CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 621:

  Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

  A. Mantraps
  B. Security guards
  C. Video surveillance
  D. Fences
  E. Bollards
  F. Antivirus
  A. Mantraps
  B. Security guards

  ---

  A - a mantrap can trap those personnal with bad intension(preventive), and kind of same as detecting, since you will know if someone is trapped there(detective), and it can deter those personnal from approaching as well(deterrent) B security guards can sure do the same thing as above, preventing malicious personnal from entering(preventive+deterrent), and notice those personnal as well(detective)

• Question 622:

  A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked.

  Which of the following would BEST these requirement?

  A. RA
  B. OCSP
  C. CRL
  D. CSR
  C. CRL

  ---

  OCSP (Online Certificate Status Protocol) needs to send a request to obtain the status of the certificate. Because the site is offline, a CRL would BEST meet the requirements.

• Question 623:

  A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?

  A. DNS poisoning
  B. MAC flooding
  C. DDoS attack
  D. ARP poisoning
  C. DDoS attack

  ---

  Most denial of service (DoS) attacks against websites and gateways are distributed DoS (DDoS). This means that the attack is launched from multiple hosts simultaneously. Typically, a threat actor will compromise machines to use as handlers in a command and control network. The handlers are used to compromise hundreds or thousands or millions of hosts with DoS tools (bots) forming a botnet. The internal network has not been affected by the attack.

• Question 624:

  Security analysts notice a server login from a user who has been on vacation for two weeks

  The analysts confirm that the user did not log in to the system while on vacation After reviewing packet capture logs, the analysts notice the following:

  

  Which of the following occurred?

  A. A buffer overflow was exploited to gain unauthorized access
  B. The user's account was compromised, and an attacker changed the login credentials
  C. An attacker used a pass-the-hash attack to gain access
  D. An insider threat with username smithJA logged in to the account
  C. An attacker used a pass-the-hash attack to gain access

  ---

  Explanation Explanation/Reference:A Pass-the-Hash (PtH) attack is a technique where an attacker captures a password hash (as opposed to the password characters) and then passes it through for authentication into a system.

• Question 625:

  A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

  A. Create an OCSP
  B. Generate a CSR
  C. Create a CRL
  D. Generate a .pfx file
  B. Generate a CSR

  ---

  A certificate signing request (CSR) is one of the first steps towards getting your own SSL/TLS certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key. We'll go into more details on the roles of these keys below.

• Question 626:

  A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met:

  All actions performed by the network staff must be logged.

  Per-command permissions must be possible.

  The authentication server and the devices must communicate through TCP.

  Which of the following authentication protocols should the analyst choose?

  A. Kerberos
  B. CHAP
  C. TACACS+
  D. RADIUS
  C. TACACS+

• Question 627:

  A security incident has been resolved

  Which of the following BEST describes the importance of the final phase of the incident response plan?

  A. It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
  B. It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
  C. It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
  D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach
  A. It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future

  ---

  It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future. The final phase of the incident response is also called the lessons learned or remediation step. ======================= Phases of the Incident Response Plan: 1. Preparation - Preparing for an attack and how to respond 2. Identification - Identifying the threat 3. Containment - Containing the threat 4. Eradication - Removing the threat 5. Recovery - Recovering affected systems 6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.

• Question 628:

  A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?

  A. SPIM
  B. Vishing
  C. Spear phishing
  D. Smishing
  D. Smishing

• Question 629:

  A penetration test revealed that several Linux servers were misconfigured at the file level and access was granted incorrectly. A security analyst is referencing the instructions in the incident response runbook for remediation information. Which of the following is the best command to use to resolve the issue?

  A. chmod
  B. cat
  C. grep
  D. dig
  A. chmod

• Question 630:

  The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:

  1.

  Users to choose a password unique to their last ten passwords

  2.

  Users to not log in from certain high-risk countries

  Which of the following should the security team implement? (Select TWO).

  A. Password complexity
  B. Password history
  C. Geolocation
  D. Geofencing
  E. Geotagging
  F. Password reuse
  B. Password history
  D. Geofencing

  ---

  Explanation Explanation/Reference:From the CompTIA Study guide - "Geofencing refers to accepting or rejecting access based on location."