CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 581:

  A worldwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil.

  Which of the following account policies would BEST prevent this type of attack?

  A. Network location

  B. Impossible travel time

  C. Geolocation

  D. Geofencing

  Correct Answer: B

  Impossible travel time is a policy: https://docs.microsoft.com/en-us/defender-cloud-apps/anomaly-detection-policy

• Question 582:

  A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

  

  To better understand what is going on, the analyst runs a command and receives the following output:

  

  Based on the analyst's findings, which of the following attacks is being executed?

  A. Credential harvesting

  B. Keylogger

  C. Brute-force

  D. Spraying

  Correct Answer: D

  Brute forcing focuses intensively on one account with every computable password attempt, whereas spraying simply attempts a few or several passwords on an account before moving on.

• Question 583:

  A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

  A. Unsecme protocols

  B. Default settings

  C. Open permissions

  D. Weak encryption

  Correct Answer: D

  DES stands for Data Encryption Standard hence why the answer is encryption as its still using a weak/old encryption standard.

• Question 584:

  Which of the following BEST explains the difference between a data owner and a data custodian?

  A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

  B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

  C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data

  D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data

  Correct Answer: B

• Question 585:

  A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users' traffic.

  Which of the following would be BEST to solve this issue?

  A. iPSec

  B. Always On

  C. Split tunneling

  D. L2TP

  Correct Answer: B

• Question 586:

  Which of the following would be used to find the MOST common web-application vulnerabilities?

  A. OWASP

  B. MITRE ATTandCK

  C. Cyber Kill Chain

  D. SDLC

  Correct Answer: A

  Anything related to WEB APPLICATION SECURITY = OWASP The Open Web Application Security Project (FRAMEWORK) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Open Web Application Security Project provides free and open resources. MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATTandCKTM) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's lifecycle and the platforms they are known to target. ATTandCK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

• Question 587:

  Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.)

  A. Alarms

  B. Signage

  C. Lighting

  D. Access control vestibules

  E. Fencing

  F. Sensors

  Correct Answer: DE

  Alarms=deterrent, Signage=deterrent, Lighting=deterrent, Mantraps=physical countermeasure, Fencing=physical countermeasure and Sensors are either reactive or technical. https://www.professormesser.com/security-plus/sy0-501/physicalsecurity- controls-2/

• Question 588:

  An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

  A. Nmap

  B. cURL

  C. Netcat

  D. Wireshark

  Correct Answer: D

  Nmap: Nmap is a network scanning tool used for discovering hosts and services on a network.

  cURL: cURL is a command-line tool for transferring data with URLs. It's commonly used to send and receive data over various protocols, such as HTTP. Netcat: Netcat (nc) is a versatile networking utility often referred to as the "Swiss Army knife" of networking. It can create TCP and UDP connections, transfer files, and perform various networking tasks.

  D. Wireshark: Wireshark is specifically designed for capturing and analyzing network packets. It provides a graphical user interface for dissecting and analyzing captured network data, making it the most appropriate tool for reviewing a pcap file to understand the content and behavior of the captured network traffic.

• Question 589:

  A software developer needs to perform code-execution testing, black-box testing, and non- functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

  A. Verification

  B. Validation

  C. Normalization

  D. Staging

  Correct Answer: D

  Staging moves the code from the developers' computers onto servers, bringing the product closer to deployment, but with controls to do critical testing. Non-functional testing tests everything outside the primary function of the code. This includes security testing and performance testing. Black-box testing separates the tester from the source code. The tester inserts inputs and checks the outputs, looking for weaknesses or flaws. Staging often employs sandboxing, the use of virtual machines (VMs) to enable aggressive testing of the application without risking any problems with the rest of the network.

• Question 590:

  During an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee's home computer.

  The former employee's corporate workstation has since been repurpose, and the data on the hard drive has been overwritten.

  Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

  A. Properly configured hosts with security logging

  B. Properly configured endpoint security tool with alerting

  C. Properly configured SIEM with retention policies

  D. Properly configured USB blocker with encryption

  Correct Answer: C