CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 501:

  A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing Employees who travel need their accounts protected without the nsk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

  A. Enforce MFA when an account request reaches a nsk threshold

  B. Implement geofencing to only allow access from headquarters

  C. Enforce time-based login requests that align with business hours

  D. Shift the access control scheme to a discretionary access control

  Correct Answer: A

  MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database.

  Enforce MFA when an account request reaches a risk threshold.

  This is likely the most convenient implementation that would work for all employees as an additional element(s) would need to be needed for authentication/authorization. ========================

  (B)

  - Implementing geofencing to only allow access from headquarters might stop the suspicious logins, however, it would be inconvenient for employees not physically located near headquarters such as the traveling employees.

  (C)

  Enforcing time-based login requests to align with business hours could also be inconvenient for traveling/global employees that work in different times compared the business's normal business hours.

  (D)

  With Discretionary access control, the owner of a resource can decide who can have access to the resource and you can modify the access at anytime. The option to shift the access control scheme to a discretionary access control wouldn't really address the login issue either if the account of someone who is authorized to access a resource was compromised. The attacker can still access the resource using their credentials.

• Question 502:

  The board of doctors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does the BEST describe?

  A. Transference

  B. Avoidance

  C. Mitigation

  D. Acknowledgement

  Correct Answer: A

  The board of directors at a company contracted with an insurance firm to limit the organization's liability BEST describes the risk management practice of transference. Transference is the process of transferring the risk of loss from one party to another, typically through the use of insurance. In this case, the company is transferring the risk of potential liability to the insurance firm by purchasing an insurance policy. This allows the company to limit its potential losses in the event of a liability claim. Options B, C, and D do not accurately describe the situation described in the question.

• Question 503:

  A news article states hackers have been selling access to IoT camera feeds. Which of the following is the Most likely reason for this issue?

  A. Outdated software

  B. Weak credentials

  C. Lack of encryption

  D. Backdoors

  Correct Answer: B

  Most of the IoT devices have the same password given by the manufacturer. In my opinion B (Weak credentials) is the most common point of attack.

• Question 504:

  To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request?

  A. laas

  B. Paas

  C. Daas

  D. SaaS

  Correct Answer: D

  D. SaaS (Software as a Service) is the best option to accommodate the request to move email services to the cloud while protecting sensitive data. SaaS is a delivery model for software applications where the provider hosts the application and makes it available to customers over the internet. SaaS provides customers with the benefits of cloud computing such as scalability, low cost, and quick implementation without the need for expensive hardware, software, and support infrastructure. SaaS providers also have security controls in place to protect sensitive data, such as encryption, data backup, and disaster recovery. With SaaS, the customer's sensitive data is stored and processed on the provider's infrastructure, reducing the customer's responsibility for securing the data and providing peace of mind.

• Question 505:

  A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence.

  Which of the following would BEST meet the requirements?

  A. Reverse proxy

  B. NIC teaming

  C. Load balancer

  D. Forward proxy

  Correct Answer: C

  Load Balancer can provide below functions:

  1.

  Not to send to the offlined systems with active monitoring.

  2.

  Have persistence settings

• Question 506:

  Which of the following is an example of risk avoidance?

  A. Installing security updates directly in production to expedite vulnerability fixes

  B. Buying insurance to prepare for financial loss associated with exploits

  C. Not installing new software to prevent compatibility errors

  D. Not taking preventive measures to stop the theft of equipment

  Correct Answer: C

• Question 507:

  A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures, The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?

  A. HIPS

  B. Flm

  C. TPM

  D. DLP

  Correct Answer: C

  In this question, an attack has already occurred so preventative measures such as HIPS, FIM, or DLP would not be helpful. Also, the analyst wants to check the integrity of the system, and boot attestation can take place. TPM chips have

  mechanisms to prevent system tampering and boot attestation can be done with TPM based hardware to verify the state of the firmware, bootloader, etc. TPM is the best option here.

  =====================

  Other Choices

  HIPS (Host Intrustion Prevention System) - An installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. This aims to stop malware by monitoring the behavior of code.

  FIM (File Integrity Monitoring) - Technology that monitors and detects file changes that could be indicative of a cyberattack. FIM specifically involves examining files to see if and when they change, how they change, who changed them, and

  what can be done to restore those files if those modifications are unauthorized.

  DLP (Data Loss Prevention) - A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

  https://docs.microsoft.com/en-us/azure/security/fundamentals/measured- boot-host-attestation

• Question 508:

  An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

  

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  This is just a breakdown of the ports:

  67 and 68 = DHCP (Dynamic Host Configuration Protocol): DHCP a client/server protocol that automatically provides IP addresses to clients. UDP Port 67 is used by the DHCP server to dynamically assign IP addresses. UDP Port 68 is the

  DHCP client port which is used by clients to obtain an IP address from a DHCP server.

  20 and 21 = FTP (File Transfer Protocol): FTP is used to communicate and transfer files between computers. TCP Port 20 is the "data port" where the actual data transfer occurs and Port 21 is the "control port" where the client makes the

  connection request and management.

  22 = SSH (Secure Shell) and SFTP (Secure File Transfer Protocol): SSH is a protocol that enables two computers to communicate securely by encrypting the connection. SFTP is a secure file transfer protocol that uses SSH encryption to

  securely send and receive file transfers.

  80 and 443 = HTTP / HTTPS: HTTP(80) is a default network port used to send and receive unencrypted web pages. HTTPS(443) is HTTP but uses TLS to encrypt normal HTTP requests/responses.

• Question 509:

  Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner. users must click the OK button. Which of the following is this an example of?

  A. AUP

  B. NDA

  C. SLA

  D. MOU

  Correct Answer: A

  An acceptable use policy (AUP) is a document that outlines the rules and restrictions employees must follow in regard to the company's network, software, internet connection and devices.

• Question 510:

  Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

  A. Standard naming conventions

  B. Domain services

  C. Baseline configurations

  D. Diagrams

  Correct Answer: A

  Quoting from the official guide below.

  A standard naming convention for hardware assets, and for digital assets such as accounts and virtual machines, makes the environment more consistent. This means that errors are easier to spot and that it is easier to automate through

  scripting. The naming strategy should allow administrators to identify the type and function of any particular resource or location at any point in the CMDB or network directory. Each label should conform to rules for host and DNS names.