CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 511:

  A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets available?

  A. Adding a new UPS dedicated to the rack
  B. Installing a managed PDU
  C. Using only a dual power supplies unit
  D. Increasing power generator capacity
  B. Installing a managed PDU

  ---

  A managed Power Distribution Unit (PDU) allows you to monitor and control power outlets on the rack. This will allow the security team to identify which devices are drawing power and from which outlets, which can help to identify any unauthorized devices. Moreover, with a managed PDU, you can also control the power to outlets, turn off outlets that are not in use, and set up alerts if an outlet is overloaded. This will help to mitigate the issue of power consumption overloads without compromising the number of outlets available. Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom

• Question 512:

  The Chief Information Secunty Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

  A. Lessons learned
  B. Preparation
  C. Detection
  D. Containment
  E. Root cause analysis
  A. Lessons learned

  ---

  Lessons learned is the final step in the incident response where the organization reviews their incident response and prepare for a future attack. This is where you understand how/why an incident occurred, identify any weaknesses in your organization's practices, any positive elements or practices that went well, and things that could be done to prepare for a future incident. ========================= Incident Response - A set of instructions or procedures an IT staff follows to detect, respond to, recover and recover from a security incident. Phases in the Incident Response Plan 1. Preparation: The organization plans out how they will respond to attack, this can involve: 2. Identification: Detecting and determining whether an incident has occurred. 3. Containment: Once a threat has been identified, the organization must limit or prevent any further damage. 4. Eradication: The removal of the threat 5. Recovery: Restoring systems affected by the incident 6. Lessons Learned: Where the organization reviews their incident response and prepare for a future attack

• Question 513:

  A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

  A. The software had a hidden keylogger.
  B. The software was ransomware.
  C. The user’s computer had a fileless virus.
  D. The software contained a backdoor.
  D. The software contained a backdoor.

• Question 514:

  Server administrator want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently acress a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availiability. Which of the following should administrator configure to maximize system availability while efficiently utilizing available computing power?

  A. Dynamic resource allocation
  B. High availability
  C. Segmentation
  D. Container security
  A. Dynamic resource allocation

  ---

  To maximize system availability and efficiently utilize available computing power, administrators should configure dynamic resource allocation. Dynamic resource allocation is a technique that allows a system to automatically adjust the allocation of resources, such as memory and processing power, to different applications or processes in response to changing workloads or conditions. This can help to ensure that computing resources are used efficiently and that the system is able to respond to changes in demand without encountering performance issues or becoming unavailable.

• Question 515:

  Which of the following types of attacks is specific to the individual it targets?

  A. Whaling
  B. Pharming
  C. Smishing
  D. Credential harvesting
  A. Whaling

  ---

  Explanation Explanation/Reference:Whaling is highly tailored to their audiences and often include: the victim's name, job title, and basic details that make the communications look legitimate.

• Question 516:

  A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

  A. Incremental backups followed by differential backups
  B. Full backups followed by incremental backups
  C. Delta backups followed by differential backups
  D. Incremental backups followed by delta backups
  E. Full backup followed by different backups
  E. Full backup followed by different backups

  ---

  Explanation Explanation/Reference:The difference in incremental vs. differential backup is that, while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.

• Question 517:

  A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA, Which of the following will the engineer MOST likely use to achieve this objective?

  A. A forward proxy
  B. A stateful firewall
  C. A jump server
  D. A port tap
  C. A jump server

• Question 518:

  A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text, Which of following is most likely installed on compromised host?

  A. Keylogger
  B. Spyware
  C. Torjan
  D. Ransomware
  A. Keylogger

  ---

  A keylogger is a type of malware that records the keystrokes of the user and sends them to a remote attacker. The attacker can use the keystrokes to steal the user's credentials, personal information, or other sensitive data. A keylogger can generate packets that contain large amounts of text, as the packet capture data shows.

• Question 519:

  The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

  A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
  B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
  C. SSO would reduce the password complexity for frontline staff.
  D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.
  D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

• Question 520:

  A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

  A. Rainbow table attack
  B. Password spraying
  C. Logic bomb
  D. Malware bot
  B. Password spraying

  ---

  Explanation Explanation/Reference:Password Spraying is a variant of what is known as a brute force attack. In a traditional brute force attack, the perpetrator attempts to gain unauthorized access to a single account by guessing the password "repeatedly" in a very short period of time.