CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 531:

  An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup but every time the Chief Financial Officer logs in to the file server, the same files are deleted again No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

  A. Logic bomb
  B. Crypto malware
  C. Spyware
  D. Remote access Trojan
  A. Logic bomb

  ---

  Logic bomb: a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.

• Question 532:

  A web application for a bank displays the following output when showing details about a customer's bank account:

  

  Which of the following techniques is most likely implemented in this web application?

  A. Data minimization
  B. Data scrambling
  C. Data masking
  D. Anonymization
  C. Data masking

  ---

  Explanation Explanation/Reference:

• Question 533:

  A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

  A. Unsecure root accounts
  B. Lack of vendor support
  C. Password complexity
  D. Default settings
  A. Unsecure root accounts

• Question 534:

  A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?

  A. Cellular
  B. NFC
  C. Wi-Fi
  D. Bluetooth
  B. NFC

  ---

  NFC allows two devices to communicate with each other when they are in close proximity to each other, typically within 5 centimetres. This makes it the most secure connection method for the company's data transfer requirements.

• Question 535:

  A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

  A. 802.1X
  B. SAML
  C. RADIUS
  D. CHAP
  B. SAML

  ---

  Based on the information provided, the company should implement SAML as the protocol for exchanging authentication and authorization data between the coud-based security tool and the company's user directory. SAML is an open-standard protocol that uses HTTP or HTTPS as the transport protocol and can encrypt all the data sent between the identity provider (idP) and the service provider. SAML also enables Single Sign-On (SSO), which means that users do not have to enter their credentials multiple times for different applications.

• Question 536:

  Several attempts have been made lo pick the door lock of a secure facility As a result the security engineer has been assigned to implement a stronger preventative access control Which of the following would BEST complete the engineer's assignment?

  A. Replacing the traditional key with an RFID key
  B. Installing and monitoring a camera facing the door
  C. Setting motion-sensing lights to illuminate the door on activity
  D. Surrounding the property with fencing and gates
  A. Replacing the traditional key with an RFID key

  ---

  Replacing the traditional key with an RFID key - For this question, there is mention of "attempts have been made to pick the door lock". Out of the options provided, only the option to replace the current door key with an RFID key directly addresses this issue. The other options can be viewed as preventative access control systems/ deterrents as well. ============================ Helpful Info Preventative access control - An access control that is used to stop unwanted or unauthorized activity from occurring, these could be policies, firewalls, physical barriers etc. RFID (Radio Frequency Identification) - A type of key card/fob access control system that uses a radio frequency signals to communicate between a reader and an RFID tag. You would place the tag/card near the reader and if the reader identifies the signal as belonging to an authorized user, they will be allowed access.

• Question 537:

  An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

  A. Data custodian
  B. Data controller
  C. Data proton officer
  D. Data processor
  B. Data controller

• Question 538:

  A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

  

  Which of the following steps would be best for the security engineer to take NEXT?

  A. Allow DNS access from the internet.
  B. Block SMTP access from the Internet
  C. Block HTTPS access from the Internet
  D. Block SSH access from the Internet.
  D. Block SSH access from the Internet.

  ---

  Explanation Explanation/Reference:The reason for D is because you want to block the SSH as it will be a vulnerability.

• Question 539:

  Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two).

  A. Certificate mismatch
  B. Use of penetration-testing utilities
  C. Weak passwords
  D. Included third-party libraries
  E. Vendors/supply chain
  F. Outdated anti-malware software
  D. Included third-party libraries
  E. Vendors/supply chain

  ---

  Explanation Explanation/Reference:

• Question 540:

  A security analyst receives an alert that indicates a user's device is displaying anomalous behavior The analyst suspects the device might be compromised. Which of the following should the analyst to first?

  A. Reboot the device
  B. Set the host-based firewall to deny an incoming connection
  C. Update the antivirus definitions on the device
  D. Isolate the device
  D. Isolate the device

  ---

  Isolating the device is the first thing that a security analyst should do if they suspect that a user's device might be compromised. Isolating the device means disconnecting it from the network or placing it in a separate network segment to prevent further communication with potential attackers or malicious hosts. Isolating the device can help contain the incident, limit the damage or data loss, preserve the evidence, and facilitate the investigation and remediation. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://resources.infosecinstitute.com/topic/incident-response-process/