CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 521:

  Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

  A. ISO

  B. GDPR

  C. PCI DSS

  D. NIST

  Correct Answer: D

  ISO is for all standards, not only security, whereas NIST is only related to security.

• Question 522:

  An administrator is experiencing issues when trying to upload a support file to a vendor A pop-up message reveals that a payment card number was found in the file, and the file upload was Mocked. Which of the following controls is most likely causing this issue and should be checked FIRST?

  A. DLP

  B. Firewall rule

  C. Content filter

  D. MDM

  E. Application allow list

  Correct Answer: A

  DLP - Data Loss Prevention uses exact data matching or regex matching

  in this case a regex rule for detecting credit card numbers could be in place that is actively blocking the upload of the document Regex for detecting and Amex Card: ^3[47][0-9]{13}$

  Source https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests

• Question 523:

  A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement Which of the following tools if available on the server, will provide the MOST useful information for the next assessment step?

  A. Autopsy

  B. Cuckoo

  C. Memdump

  D. Nmap

  Correct Answer: D

  Nmap is basically mapping a network. The purpose of lateral pivoting is to gain a new perspective, or new information that will allow you to either privilege escalate, or to achieve the goal of the attack. If the compromised server the pen tester is exploiting has nmap enabled, the pen tester will be able to get an in-depth inside view of the internal network structure.

• Question 524:

  An organization is building backup server rooms in geographically diverse locations The Chief Information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room

  Which of the following should the systems engineer consider?

  A. Purchasing hardware from different vendors

  B. Migrating workloads to public cloud infrastructure

  C. Implementing a robust patch management solution

  D. Designing new detective security controls

  Correct Answer: A

  different vendors, different products, different vulns on the devices. if you have all cisco equipment the vulns on the switches are the same.

• Question 525:

  A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction. The SIEM have multiple login entries with the following text:

  

  suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal time suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\amazing-3rdparty-domain-assessment.py suspicious event - user: scheduledtasks failed to execute c:\weekly_checkups\secureyourAD-3rdparty-compliance.sh suspicious event - user: scheduledtasks successfully executed c:\weekly_checkups\amazing-3rdparty-domain-assessment.py

  Which of Ihe following is the MOST likely attack conducted on the environment?

  A. Malicious script

  B. Privilege escalation

  C. Doman hijacking

  D. DNS poisoning

  Correct Answer: A

  Definitely A: Malicious Scripts. Cos look at these: 1. weekly_checkups\secureyourAD-3rdparty-compliance.sh 2. scheduledtasks, and 3. amazing-3rdparty-domain-assessment. All those are definitely malicious names that results in password changes.

• Question 526:

  A software company adopted the following processes before releasing software to production;

  1.

  Peer review

  2.

  Static code scanning

  3.

  Signing

  A considerable number of vulnerabilities are still being detected when code is executed on production Which of the following security tools can improve vulnerability detection on this environment?

  A. File integrity monitoring for the source code

  B. Dynamic code analysis tool

  C. Encrypted code repository

  D. Endpoint detection and response solution

  Correct Answer: B

• Question 527:

  A company labeled some documents with the public sensitivity classification This means the documents can be accessed by:

  A. employees of other companies and the press

  B. all members of the department that created the documents

  C. only the company's employees and those listed in the document

  D. only the individuate listed in the documents

  Correct Answer: A

  A company labeled some documents with the public sensitivity classification means that the documents can be accessed by employees of other companies and the press. The public sensitivity classification indicates that the documents are intended for public access and can be shared with a wide audience, including employees of other companies and members of the media. This classification is often used for documents that contain information that is not sensitive or confidential and that can be shared freely with the public. In contrast, documents with other sensitivity classifications, such as "confidential" or "private," may have more restricted access and may only be shared with a limited group of individuals, such as employees of the company or those listed in the document.

• Question 528:

  A company wants to improve end users experiences when they tog in to a trusted partner website The company does not want the users to be issued separate credentials for the partner website Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

  A. Directory service

  B. AAA server

  C. Federation

  D. Multifactor authentication

  Correct Answer: C

  Federation means the company trusts accounts created and managed by a different network. It connects the identity management services of multiple systems

• Question 529:

  A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found.

  Which of the following attacks was MOST likely used to cause the data toss?

  A. Logic bomb

  B. Ransomware

  C. Fileless virus

  D. Remote access Trojans

  E. Rootkit

  Correct Answer: A

  "software was configured to delete data deliberately from those servers"

• Question 530:

  A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST?

  A. Retention

  B. Governance

  C. Classification

  D. Change management

  Correct Answer: C

  Classification is the first step to determine what data contains PHI