CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 481:

  A company is under investigation for possible fraud. As part of the investigation. the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?

  A. Legal hold

  B. Chain of custody

  C. Data loss prevention

  D. Content filter

  Correct Answer: A

  Legal hold: Protecting any documents that can be used in evidence from being altered or destroyed, sometimes called litigation hold.

• Question 482:

  Which of the following is a policy that provides a greater depth of knowldge across an organization?

  A. Asset manahement policy

  B. Separation of duties policy

  C. Acceptable use policy

  D. Job Rotation policy

  Correct Answer: D

• Question 483:

  A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

  A. SSL

  B. FTP

  C. SNMP

  D. TLS

  Correct Answer: D

  Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.

  https://www.websecurity.digicert.com/security-topics/what-is-ssl-tls-https#:~:text=Transport%20Layer%20Security%20(TLS)%20is,SSL%20is%20still%20widely%20used.

• Question 484:

  An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on other company servers without issue.

  Which of the following is the MOST likely reason for this finding?

  A. The required intermediate certificate is not loaded as part of the certificate chain.

  B. The certificate is on the CRL and is no longer valid.

  C. The corporate CA has expired on every server, causing the certificate to fail verification.

  D. The scanner is incorrectly configured to not trust this certificate when detected on the server.

  Correct Answer: A

• Question 485:

  A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information.

  Which of the following methods did the attacker MOST likely use to gain access?

  A. A bot

  B. A fileless virus

  C. A logic bomb

  D. A RAT

  Correct Answer: D

  Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response.

• Question 486:

  A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

  A. Default system configuration

  B. Unsecure protocols

  C. Lack of vendor support

  D. Weak encryption

  Correct Answer: C

  Going with the most correct answer here would be C as I searche dthe definition of Legacy online and saw that it literall means "out of date" systems and I am reminded of the recent updates such as how phone companies say they wont support old phones made only 5 years ago (im shocked to think that so many resources go into making a device so short lived - what happened to long life products lol)

• Question 487:

  A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

  

  Which of the following is the router experiencing?

  A. DDoS attack

  B. Memory leak

  C. Buffer overflow

  D. Resource exhaustion

  Correct Answer: D

• Question 488:

  A cyber-security administrator is using an enterprise firewall. The administrator created some rules, but now Seems to be unresponsive. All connections being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

  A. # iptables -t mangle -x

  B. # iptables -f

  C. # iptables -z

  D. # iptables -p input -j drop

  Correct Answer: A

• Question 489:

  An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?

  A. Proximity cards with guards

  B. Fence with electricity

  C. Drones with alarms

  D. Motion sensors with signage

  Correct Answer: D

  The question states they must be NOTIFIED. A fence definitely won't whisper in your ear.

• Question 490:

  A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

  A. internet

  B. Screened Subnet

  C. VLAN segmentation

  D. Zero Trust

  Correct Answer: C