CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 651:

  one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

  A. Birthday collision on the certificate key
  B. DNS hyacking to reroute traffic
  C. Brute force to the access point
  D. A SSUTLS downgrade
  D. A SSUTLS downgrade

• Question 652:

  A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

  A. Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network
  B. Change the password for the guest wireless network every month.
  C. Decrease the power levels of the access points for the guest wireless network.
  D. Enable WPA2 using 802.1X for logging on to the guest wireless network.
  A. Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

  ---

  Configuring the guest wireless network on a separate VLAN: This is the most effective solution. It isolates the guest network from the internal network, ensuring that visitors can access the internet but cannot access internal company resources. It provides both security and ease of use, as visitors can connect easily without the need for frequent password changes or complex authentication processes.

• Question 653:

  Which of the following is a detective and deterrent control against physical intrusions?

  A. Alock
  B. An alarm
  C. A fence
  D. Asign
  B. An alarm

• Question 654:

  A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

  A. Perform a vulnerability scan to identify the weak spots.
  B. Use a packet analyzer to investigate the NetFlow traffic
  C. Check the SIEM to review the correlated logs.
  D. Require access to the routers to view current sessions,
  C. Check the SIEM to review the correlated logs.

  ---

  A SIEM (Security Information and Event Management) system collects and aggregates logs from various sources across an enterprise's network and IT infrastructure. It can correlate and analyze these logs to identify security incidents and provide a comprehensive view of activities across the network. In the case of a data breach investigation, the SIEM can be a valuable tool to review the logs generated during the attack and trace the attacker's activities from the perimeter network to the sensitive information.

• Question 655:

  A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?

  A. Vishing
  B. Whaling
  C. Phishing
  D. Smishing
  D. Smishing

  ---

  Explanation Explanation/Reference:Pretty straightforward. Smishing, a portmanteau of SMS and phishing, is a specific type of phishing done via text messaging, and it's commonly used to orchestrate invoice scams or otherwise harvest credentials.

• Question 656:

  In which of the following situations would it be BEST to use a detective control type for mitigation?

  A. A company implemented a network load balancer to ensure 99.999% availability of its web application.
  B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.
  C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.
  D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.
  E. A company purchased liability insurance for flood protection on all capital assets.
  D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.

  ---

  A: Not sure a load balancer directly falls into a specific control type, but maybe preventive? B: Backups from disasters are corrective C: Firewalls are preventive D: IPS can be considered detective and preventive. The answer makes absolutely no sense, but this is the only one that has anything to do with detection. E: Insurance, compensating

• Question 657:

  Which of the following must be considered when designing a high-availability network? (Choose two.)

  A. Ease of recovery
  B. Ability to patch
  C. Physical isolation
  D. Responsiveness
  E. Attack surface
  F. Extensible authentication
  A. Ease of recovery
  D. Responsiveness

  ---

  Ease of recovery: High-availability networks should be designed in a way that allows for quick and easy recovery in the event of a failure. Redundancy, failover mechanisms, and backup systems are some of the components that can help facilitate smooth recovery. Responsiveness: High-availability networks need to be responsive to ensure that any potential issues or failures are quickly detected, and appropriate actions are taken promptly to minimize downtime and impact.

• Question 658:

  Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?

  A. An annual privacy notice
  B. A non-disclosure agreement
  C. A privileged-user agreement
  D. A memorandum of understanding
  A. An annual privacy notice

  ---

  From comptia official textbook: "A privacy notice is typically an externally-facing document informing customers, users, or stakeholders about what the organization does with PII. It's also called a privacy statement."

• Question 659:

  Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

  A. Service accounts
  B. Account audits
  C. Password complexity
  D. Lockout policy
  B. Account audits

• Question 660:

  The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed Which of the following solutions should the SOC consider to BEST improve its response time?

  A. Configure a NIDS appliance using a Switched Port Analyzer
  B. Collect OSINT and catalog the artifacts in a central repository
  C. Implement a SOAR with customizable playbooks
  D. Install a SIEM with community-driven threat intelligence
  C. Implement a SOAR with customizable playbooks

  ---

  SOAR (Security Orchestration, Automation, and Response) Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level threats. (frees up some of the CSIRT time)