CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 441:

  A Chief Security Officer (CSO) has asked a technician to devise a solution that can detect unauthorized execution privileges from the OS in both executable and data files and can work in conjunction with proxies or UTM. Which of the following would BEST meet the CSO's requirements?

  A. Fuzzing
  B. Sandboxing
  C. Static code analysis
  D. Code review
  B. Sandboxing

  ---

  What is a sandbox? A sandbox can be defined as an isolated environment in a computer system or on a network that is designed and developed to mimic end user operating system (OS) and environments, so as to detect unauthorized execution privileges from the operating system (OS). In cybersecurity, sandboxing is typically used to safely execute suspicious code and data files without causing any harm to the host device or network. Also, sandboxing can work in conjunction with proxies or unified threat management (UTM).

• Question 442:

  Which of the following is the best reason to complete an audit in a banking environment?

  A. Regulatory requirement
  B. Organizational change
  C. Self-assessment requirement
  D. Service-level requirement
  A. Regulatory requirement

  ---

  Banks operate in a highly regulated industry, and regulatory bodies impose various requirements to ensure compliance, security, and transparency. Audits are often mandated by regulatory authorities to assess the bank's adherence to regulations, identify any non-compliance issues, and ensure the protection of customer assets and sensitive information. Completing audits helps banks meet regulatory requirements, maintain their license to operate, and avoid potential penalties or legal consequences.

• Question 443:

  A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

  A. Enable HIDS on all servers and endpoints.
  B. Disable unnecessary services.
  C. Configure the deny list appropriately on the NGFW.
  D. Ensure the antivirus is up to date.
  A. Enable HIDS on all servers and endpoints.

• Question 444:

  A manufacturer creates designs for very high security products that are required to be protected and controlled

  A. Session replay
  B. Evil twin
  C. Bluejacking
  D. ARP poisoning
  B. Evil twin

• Question 445:

  SIMULATION

  A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

  INSTRUCTIONS

  Click on each firewall to do the following:

  1. Deny cleartext web traffic.

  2. Ensure secure management protocols are used.

  3. Resolve issues at the DR site.

  The ruleset order cannot be modified due to outside constraints.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Firewall 3

  Hot Area:

  

  

  ---

  Explanation/Reference:

  Firewall 3:

  DNS Rule: ANY ->; ANY ->; DNS ->; PERMIT HTTPS Outbound: 192.168.0.1/24 ->; ANY ->; HTTPS ->; PERMIT Management: ANY ->; ANY ->; SSH ->; PERMIT HTTPS Inbound: ANY ->; ANY ->; HTTPS ->; PERMIT HTTP Inbound: ANY ->; ANY ->; HTTP ->; DENY

  

• Question 446:

  Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

  A. Chain of custody
  B. Legal hold
  C. Event log
  D. Artifacts
  A. Chain of custody

  ---

  A chain of custody is a chronological paper trail documenting when, how, and by whom individual items of physical or electronic evidence--such as cell phone logs--were collected, handled, analyzed, or otherwise controlled during an investigation.

• Question 447:

  Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log m to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Select TWO)

  A. COPE
  B. VDI
  C. GPS
  D. TOTP
  E. RFID
  F. BYOD
  B. VDI
  E. RFID

  ---

  B. is the Virtual Desktop Infrastructure that presents their login session to whatever terminal they're at E. is the RFID component of their badge which they tap on a reader to sign in or out of a thin client. The other options are unrelated to any of this.

• Question 448:

  An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?

  A. SDLC
  B. VLAN
  C. SDN
  D. SDV
  C. SDN

  ---

  SDN stands for software-defined networking, which is an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network. SDN decouples the network control plane from the data plane, enabling centralized management and programmability of network resources. SDN can help an engineer use scripting to deploy a network in a cloud environment by allowing them to define and automate network policies, configurations, and services through software commands. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia- security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html

• Question 449:

  A security analyst needs to implement an MDM solution for BYOD users that willallow the company to retain control over company emails residing on the devices andlimit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO).

  A. Full-device encryption
  B. Network usage rules
  C. Geofencing
  D. Containerization
  E. Application whitelisting
  F. Remote control
  D. Containerization
  F. Remote control

• Question 450:

  A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

  A. FDE
  B. NIDS
  C. EDR
  D. DLP
  C. EDR

  ---

  EDR (Endpoint Detection and Response) is the most suitable solution among the given options for detecting the presence of a rootkit. EDR solutions continuously monitor and collect data from endpoints, looking for suspicious activities and behavior patterns that might indicate the presence of malware, including rootkits. They also provide tools for investigating and responding to security incidents, making them effective for dealing with sophisticated threats that can evade traditional antivirus solutions.