CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 611:

  A company labeled some documents with the public sensitivity classification This means the documents can be accessed by:

  A. employees of other companies and the press
  B. all members of the department that created the documents
  C. only the company's employees and those listed in the document
  D. only the individuate listed in the documents
  A. employees of other companies and the press

  ---

  Explanation Explanation/Reference:A company labeled some documents with the public sensitivity classification means that the documents can be accessed by employees of other companies and the press. The public sensitivity classification indicates that the documents are intended for public access and can be shared with a wide audience, including employees of other companies and members of the media. This classification is often used for documents that contain information that is not sensitive or confidential and that can be shared freely with the public. In contrast, documents with other sensitivity classifications, such as "confidential" or "private," may have more restricted access and may only be shared with a limited group of individuals, such as employees of the company or those listed in the document.

• Question 612:

  A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

  A. openssl
  B. hping
  C. netcat
  D. tcpdump
  D. tcpdump

  ---

  tcpdump for sure. OpenSSL is what might be used to secure traffic, but tcpdump is a packet analyzer that will show you if data is being sent in the clear. It will verify OpenSSL is working.

• Question 613:

  A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

  A. Jamming
  B. NFC attacks
  C. Disassociation
  D. Bluesnarfing
  E. Evil twin
  E. Evil twin

• Question 614:

  A security administrator Is managing administrative access to sensitive systems with the following requirements:

  Common login accounts must not be used (or administrative duties.

  Administrative accounts must be temporal in nature.

  Each administrative account must be assigned to one specific user.

  Accounts must have complex passwords.

  Audit trails and logging must be enabled on all systems.

  Which ot the following solutions should the administrator deploy to meet these requirements?

  A. ABAC
  B. SAML
  C. PAM
  D. CASB
  C. PAM

  ---

  The best solution to meet the given requirements is to deploy a Privileged Access Management (PAM) solution. PAM solutions allow administrators to create and manage administrative accounts that are assigned to specific users and that have complex passwords. Additionally, PAM solutions provide the ability to enable audit trails and logging on all systems, as well as to set up temporal access for administrative accounts. SAML, ABAC, and CASB are not suitable for this purpose.

• Question 615:

  A security analyst is reviewing the following attack log output:

  

  Which of the following types of attacks does this MOST likely represent?

  A. Rainbow table
  B. Brute-force
  C. Password-spraying
  D. Dictionary
  C. Password-spraying

  ---

  Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.

• Question 616:

  A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication?

  A. Hard token
  B. Retina scan
  C. SMS text
  D. Keypad PIN
  B. Retina scan

• Question 617:

  In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

  A. Identification
  B. Preparation
  C. Eradiction
  D. Recovery
  E. Containment
  E. Containment

  ---

  Isolation involves removing affected components from any environment the greater one. This can be anything from removing the server from the network after become the target of DoS attacks, to the point of placing applications in a VM sandbox outside the environment where the host usually runs. Whatever the situation, you'll want to make sure you don't there is another Interface between the affected component and the production network or the Internet.

• Question 618:

  A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?

  A. A capture-the-flag competition
  B. A phishing simulation
  C. Physical security training
  D. Baste awareness training
  A. A capture-the-flag competition

  ---

  capture-the-flag (CTF) competitions can be a suitable training option for enhancing the skill levels of a company's developers in cybersecurity. CTF competitions can help developers learn how to identify and exploit security vulnerabilities in various systems, applications, and networks, which is essential for building secure software. CTF challenges can be designed to simulate real-world scenarios and can test a variety of skills at any level, including cryptography, network analysis, reverse engineering, exploitation, web technologies, memory corruption, forensics, and open-source cyber intelligence. CTF competitions can also provide a well-rounded approach to enhancing developer skills in cybersecurity, as they can help developers learn how to secure their code and applications effectively. On the other hand, A phishing simulation is one set of learning while CTF is well rounded one.

• Question 619:

  CORRECT TEXT

  An incident has occurred in the production environment.

  Analyze the command outputs and identify the type of compromise.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Correct Answer. Check the explanation below
  Check the explanation below

  ---

  Explanation/Reference:

  Answer as SQL injection

  

• Question 620:

  The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure.

  The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established.

  Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories?

  A. VLAN zoning with a file-transfer server in an external-facing zone
  B. DLP running on hosts to prevent file transfers between networks
  C. NAC that permits only data-transfer agents to move data between networks
  D. VPN with full tunneling and NAS authenticating through the Active Directory
  A. VLAN zoning with a file-transfer server in an external-facing zone

  ---

  The labs are not part of the network so data access/loss controls within the network will not solve the issue. Network design (segmentation) with a FS accessible to the labs solves better as only authorised data is stored and no access to internal network/data. Of course other security measures for data at rest and in transit will be applied to FS i.e firewalls, VPN to authenticate and secure connections from the labs but the issue here is what data are they allowed access