CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 721:

  A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

  A. Hacktivists
  B. White-hat hackers
  C. Script kiddies
  D. Insider threats
  A. Hacktivists

  ---

  First the executive is in a pretty high position to be a threat at all. Because an insider threat for me is someone with intention to harm the company. Second, by uploading an controversial article isn't going to harm the company directly.

• Question 722:

  Which of the following should customers who are involved with UI developer agreements be concerned with when considering the use of these products on highly sensitive projects?

  A. Weak configurations
  B. Integration activities
  C. Unsecure user accounts
  D. Outsourced code development
  D. Outsourced code development

• Question 723:

  A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts.

  Which of the following security practices would have addressed the issue?

  A. A non-disclosure agreement
  B. Least privilege
  C. An acceptable use policy
  D. Ofboarding
  D. Ofboarding

• Question 724:

  Which of the following actions would be recommended to improve an incident response process?

  A. Train the team to identify the difference between events and incidents
  B. Modify access so the IT team has full access to the compromised assets
  C. Contact the authorities if a cybercrime is suspected
  D. Restrict communication surrounding the response to the IT team
  A. Train the team to identify the difference between events and incidents

  ---

  The Preparation (initial phase) involves correct data events are being logged, the reporting of potential incidents is happening and personnel training. Nothing in B, C and D is referring to that.

• Question 725:

  A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

  A. internet
  B. Screened Subnet
  C. VLAN segmentation
  D. Zero Trust
  C. VLAN segmentation

• Question 726:

  The board of doctors at a company contracted with an insurance firm to limit the organization's liability. Which of the following risk management practices does the BEST describe?

  A. Transference
  B. Avoidance
  C. Mitigation
  D. Acknowledgement
  A. Transference

  ---

  Explanation Explanation/Reference:The board of directors at a company contracted with an insurance firm to limit the organization's liability BEST describes the risk management practice of transference. Transference is the process of transferring the risk of loss from one party to another, typically through the use of insurance. In this case, the company is transferring the risk of potential liability to the insurance firm by purchasing an insurance policy. This allows the company to limit its potential losses in the event of a liability claim. Options B, C, and D do not accurately describe the situation described in the question.

• Question 727:

  A company has hired an assessment team to test the security of the corporate network and employee vigilance. Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors. Which of the following is taking place?

  A. A red-team test
  B. A white-team test
  C. A purple-team test
  D. A blue-team test
  A. A red-team test

  ---

  A red-team test is a type of security assessment that simulates a real-world attack on an organization's network, systems, applications, and people. The goal of a red- team test is to evaluate the organization's security posture, identify vulnerabilities and gaps, and test the effectiveness of its detection and response capabilities. A red-team test is usually performed by a group of highly skilled security professionals who act as adversaries and use various tools and techniques to breach the organization's defenses. A red-team test is often conducted without the knowledge or consent of most of the organization's staff, except for a few senior executives who authorize and oversee the exercise. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://cybersecurity.att.com/blogs/security-essentials/what-is-red-teaming

• Question 728:

  Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a secunty analyst for further review The security analyst reviews the following metrics:

  

  Which of the following is MOST likely the result of the security analyst's review?

  A. The ISP is dropping outbound connections
  B. The user of the Sales-PC fell for a phishing attack C. Corporate PCs have been turned into a botnet
  D. An on-path attack is taking place between PCs and the router
  C

  ---

  The metrics show a significant increase in both CPU utilization and network connections for all the listed PCs compared to their normal values. This could indicate that the machines are being used for unauthorized activities. The current CPU utilization of all the PCs is significantly higher than the normal CPU utilization. This indicates that the PCs are running a lot of processes, which is a common symptom of a botnet infection. The number of current network connections for all the PCs is also significantly higher than the normal number of network connections. This is another common symptom of a botnet infection. A botnet is a network of computers that have been infected with malware and controlled by a remote attacker. The attacker can use the botnet to carry out a variety of malicious activities, such as sending spam, launching DDoS attacks, or stealing data.

• Question 729:

  On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

  A. Shoulder surfing
  B. Watering-hole attack
  C. Tailgating
  D. Impersonation
  C. Tailgating

• Question 730:

  A cybersecunty administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO)

  A. HIDS
  B. NIPS
  C. HSM
  D. WAF
  E. HIPS
  F. NIDS
  G. Stateless firewall
  B. NIPS
  D. WAF

  ---

  Explanation Explanation/Reference:A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-sitescripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model). A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. NIPS consists of NIDS and IPS. WAF is a firewall. NIPS can operate up to layer 7 by passing or allowing traffic