CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 421:

  Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

  A. TTP

  B. OSINT

  C. SOAR

  D. SIEM

  Correct Answer: C

  What is SOAR? SOAR collects data and alerts security teams using a centralized platform similar to SIEM, but SIEM only sends alerts to security analysts. SOAR security, on the other hand, takes it a step further by automating the responses. It uses artificial intelligence (AI) to learn pattern behaviors, which enable it to predict similar threats before they happen. This makes it easier for IT security staff to detect and address threats.

  https://www.fortinet.com/resources/cyberglossary/what-is-soar

• Question 422:

  A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully.

  Which of the following BEST describes the policy that is being implemented?

  A. Time-based logins

  B. Geofencing

  C. Network location

  D. Password history

  Correct Answer: A

  Time based logins should be the answer because Geofencing is accepting or rejecting access requests based on location.

• Question 423:

  An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:

  

  Which of the following BEST describes the type of password attack the attacker is performing?

  A. Dictionary

  B. Pass-the-hash

  C. Brute-force

  D. Password spraying

  Correct Answer: A

• Question 424:

  During a recent security incident at a multinational corporation a security analyst found the following logs for an account called user:

  

  Which of the following account policies would BEST prevent attackers from logging in as user?

  A. Impossible travel time

  B. Geofencing

  C. Time-based logins

  D. Geolocation

  Correct Answer: A

  Impossible Travel is a calculation made by comparing a user's last known location to their current location, then assessing whether the trip is likely or even possible in the time that elapsed between the two measurements. It can calculate the time it would take to travel from New York to Los Angeles and see it would be impossible to accomplish this within a minute.

• Question 425:

  A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

  A. Subject alternative name

  B. Wildcard

  C. Self-signed

  D. Domain validation

  Correct Answer: B

  Wildcard SSL certificates are for a single domain and all its subdomains. A subdomain is under the umbrella of the main domain. Usually subdomains will have an address that begins with something other than 'www.' For example,

  www.cloudflare.com has a number of subdomains, including blog.cloudflare.com, support.cloudflare.com, and developers.cloudflare.com. Each is a subdomain under the main cloudflare.com domain.

  Wildcard SSL Certificate

  A single Wildcard SSL certificate can apply to all of these subdomains. Any subdomain will be listed in the SSL certificate. Users can see a list of subdomains covered by a particular certificate by clicking on the padlock in the URL bar of their

  browser, then clicking on "Certificate" (in Chrome) to view the certificate's details. https://www.cloudflare.com/learning/ssl/types-of-ssl-certificates/

• Question 426:

  While preparing a software Inventory report, a security analyst discovers an unauthorized program installed on most of the company's servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team.

  Which of the following mitigations would BEST secure the server environment?

  A. Revoke the code signing certificate used by both programs.

  B. Block all unapproved file hashes from installation.

  C. Add the accounting application file hash to the allowed list.

  D. Update the code signing certificate for the approved application.

  Correct Answer: A

• Question 427:

  Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

  A. laaS

  B. SaaS

  C. Paas

  D. XaaS

  Correct Answer: B

  The use of a ready-to-use application from a cloud provider is an example of using software as a service (SaaS).

  Software as a service (SaaS) is a type of cloud computing in which an organization uses a software application that is hosted and maintained by a third-party provider. The organization accesses the application over the internet, typically

  through a web browser, and does not need to install or maintain the software on their own servers or devices.

  SaaS, or software as a service, is on-demand access to ready-to-use, cloud- hosted application software.

  https://www.ibm.com/cloud/learn/iaas-paas-saas

• Question 428:

  An organization is planning to roll out a new mobile device policy and issue each employee a new laptop, These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles.

  Which of the following deployment models is being utilized?

  A. MDM and application management

  B. BYOO and containers

  C. COPE and VDI

  D. CYOD and VMs

  Correct Answer: C

  COPE: Corporate-Owned Personally Enabled. The question states that the company is handing out laptops but then they can use them outside of business requirements.

  VDI (Virtual Desktop Infrastructure): You can access Operating Systems Virtually, It's like a whole desktop, but virtual.

  Regarding the question, the employees can access company data through VDI, while being able to use the laptops for personal stuff.

• Question 429:

  A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find requested servers?

  A. nslookup 10.10.10.0

  B. nmap -p 80 10.10.10.0/24

  C. pathping 10.10.10.0 -p 80

  D. no -1 -p 80

  Correct Answer: B

  nmap -p 80 10.10.10.0/24 - Nmap or network mapper is a network discovery and security auditing tool mainly used to find services, hosts, and open ports on a network. In this case, nmap will check for the HTTP port 80.

  ====================================

  Other Choices

  Nslookup - This command queries DNS servers to obtain DNS records

  Pathping - This command provides information about network latency and packet loss at hops between a source and destination. Used for troubleshooting network issues.

• Question 430:

  Server administrator want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently acress a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availiability. Which of the following should administrator configure to maximize system availability while efficiently utilizing available computing power?

  A. Dynamic resource allocation

  B. High availability

  C. Segmentation

  D. Container security

  Correct Answer: A

  To maximize system availability and efficiently utilize available computing power, administrators should configure dynamic resource allocation. Dynamic resource allocation is a technique that allows a system to automatically adjust the allocation of resources, such as memory and processing power, to different applications or processes in response to changing workloads or conditions. This can help to ensure that computing resources are used efficiently and that the system is able to respond to changes in demand without encountering performance issues or becoming unavailable.