CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 701:

  A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

  A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

  B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

  C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.

  D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

  Correct Answer: D

• Question 702:

  A local server recently crashed, and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate.

  The current solution appears to do a full backup every night.

  Which of the following would use the LEAST amount of storage space for backups?

  A. Aweekly, incremental backup with daily differential backups

  B. Aweekly, full backup with daily snapshot backups

  C. Aweekly, full backup with daily differential backups

  D. Aweekly, full backup with daily incremental backups

  Correct Answer: D

• Question 703:

  A remote user recently took a two-week vacation abroad and brought along a corporate- owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN.

  Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN?

  A. Due to foreign travel, the user's laptop was isolated from the network.

  B. The user's laptop was quarantined because it missed the latest path update.

  C. The VPN client was blacklisted.

  D. The user's account was put on a legal hold

  Correct Answer: A

• Question 704:

  In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

  A. Identification

  B. Preparation

  C. Eradiction

  D. Recovery

  E. Containment

  Correct Answer: E

• Question 705:

  A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

  A. One-time passwords

  B. Email tokens

  C. Push notifications

  D. Hardware authentication

  Correct Answer: C

  Multi-factor authentication (MFA) is a security process that requires users to provide additional evidence of their identity beyond just a username and password. When implementing MFA, it is essential to consider user experience, convenience, and ease of use factors. Push notifications can be an effective technology for implementing MFA because they are non-disruptive and user-friendly. With push notifications, users can receive a notification on their mobile devices when they need to authenticate themselves. They can then tap on the notification to complete the authentication process, without having to enter any additional information. Onetime passwords, email tokens, and hardware authentication are other options that can be used for implementing MFA, but they may not be as user-friendly as push notifications.

• Question 706:

  Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

  A. Machine learning

  B. DNS sinkhole

  C. Blocklist

  D. Honeypot

  Correct Answer: B

  The question states that the attack is happening, DNS Sink hole is a disruption technique that can be used to disrupt malware transmission at the very point of connection. Moreover, it can route suspect traffic to a different network, such as a honeynet, where it can be analyzed. See the following link: https://resources.infosecinstitute.com/topic/dns-sinkhole-can-protect-malware/

• Question 707:

  Which of the following stores data directly on devices with limited processing and storage capacity?

  A. Thin client

  B. Containers

  C. Edge

  D. Hybrid cloud

  Correct Answer: A

• Question 708:

  A security administrator currently spends a large amount of time on common security tasks, such as report generation, phishing investigations, and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator attempt?

  A. DAC

  B. ABAC

  C. SCAP

  D. SOAR

  Correct Answer: D

  Reference: https://searchsecurity.techtarget.com/definition/SOAR

• Question 709:

  A security manager runs Nessus scans of the network after every maintenance window.

  Which of the following is the security manger MOST likely trying to accomplish?

  A. Verifying that system patching has effectively removed knows vulnerabilities

  B. Identifying assets on the network that may not exist on the network asset inventory

  C. Validating the hosts do not have vulnerable ports exposed to the internet

  D. Checking the status of the automated malware analysis that is being performed

  Correct Answer: A

• Question 710:

  Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?

  A. Staging

  B. Test

  C. Production

  D. Development

  Correct Answer: A

  A staging environment is used to validate code that will be deployed. I have seen you providing answers with no context behind them and being wrong.