CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 421:

  The management team has requested that the security team implement 802.1X into the existing wireless network setup. The following requirements must be met: Minimal interruption to the end user Mutual certificate validation

  Which of the following authentication protocols would meet these requirements?

  A. EAP-FAST
  B. PSK
  C. EAP-TTLS
  D. EAP-TLS
  D. EAP-TLS

  ---

  Explanation Explanation/Reference:EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) is an authentication protocol that uses certificates to provide mutual authentication between the client and the authentication server. It also allows for the encryption of user credentials, making EAP-TLS a secure and reliable authentication protocol. According to the CompTIA Security+ SY0-601 Official Text Book, EAP-TLS is well- suited for wireless networks due to its mutual authentication capabilities and its ability to securely store credentials. It is also the preferred authentication protocol for 802.1X wireless networks.

• Question 422:

  An employee used a corporate mobile device during a vacation. Multiple contacts were modified in the device during the employee's vacation. Which of the following attack methods did an attacker use to insert the contacts without having physical access to the device?

  A. Jamming
  B. Bluejacking
  C. Disassociation
  D. Evil twin
  B. Bluejacking

• Question 423:

  An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security For this reason which of the following features should the security team prioritize FIRST?

  A. Low FAR
  B. Low efficacy
  C. Low FRR
  D. Low CER
  C. Low FRR

  ---

  FAR (False Acceptance Rate) FRR (False Rejection Rate) CER (Crossover Error Rate) AKA ERR (Equal Error Rate) since he is willing to sacrifice Security for Customer Service, Best way to understand this is. FAR has to go up in order for FRR to go down. typical business practice is in the middle of both which would be near the CER.

• Question 424:

  A security analyst is reviewing application logs to determine the source of a breach and locates the following log: Which Of the following has been observed?

  

  A. DLL Injection
  B. API attack
  C. SQLI
  D. XSS
  C. SQLI

  ---

  Explanation Explanation/Reference:SQLi (SQL injection) has been observed. SQL injection is a type of cyber attack that involves injecting malicious code into a database through a vulnerable web application. The malicious code is typically designed to manipulate or extract data from the database, allowing the attacker to gain unauthorized access to sensitive information. The log provided in the question appears to be a URL for a login page, with a string of text appended to the end. This string includes the text "or '1'1='1", which is a common syntax used in SQL injection attacks. This indicates that an SQL injection attack may have been attempted or successfully carried out against the website.

• Question 425:

  During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?

  A. 1s
  B. chflags
  C. chmod
  D. lsof
  E. setuid
  C. chmod

  ---

  Explanation Explanation/Reference:Chmod removes the setuido permission, that is, it removes the S bit. Setuido is the specific permission, but it is removed with Chmod. https://www.cbtnuggets.com/blog/technology/system-admin/linux-file-permissions-understanding-setuid-setgid-and-the-sticky-bit

• Question 426:

  A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

  A. CHAP
  B. PEAP
  C. MS-CHAPv2
  D. EAP-TLS
  D. EAP-TLS

  ---

  EAP-TLS is a strong and secure authentication method that involves the use of digital certificates, typically stored on smart cards, for user authentication. It requires the user to present a valid certificate, which is verified by the authentication server, providing a high level of security.

• Question 427:

  HOTSPOT

  For each of the given items, select the appropriate authentication category from the dropdown choices. Instructions: When you have completed the simulation, please select the Done button to submit.

  Hot Area:

  

  

  ---

  Explanation/Reference:

  Something you are includes fingerprints, retina scans, or voice recognition.

  Something you have includes smart cards, token devices, or keys.

  Something you know includes a passwords, codes, PINs, combinations, or secret phrases.

  Somewhere you are includes a physical location s or logical addresses, such as domain name, an IP address, or a MAC address.

  Something you do includes your typing rhythm, a secret handshake, or a private knock.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 285

• Question 428:

  A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?

  A. Detective
  B. Technical
  C. Physical
  D. Operational
  D. Operational

• Question 429:

  A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO)

  A. Create a new network for the mobile devices and block the commurycaton to the intemal network and servers
  B. Use a captive portal for user authentication
  C. Authenticate users using OAuth for more resiliency.
  D. Implement SSO and allow communication to the intemal network.
  E. Use the existing network and allow communscation to the internal network and servers
  F. Use a new and updated RADIUS server to mamntain the best solution
  B. Use a captive portal for user authentication
  C. Authenticate users using OAuth for more resiliency.

• Question 430:

  A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application. Which of the following cloud concepts would BEST these requirements?

  A. SaaS
  B. VDI
  C. Containers
  D. Microservices
  C. Containers

  ---

  Containers are a type of virtualization technology that allow applications to run in a secure, isolated environment on a single host. They can be quickly scaled up or down as needed, making them an ideal solution for unpredictable loads. Additionally, containers are designed to be lightweight and portable, so they can easily be moved from one host to another. Reference: CompTIA Security+ Sy0-601 official Text book, page 863.