CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 651:

  In a phishing attack, the perpetrator is pretending to be someone in a position of power in an effort to influence the target to click or follow the desired response. Which of the following principles is being used?

  A. Authority

  B. Intimidation

  C. Consensus

  D. Scarcity

  Correct Answer: B

  Whaling is highly tailored to their audiences and often include: the victim's name, job title, and basic details that make the communications look legitimate.

• Question 652:

  Which of the following supplies non-repudiation during a forensics investigation?

  A. Dumping volatile memory contents first

  B. Duplicating a drive with dd

  C. Using a SHA-2 signature of a drive image

  D. Logging everyone in contact with evidence

  E. Encrypting sensitive data

  Correct Answer: C

  Nonrepudiation is specifically talking about the proof that someone has done something on the system. Taking a hash of the original disk is proof that it represents the state of the data when the investigation began. It's not a signature in the sense of an encryption cert or something like that, but it is definitely a method of ensuring that the data on the drive represents the user's changes, vice those of the investigator or someone else after the fact. Chain of custody doesn't apply because nonrepudiation is talking about the data itself.

• Question 653:

  An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

  1.

  Check-in/checkout of credentials

  2.

  The ability to use but not know the password

  3.

  Automated password changes

  4.

  Logging of access to credentials

  Which of the following solutions would meet the requirements?

  A. OAuth 2.0

  B. Secure Enclave

  C. A privileged access management system

  D. An OpenID Connect authentication system

  Correct Answer: C

  C. PAM via Messer Privileged access management (PAM) Managing superuser access

  -Administrator and Root

  -You don't want this in the wrong hands Store privileged accounts in a digital vault

  -Access is only granted from the vault by request

  -These privileges are temporary PAM advantages

  -Centralized password management

  -Enables automation

  -Manage access for each user

  -Extensive tracking and auditin

• Question 654:

  A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future?

  A. Use appropriate signage to mark all areas.

  B. Utilize cameras monitored by guards.

  C. Implement access control vestibules.

  D. Enforce escorts to monitor all visitors.

  Correct Answer: C

  An access control vestibule, or mantrap, is a physical access control system designed to prevent unauthorized individuals from following authorized individuals into facilities with controlled access. This question is asking for a way to prevent physical access to restricted area and this method would address this.

• Question 655:

  Which of the following is the MOST effective way to detect security flaws present on third- party libraries embedded on software before it is released into production?

  A. Employ different techniques for server- and client-side validations.

  B. Use a different version control system for third-party libraries.

  C. Implement a vulnerability scan to assess dependencies earlier on SDLC.

  D. Increase the number of penetration tests before software release.

  Correct Answer: C

  The most effective way to detect security flaws present on third-party libraries embedded on software before it is released into production is to implement a vulnerability scan to assess dependencies earlier on the SDLC, or software development life cycle. A vulnerability scan is a type of security assessment that involves identifying and analyzing potential vulnerabilities in a system or application. By conducting a vulnerability scan earlier on in the SDLC, the development team can identify any security flaws in the third-party libraries before the software is released into production. This can help prevent security issues from being introduced into the production environment and ensure that the software is secure and compliant. Employing different techniques for server- and client-side validations, using a different version control system for third-party libraries, and increasing the number of penetration tests are not directly related to detecting security flaws in third-party libraries.

• Question 656:

  An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization?

  A. Shadow IT

  B. An insider threat

  C. A hacktivist

  D. An advanced persistent threat

  Correct Answer: D

  https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat/ https://csrc.nist.gov/glossary/term/advanced_persistent_threat

• Question 657:

  A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string

  Which of the following would be BEST to use to accomplish the task? (Select TWO).

  A. head

  B. Tcpdump

  C. grep

  D. rail

  E. curl

  F. openssi

  G. dd

  Correct Answer: AC

  A - "analyst needs to review the first transactions quickly" C - "search the entire series of requests for a particular string"

  To simplify

  The head command by default will display the first 10 lines of a file... which is correct!

  The grep command will search anything you want... which of course is correct!

  Now...

  Tcpdump is used to capture traffic (sniffing) or read PCAP files.

  The tail command by default will display the last 10 files.

  The curl tool is used to download/read resources from the web (HTML, text, files... etc.)/

  OpenSSL is ... SSL related.

  dd is for binary business and copy files/drives (generally speaking).

• Question 658:

  The Chief Information Secunty Officer came across a news arbcle outining a mechan'sm thal allows certan OS passwords to be bypassed The security team was then tasked with determining which method could be used to prevent data loss in the corporate environment in case an attacker bypasses authentication Which of the following will accomplish this objective?

  A. FDE

  B. Proper patch management protocols

  C. TPM

  D. Input validations

  Correct Answer: A

• Question 659:

  An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization's needs for a third factor?

  A. Date of birth

  B. Fingerprints

  C. PIN

  D. TPM

  Correct Answer: B

• Question 660:

  A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall.

  Which of the following would be the BEST option to remove the rules?

  A. # iptables -t mangle -X

  B. # iptables -F

  C. # iptables -Z

  D. # iptables -P INPUT -j DROP

  Correct Answer: B