giveaway here is the 1=1 in the query which is

  essentially creating a condition that will automatically be true.

  ======================

  Helpful Info:

  XSS (Cross-Site Scripting) attacks -a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Replay Attack - a kind of man-in-the-middle attack in which an attacker sniffs messages being sent on a

  channel to intercept them and resend them under the cloak of authentic messages. CSRF (Cross Sit Request Forgery)- attacks that target functionality that causes a state change on the server, such as changing the victim's email address or

  password, or purchasing something.

• Question 409:

  Which of the following explains why RTO is included in a BIA?

  A. It identifies the amount of allowable downtime for an application or system,

  B. It prioritizes risks so the organization can allocate resources appropriately,

  C. It monetizes the loss of an asset and determines a break-even point for risk mitigation.

  D. It informs the backup approach so that the organization can recover data to a known time.

  Correct Answer: A

  RTO = Recovery time objective. "The maximum tolerable length of time that a computer, system, network or application can be down after a failure or disaster occurs." The answer is A.

• Question 410:

  Which of the following describes the continuous delivery software development methodology?

  A. Waterfall

  B. Spiral

  C. V-shaped

  D. Agile

  Correct Answer: D

  Agile seems right. Its a fast paced life cycle which iterates features according to the user's feedback.