CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 601:

  A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication?

  A. Hard token

  B. Retina scan

  C. SMS text

  D. Keypad PIN

  Correct Answer: B

• Question 602:

  An analyst is working on an email incident in which target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

  A. Apply a DLP solution

  B. Implement network segmentation.

  C. Utilize email content filtering.

  D. Isolate the infected attachment.

  Correct Answer: B

• Question 603:

  A penetration tester successfully gained access to a company's network The investigating analyst determines malicious traffic connected through the WAP despite filtering rules being in place. Logging in to the connected switch, the analyst sees the following m the ARP table:

  

  Which of the following cid the penetration tester MOST liely use?

  A. ARP poisoning

  B. MAC cloning

  C. Man in the middle

  D. Evil twin

  Correct Answer: A

• Question 604:

  A systems administrator is looking for a solution that will help prevent OAuth applications from being leveraged by hackers to tick users into authorizing the use of their corporate credentials.

  Which of the following BEST describes this solution?

  A. CASB

  B. UEM

  C. WAF

  D. VPC

  Correct Answer: B

• Question 605:

  A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

  A. Security information and event management

  B. A web application firewall

  C. A vulnerability scanner

  D. A next-generation firewall

  Correct Answer: A

  Security information and event management (SIEM) is the technology that will accomplish the objective of centralizing logs to create a baseline and gain visibility on security events. SIEM is a comprehensive approach to security management that involves the collection, aggregation, analysis, and correlation of log data from various sources throughout an organization's IT infrastructure. It allows security teams to monitor, detect, and respond to security incidents effectively.

  A SIEM system can collect log data from various sources, such as firewalls, network devices, servers, applications, and endpoints, and then normalize and correlate this data to provide a centralized view of security events and activities. It can help identify suspicious or anomalous behavior, detect security incidents, and provide real-time alerts for potential threats.

• Question 606:

  Which of the following refers to applications and systems that are used within an organization without consent or approval?

  A. Shadow IT

  B. OSINT

  C. Dark web

  D. Insider threats

  Correct Answer: A

  https://www.forcepoint.com/cyber-edu/shadow-it

• Question 607:

  A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

  A. A packet capture

  B. A user behavior analysis

  C. Threat hunting

  D. Credentialed vulnerability scanning

  Correct Answer: C

  According to Mike Chapple 'Threat hunting is an assessment technique that makes an assumption of compromise and then searches the organization for indicators of compromise that confirm the assumption.

• Question 608:

  Which of the following holds staff accountable while escorting unathorized personal?

  A. Locks

  B. Badges

  C. Cameras

  D. Visitor logs

  Correct Answer: D

  Visitor logs hold staff accountable while escorting unauthorized personnel. A visitor log is a record of individuals who enter a facility, and it typically includes details such as the date and time of the visit, the name of the visitor, and the name of the staff member who escorted them. By maintaining a visitor log, it is possible to track who has entered the facility and who was responsible for escorting them. This can help to hold staff accountable for escorting unauthorized personnel and ensure that they are following security protocols and procedures. Locks, badges, and cameras are all important security measures, but they are not directly related to holding staff accountable for escorting unauthorized personnel.

• Question 609:

  A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely the cause of the cause of the access issues?

  A. False rejection

  B. Cross-over error rate

  C. Efficacy rale

  D. Attestation

  Correct Answer: A

  A. False rejection is the correct answer. Please note there are many complaints from the users.

  Users are complaining because sensitivity (= security) of the fingerpront scanner is too high and they cannot enter. If sensitivity was too low, anybody could enter. CER = sweet spot.

  where a legitimate user is not recognized. This is also referred to as a Type I error or false non-match rate (FNMR). FRR is measured as a percentage.

• Question 610:

  A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

  A. PCI DSS

  B. ISO 22301

  C. ISO 27001

  D. NIST CSF

  Correct Answer: A

  Additionally, many organizations should abide by certain standards. For example, organizations handling credit card information need to comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS includes six control objectives and 12 specific requirementsthat help prevent fraud