CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 531:

  During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings Which of the following should be the client's NEXT step to mitigate the issue''

  A. Conduct a full vulnerability scan to identify possible vulnerabilities

  B. Perform containment on the critical servers and resources

  C. Review the firewall and identify the source of the active connection

  D. Disconnect the entire infrastructure from the internet

  Correct Answer: B

  Perform containment on the critical servers and resources -> Isolation or containment is the first thing to do after an incident has been discovered

• Question 532:

  Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

  A. Access control

  B. Syslog

  C. Session Initiation Protocol traffic logs

  D. Application logs

  Correct Answer: C

• Question 533:

  A security administrator is managing administrative access to sensitive systems with the following requirements:

  Common login accounts must not be used for administrative duties.

  Administrative accounts must be temporal in nature.

  Each administrative account must be assigned to one specific user.

  Accounts must have complex passwords.

  Audit trails and logging must be enabled on all systems.

  Which of the following solutions should the administrator deploy to meet these requirements? (Give and References from CompTIA Security+ SY0-601 Official Text Book and Resources)

  A. ABAC

  B. SAML

  C. PAM

  D. CASB

  Correct Answer: C

  PAM is a solution that enables organizations to securely manage users' accounts and access to sensitive systems. It allows administrators to create unique and complex passwords for each user, as well as assign each account to a single user for administrative duties. PAM also provides audit trails and logging capabilities, allowing administrators to monitor user activity and ensure that all systems are secure. According to the CompTIA Security+ SY0-601 Course Book, "PAM is the most comprehensive way to control and monitor privileged accounts".

• Question 534:

  A security administrator Installed a new web server. The administrator did this to increase the capacity (or an application due to resource exhaustion on another server. Which of the following algorithms should the administrator use to split the number of the connections on each server In half?

  A. Weighted response

  B. Round-robin

  C. Least connection

  D. Weighted least connection

  Correct Answer: B

  The administrator should use a round-robin algorithm to split the number of connections on each server in half. Round-robin is a load-balancing algorithm that distributes incoming requests to the available servers one by one in a cyclical order. This helps to evenly distribute the load across all of the servers, ensuring that no single server is overloaded.

• Question 535:

  A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

  A. The Diamond Model of Intrusion Analysis

  B. CIS Critical Security Controls

  C. NIST Risk Management Framework

  D. ISO 27002

  Correct Answer: C

  The NIST Risk Management Framework (RMF) is a process for evaluating the security of a system and implementing controls to reduce potential risks associated with it. The RMF process involves categorizing the system, selecting the controls that apply to the system, implementing the controls, and then assessing the success of the controls before authorizing the system. For more information on the NIST Risk Management Framework and other security processes, refer to the CompTIA Security+ SY0-601 Official Text Book and Resources.

• Question 536:

  An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC?

  A. Reimage the impacted workstations

  B. Activate runbooks for incident response

  C. Conduct forensics on the compromised system

  D. Conduct passive reconnaissance to gather information

  Correct Answer: B

• Question 537:

  A secunity engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

  A. An air gap

  B. A hot site

  C. A VUAN

  D. A screened subnet

  Correct Answer: D

• Question 538:

  A company recently expenenced an attack dunng which #5 main website was directed to the atacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following snould the company Implement to prevent this type of attack from accurting in the future?

  A. IPSec

  B. SSL/TLS

  C. DNSSEC

  D. S/MIME

  Correct Answer: B

• Question 539:

  A company ts required to continue using legacy softveare to support a critical service. Which of the following BEST explains a reek of this prachce?

  A. Default system configuraton

  B. Unsecure protocols

  C. Lack of vendor support

  D. Weak encryption

  Correct Answer: C

• Question 540:

  The spread of misinformation sorrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take risk of goding to the polls. This is an example of:

  A. Prepending

  B. An influence compain

  C. A watering-hole attack.

  D. Intimidation.

  E. Information elicitation.

  Correct Answer: D