CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 631:

  Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

  A. Data encryption

  B. Data masking

  C. Data deduplication

  D. Data minimization

  Correct Answer: B

• Question 632:

  A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?

  A. Configuring signature-based antivirus io update every 30 minutes

  B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion.

  C. Implementing application execution in a sandbox for unknown software.

  D. Fuzzing new files for vulnerabilities if they are not digitally signed

  Correct Answer: C

  The best defense against the scenario described is implementing application execution in a sandbox for unknown software. A sandbox is a controlled environment in which an application can be executed and observed without affecting the rest of the system. This allows the application to be run safely, even if it is unknown or potentially malicious. If the application is found to be malicious, it can be terminated without damaging the rest of the system. Configuring signature-based antivirus to update every 30 minutes can help protect against known malware, but it will not protect against custom malware that has not yet been detected. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion can help protect against unauthorized access to sensitive data, but it will not protect against malware that is installed on a system. Fuzzing new files for vulnerabilities can help identify potential weaknesses in software, but it will not protect against malware that is already installed on a system

• Question 633:

  A malicious actor recently penetration a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

  A. Security

  B. Application

  C. Dump

  D. Syslog

  Correct Answer: C

  Dump files are a special type of files that store information about your computer, the software on it, and the data loaded in the memory when something bad happens. They are usually automatically generated by Windows or by the apps that crash, but you can also manually generate them https://www.digitalcitizen.life/view-contents- dump-file/

• Question 634:

  A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan Types would produce the BEST vulnerability scan report?

  A. Port

  B. Intrusive

  C. Host discovery

  D. Credentialed

  Correct Answer: D

  You'll get the most access and therefore the best intel regarding vulnerabilities if you have credentials to access the system.

• Question 635:

  Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots?

  A. Footprinting

  B. White-box testing

  C. A drone/UAV

  D. Pivoting

  Correct Answer: A

• Question 636:

  A security analyst in a SOC has been tasked with onboarding a new network into the SIEM. Which of the following BEST describes the information that should feed into a SIEM solution in order to adequately support an investigation?

  A. Logs from each device type and security layer to provide correlation of events

  B. Only firewall logs since that is where attackers will most likely try to breach the network

  C. Email and web-browsing logs because user behavior is often the cause of security breaches

  D. NetFlow because it is much more reliable to analyze than syslog and will be exportable from every device

  Correct Answer: A

  "A" should be the right exam answer. In the real world, you might have to be a bit more picky which logs to choose, as you have limitations like EPS based licenses for your SIEM or limited hardware resources, so it not always the best solution to feed everything to your SIEM.

• Question 637:

  A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender's email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks?

  A. SOAR playbook

  B. MOM policy

  C. Firewall rules

  D. URL filter

  E. SIEM data collection

  Correct Answer: A

  https://securityboulevard.com/2021/02/your-first-soar-use-case-phishing-triage/

• Question 638:

  The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern?

  A. install a smart meter on the staff WiFi.

  B. Place the environmental systems in the same DHCP scope as the staff WiFi.

  C. Implement Zigbee on the staff WiFi access points.

  D. Segment the staff WiFi network from the environmental systems network.

  Correct Answer: B

• Question 639:

  A recent security audit reveaied that @ popular website with IP address 172.16 1 also has an FTP service thal employees were using to store sensitive corporate data. The organization's outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 640:

  A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform?

  A. Code signing

  B. Fuzzing

  C. Manual code review

  D. Dynamic code analysis

  Correct Answer: B