CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 451:

  A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible causing minimal disruption to the researchers.

  Which of the following contains the BEST course of action in this scenario?

  A. Update the host firewalls to block outbound SMB.

  B. Place the machines with the unapproved software in containment.

  C. Place the unauthorized application in a blocklist.

  D. Implement a content filter to block the unauthorized software communication.

  Correct Answer: C

  B would be the answer if "while causing minimal disruption to the researchers" wasn't part of the question. C is the only choice that makes sense under these conditions

• Question 452:

  Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

  A. Pulverizing

  B. Overwriting

  C. Shredding

  D. Degaussing

  Correct Answer: B

• Question 453:

  The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?

  A. Warm site failover

  B. Tabletop walk-through

  C. Parallel path testing

  D. Full outage simulation

  Correct Answer: B

  Tabletop Walk-through (or plain walkthroughs): Walkthroughs examine the actual steps that take place associated with a process, procedure, or event... Walkthroughs are commonly used by audit personnel to ensure proper processes are

  being followed.

  So this covers confirming the roles with minimal impact to production.

• Question 454:

  Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

  A. Obfuscation

  B. Normalization

  C. Execution

  D. Reuse

  Correct Answer: A

  https://en.wikipedia.org/wiki/Obfuscation_(software)

• Question 455:

  Which of the following is the BEST action to foster a consistent and auditable incident response process?

  A. Incent new hires to constantly update the document with external knowledge.

  B. Publish the document in a central repository that is easily accessible to the organization.

  C. Restrict eligibility to comment on the process to subject matter experts of each IT silo.

  D. Rotate CIRT members to foster a shared responsibility model in the organization.

  Correct Answer: B

  Not sure if shared responsibility promotes consistency. In reality, It feels more like each member will have varying sense of responsibility, and sharing them does not help with auditing in terms of individual accountability. Shared responsibility make sense in Cloud Services, although there is still a clear line drawn between the Provider and the Customer responsibility.

  On the other hand, well documented policies and procedure ensure everyone follow the same step-by-step action repeatedly without fail, and can be easily be audited (authoritatively) as required.

• Question 456:

  Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?

  A. DLP

  B. NIDS

  C. TPM

  D. FDE

  Correct Answer: A

  Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network

• Question 457:

  Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

  A. Hashing

  B. Tokenization

  C. Masking

  D. Encryption

  Correct Answer: A

  Hashing, is the answer. Why? Because, with Hashing the tool can identify a credential without knowing the exact credential , by a mathematical method (ex: multiply the credential by a number, and all different credentials have different results). comparing the Hashing of the local credential with the Hashing of the web credentials the tool can extrapolate if the credential was compromised.

  https://resources.infosecinstitute.com/topic/10-popular-password-cracking-tools/

• Question 458:

  Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered thai medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

  A. Personal health information

  B. Personally Identifiable Information

  C. ToKenized data

  D. Proprietary data

  Correct Answer: A

  Protected health information PHI is a subset of PII, but it specifically refers to health information shared with HIPAA covered entities. Medical records, lab reports, and hospital bills are PHI, along with any information relating to an individual's past, present, or future physical or mental health.

• Question 459:

  During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

  A. dd

  B. memdump

  C. tcpdump

  D. head

  Correct Answer: A

  The analyst can use dd to continue the investigation and also return the laptop to the user as soon as possible. dd is a command-line utility that is used to create a disk image of a storage device. By creating a disk image of the laptop using dd, the analyst can preserve the current state of the device and continue the investigation without disrupting the user or altering the contents of the laptop. This would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible. memdump, tcpdump, and head are not directly related to creating a disk image of a storage device and would not be effective for continuing the investigation while also returning the laptop to the user.

• Question 460:

  An audit Identified Pll being utilized In the development environment of a critical application. The Chief Privacy Officer (CPO) Is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?

  A. Data anonymlzallon

  B. Data encryption

  C. Data masking

  D. Data tokenization

  Correct Answer: C

  Data masking refers to modifying data to hide the original content. The primary reason to do so is to protect sensitive information such as PII. The process retains usable data but converts it to inauthentic data.