CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 411:

  The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs

  Which of the following is the BEST solution to meet the requirement?

  A. Tokenization

  B. Masking

  C. Full disk encryption

  D. Mirroring

  Correct Answer: A

  Tokenization is mainly used to protect data at rest whereas masking is used to protect data in use.

• Question 412:

  An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

  A. Development

  B. Test

  C. Production

  D. Staging

  Correct Answer: D

  The staging environment is an optional environment, but it is commonly used when an organization has multiple production environments. After passing testing, the system moves into staging, from where it can be deployed to the different production systems.

• Question 413:

  A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers Which of the following is the BEST remediation strategy?

  A. Update the base container image and redeploy the environment

  B. Include the containers in the regular patching schedule for servers

  C. Patch each running container individually and test the application

  D. Update the host in which the containers are running

  Correct Answer: A

  In the scenario, the vulnerabilities found were critical meaning that patches would need to be applied immediately.

  The options to patch the containers (B andC) could work, however, patching would likely take months, seeing how this vulnerability is critical, neither would address the concern's urgency.

  The option to update the host (D) also could work, however, the scenario specified that the vulnerabilities have been detected only on some applications and not on the host itself. While a container runs on a host machine, it does not mean

  they share the same vulnerabilities. So updating the host would likely not patch the vulnerabilities that were found in the containers.

  Out of the given options, the option to update on the base container image would 1.) addresses where the vulnerabilities were found and what needs to be updated and 2.) addresses the urgency to patch the critical vulnerability.

• Question 414:

  Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number or virtual servers. They also need to avoid potential dental-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

  A. Dynamic resource allocation

  B. High availably

  C. Segmentation

  D. Container security

  Correct Answer: A

  To maximize system availability and efficiently utilize available computing power, administrators should configure dynamic resource allocation. Dynamic resource allocation is a technique that allows a system to automatically adjust the allocation of resources, such as memory and processing power, to different applications or processes in response to changing workloads or conditions. This can help to ensure that computing resources are used efficiently and that the system is able to respond to changes in demand without encountering performance issues or becoming unavailable.

• Question 415:

  Which of the following control types fixes a previously identified issue and mitigates a risk?

  A. Detective

  B. Corrective

  C. Preventative

  D. Finalized

  Correct Answer: B

• Question 416:

  A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

  A. Adjust the data flow from authentication sources to the SIEM.

  B. Disable email alerting and review the SIEM directly.

  C. Adjust the sensitivity levels of the SIEM correlation engine.

  D. Utilize behavioral analysis to enable the SIEM's learning mode.

  Correct Answer: D

  Utilize behavioral analysis to enable the SIEM's learning mode.

  UBA or User Behavior Analytics and is a threat detection analysis technology that uses AI to understand how users normally behave and then find anomalous activities, which deviate from their normal behavior and may be indicative of a threat.

  For this scenario, the SIEM will first learn what is normal behavior then when a baseline is created, it will know if any of the logins are malicious. Likely determined by when and where the logins are occurring and if it's different from the baseline. This should hopefully reduce the amount of alerts occurring.

• Question 417:

  Which of the following controls is used to make an organization initially aware of a data compromise?

  A. Protective

  B. Preventative

  C. Corrective

  D. Detective

  Correct Answer: D

  Detective control identifies security events that have already occurred. Intrusion detection systems are detective controls.

  =======================

  Preventative Controls - acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place. They are comparing the configurations to a secure guideline to ensure no gaps.

  Meaning they are pre-emptively hardening their systems against future attack vectors.

  Corrective Controls - controls that remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of a corrective control.

  https://purplesec.us/security-controls/

• Question 418:

  An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis?

  A. Provide a domain parameter to theHarvester tool.

  B. Check public DNS entries using dnsenum.

  C. Perform a Nessus vulnerability scan targeting a public company's IP.

  D. Execute nmap using the options: scan all ports and sneaky mode.

  Correct Answer: A

  The package contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

• Question 419:

  An attacker replaces a digitally signed document with another version that foes unnoticed. Upon reviewing the document's contents, the author notices some additional verbaige that was not originally in the document but can't validate an integrity issue. Which of the following attacks was used?

  A. Cryptomalware

  B. Prepending

  C. Collision

  D. Phising

  Correct Answer: C

• Question 420:

  A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions BEST fits this use case?

  A. EDR

  B. DLP

  C. NGFW

  D. HIPS

  Correct Answer: A

  The acronym EDR stands for Endpoint Detection and Response and is also known as EDTR. It is an endpoint security solution that is responsible for continuous monitoring of endpoints. This permanent monitoring enables the technology to detect and respond to cyber threats such as malware or ransomware at an early stage. The basis for this is always the analysis of context-related information, which can be used to make corrective proposals for recovery.