CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 691:

  he SIEM at an organization has detected suspicious traffic coming from a workstation in its internal network. An analyst in the SOC investigates the workstation and discovers malware that is associated with a botnet is installed on the device. A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

  A. The NOC team

  B. The vulnerability management team

  C. The CIRT

  D. The red team

  Correct Answer: C

  its CIRT Also known as a "computer incident response team," this group is responsible for responding to security breaches, viruses and other potentially catastrophic events . The NOC is network operations center , a centralized location where IT teams can continuously monitor the performance and health of a network(far away form incident responce

• Question 692:

  Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations?

  A. Least privilege

  B. Awareness training

  C. Separation of duties

  D. Mandatory vacation

  Correct Answer: C

• Question 693:

  A security administrator suspects an employee has been emailing proprietary information to a competitor.

  Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use?

  A. dd

  B. chmod

  C. dnsenum

  D. logger

  Correct Answer: A

  The basic purpose of this command is to transfer data from one drive to another while also making sure that the data itself is not changed. https://linuxhint.com/dd%C2%AC_command_forensics/

• Question 694:

  A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to implement a high availability pair to:

  A. ned that business may be negatecrease the mean time between failures.

  B. remove the single point of failure.

  C. cut down the mean time to repair,

  D. reduce the recovery time objective.

  Correct Answer: B

• Question 695:

  A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

  A. Physical

  B. Detective

  C. Preventive

  D. Compensating

  Correct Answer: D

  To reduce the risk created by this situation, compensating controls should be used. Compensating controls are alternative measures that can be put in place when a primary control is not feasible or effective. These controls are designed to compensate for the lack of a primary control and reduce the risk to an acceptable level. In this case, the company could implement compensating controls such as increasing the frequency of security audits, implementing intrusion detection systems, and restricting access to sensitive data.

• Question 696:

  A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

  A. A malicious USB was introduced by an unsuspecting employee.

  B. The ICS firmware was outdated

  C. A local machine has a RAT installed.

  D. The HVAC was connected to the maintenance vendor.

  Correct Answer: A

• Question 697:

  While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

  

  Which of the following should be the administrator's NEXT step to detect if there is a rague system without impacting availability?

  A. Conduct a ping sweep.

  B. Physically check each system.

  C. Deny Internet access to the "UNKNOWN" hostname.

  D. Apply MAC filtering.

  Correct Answer: A

  NEED FOR PING SWEEP

  Ping sweep is used for various purposes, such as improving and maintaining network security. It can also be used to:

  Discover active IP addresses on the network

  Ensure IP addresses on the network match the documentation

  Detect rogue devices connected to the network

• Question 698:

  Which of the following ISO standards is certified for privacy?

  A. ISO 9001

  B. ISO 27002

  C. ISO 27701

  D. ISO 31000

  Correct Answer: C

  ISO 27701 also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems. https://pecb.com/whitepaper/the-future-of-privacy-with-isoiec-27701

• Question 699:

  A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

  A. Something you know

  B. Something you have

  C. Somewhere you are

  D. Someone you are

  E. Something you are

  F. Something you can do

  Correct Answer: AB

  This is yet another poorly worded question, obviously the password is something you know, the authentication code is extremely vague. If you are like me you were looking for the option that this isn't MFA or two options of "something you know". But it is up to us to suss out that an authentication code can come from a item you have such as a phone or phob etc.....

• Question 700:

  Which of the following types of controls is a turnstile?

  A. Physical

  B. Detective

  C. Corrective

  D. Technical

  Correct Answer: A

  https://en.wikipedia.org/wiki/Turnstile#:~:text=A%20turnstile%20(also%20called%20a,%2C%20a%20pass%2C%20or%20similar.