CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 471:

  Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

  A. Smart card

  B. push notifications

  C. Attestation service

  D. HMAC-based

  E. one-time password

  Correct Answer: B

• Question 472:

  Which of the following techniques eliminates the use of rainbow tables for password cracking?

  A. Hashing

  B. Tokenization

  C. Asymmetric encryption

  D. Salting

  Correct Answer: D

  Rainbow table attacks can easily be prevented by using salt techniques, which is a random data that is passed into the hash function along with the plain text.

• Question 473:

  A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

  A. Shadow IT

  B. Script kiddies

  C. APT

  D. Insider threat

  Correct Answer: C

  An APT attack is characterized by using toolkits to achieve a presence on a target network and then, instead of just moving to steal information, focusing on the long game by maintaining a persistent presence on the target network. The tactics, tools, and procedures of APTs are focused on maintaining administrative access to the target network and avoiding detection. Then, over the long haul, the attacker can remove intellectual property and more from the organization, typically undetected.

• Question 474:

  A security analyst is tasked with classifying data to be stored on company servers. Which of the following should be classified as proprietary?

  A. Customers' dates of birth

  B. Customers' email addresses

  C. Marketing strategies

  D. Employee salaries

  Correct Answer: C

  Proprietary Information" shall mean information (whether now existing or hereafter created or acquired) developed, created, or discovered by the Company, or which became known by, or was conveyed to the Company, which has commercial value in the Company's business.

• Question 475:

  A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?

  A. Gait analysis

  B. Vein

  C. Soft token

  D. HMAC-based, one-time password

  Correct Answer: B

  Vein is the unique possible response. According to Comptia Security All in one book, Gait Analysis is never used for authentication. It's only used to identify a suspect in a group of others, enabling tracking of individuals in a crowd.

• Question 476:

  Several attempts have been made lo pick the door lock of a secure facility As a result the security engineer has been assigned to implement a stronger preventative access control Which of the following would BEST complete the engineer's assignment?

  A. Replacing the traditional key with an RFID key

  B. Installing and monitoring a camera facing the door

  C. Setting motion-sensing lights to illuminate the door on activity

  D. Surrounding the property with fencing and gates

  Correct Answer: A

  Replacing the traditional key with an RFID key - For this question, there is mention of "attempts have been made to pick the door lock". Out of the options provided, only the option to replace the current door key with an RFID key directly

  addresses this issue. The other options can be viewed as preventative access control systems/ deterrents as well.

  ============================

  Helpful Info

  Preventative access control - An access control that is used to stop unwanted or unauthorized activity from occurring, these could be policies, firewalls, physical barriers etc.

  RFID (Radio Frequency Identification) - A type of key card/fob access control system that uses a radio frequency signals to communicate between a reader and an RFID tag. You would place the tag/card near the reader and if the reader identifies the signal as belonging to an authorized user, they will be allowed access.

• Question 477:

  A user forwarded a suspicious email to the security team, Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?

  A. Configure the web content filter for the web address.

  B. Report the website to threat intelligence partners

  C. Set me SIEM to alert for any activity to the web address.

  D. Send out a corporate communication to warn all users Of the malicious email.

  Correct Answer: A

  Web content filtering is the practice of blocking access to web content that may be deemed offensive, inappropriate, or even dangerous. Better to just block out the URL since we already know its malicious now and notify later since you don't know how many other people received the email.

• Question 478:

  Security analysts notice a server login from a user who has been on vacation for two weeks

  The analysts confirm that the user did not log in to the system while on vacation After reviewing packet capture logs, the analysts notice the following:

  

  Which of the following occurred?

  A. A buffer overflow was exploited to gain unauthorized access

  B. The user's account was compromised, and an attacker changed the login credentials

  C. An attacker used a pass-the-hash attack to gain access

  D. An insider threat with username smithJA logged in to the account

  Correct Answer: C

  A Pass-the-Hash (PtH) attack is a technique where an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication into a system.

• Question 479:

  Which of the following should an organization consider implementing In the event executives need to speak to the media after a publicized data breach?

  A. Incident response plan

  B. Business continuity plan

  C. Communication plan

  D. Disaster recovery plan

  Correct Answer: C

  A communication plan is a policy-driven approach to providing company stakeholders with certain information

• Question 480:

  Which of the following prevents an employee from seeing a colleague who is visting an inappropriate website?

  A. Job roration policy

  B. NDA

  C. AUP

  D. Separation of duties policy

  Correct Answer: C

  "Which of the following prevents an employee from visiting an inappropriate website"

  .....which would somewhat make more sense. An acceptable use policy (AUP) is a document that outlines the rules and restrictions employees must follow in regard to the company's network, software, internet connection and devices. The

  employee shouldn't access the inappropriate website as it would go against proper use of the company network.

  ================

  Helpful Info I Guess

  NDA (Non-disclosure agreement) - a binding contract between two or more parties that prevents sensitive information from being shared with others.

  Separation of Duty - refers to the principle that no user should be given enough privileges to misuse the system on their own.

  Job rotation - A concept that has employees rotate through different jobs to learn the procedures and processes in each. From a security perspective, job rotation helps to prevent or expose dangerous shortcuts or even fraudulent activity.