CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 461:

  A worldwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil.

  Which of the following account policies would BEST prevent this type of attack?

  A. Network location
  B. Impossible travel time
  C. Geolocation
  D. Geofencing
  B. Impossible travel time

  ---

  Impossible travel time is a policy: https://docs.microsoft.com/en-us/defender-cloud-apps/anomaly-detection-policy

• Question 462:

  Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and It has continues to evade detection. Which of the following should administrator implement to protect the environment from this malware?

  A. Install a definition-based antivirus.
  B. Implement an IDS/IPS
  C. Implement a heuristic behavior-detection solution.
  D. Implement CASB to protect the network shares.
  C. Implement a heuristic behavior-detection solution.

  ---

  Heuristic analysis is also one of the few methods capable of combating polymorphic viruses -- the term for malicious code that constantly changes and adapts. Heuristic analysis is incorporated into advanced security solutions offered by companies like Kaspersky Labs to detect new threats before they cause harm, without the need for a specific signature. https://usa.kaspersky.com/resource-center/definitions/heuristic-analysis

• Question 463:

  A Chief Executive Officer (CEO) is dissatisfied with the level of service from the company's new service provider. The service provider is preventing the CEO from sending email from a work account to a personal account. Which of the following types of service providers is being used?

  A. Telecommunications service provider
  B. Cloud service provider
  C. Master managed service provider
  D. Managed security service provider
  D. Managed security service provider

  ---

  MSSP seems to be the logical answer. O365 as a cloud service for example will not prevent you from sending emails from work to personal account without it being specifically configured.

• Question 464:

  A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls

  Which of the following should be implemented to BEST address the CSO's concerns? {Select TWO)

  A. AWAF
  B. ACASB
  C. An NG-SWG
  D. Segmentation
  E. Encryption
  F. Containerization
  B. ACASB
  C. An NG-SWG

  ---

  NG-SWG -> NG SWG) is designed to address the key cloud and web security use cases encompassing granular policy controls, web filtering, threat protection, and data protection spanning managed and unmanaged apps, cloud services, and web traffic. CASB The CASB serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to everything your business utilizes in the cloud-regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT devices, or personal laptops.

• Question 465:

  A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

  A. Configure the perimeter firewall to deny inbound external connections to SMB ports.
  B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections.
  C. Deny unauthenticated users access to shared network folders.
  D. Verify computers are set to install monthly operating system, updates automatically.
  A. Configure the perimeter firewall to deny inbound external connections to SMB ports.

  ---

  If its' zero day there is no prepared IDS v IPS solutions; hence the most ssecure to block all SMB traffic (might be problematic, but this might be only temporary solution until zero-day stop being zero-day)

• Question 466:

  A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen: Please use a combination of numbers, special characters, and letters in the password field. Which of the following concepts does this message describe?

  A. Password complexity
  B. Password reuse
  C. Password history
  D. Password age
  A. Password complexity

  ---

  Password complexity - is the method that obligate users to use passwords this some characteristics.

• Question 467:

  A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

  A. Asymmetric
  B. Symmetric
  C. Homomorphic
  D. Ephemeral
  C. Homomorphic

  ---

  Homomorphic "Homomorphic encryption is a big deal because it makes it possible to perform calculations on encrypted data. This means that data processing can be outsourced to a third party without the need to trust the third party to properly secure the data. Without the proper decryption key, the original data can't be accessed. This ability to perform processing on encrypted data has the potential to solve many major business challenges faced by companies across all industries." https://www.keyfactor.com/blog/what-is-homomorphic-encryption/#:~:text=Homomorphic%20encryption%20algorithms%20are%20a,with%20a%20number%20of%20applications.

• Question 468:

  During an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee's home computer.

  The former employee's corporate workstation has since been repurpose, and the data on the hard drive has been overwritten.

  Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

  A. Properly configured hosts with security logging
  B. Properly configured endpoint security tool with alerting
  C. Properly configured SIEM with retention policies
  D. Properly configured USB blocker with encryption
  C. Properly configured SIEM with retention policies

• Question 469:

  A major clothing company recently lost a large amount of proprietary information.

  The security officer must find a solution to ensure this never happens again .

  Which of the following is the BEST technical implementation to prevent this from happening again?

  A. Configure DLP solutions
  B. Disable peer-to-peer sharing
  C. Enable role-based access controls.
  D. Mandate job rotation.
  E. Implement content filters
  A. Configure DLP solutions

• Question 470:

  A security analyst needs to find real-time data on the latest malware and IoCs. Which of the following BEST describes the solution the analyst should pursue?

  A. Advisories and bulletins
  B. Threat feeds
  C. Security news articles
  D. Peer-reviewed content
  B. Threat feeds

  ---

  Explanation Explanation/Reference:also referred as threat intelligence feeds