CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 731:

  Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

  A. Fog computing

  B. VM escape

  C. Software-defined networking

  D. Image forgery

  E. Container breakout

  Correct Answer: B

  VM escape, also known as virtual machine escape or hypervisor escape, refers to the ability of code running within a virtual machine (guest OS) to break out of the virtualized environment and access the underlying hypervisor or host operating system. This could potentially allow an attacker to gain unauthorized access to the host system, compromising the entire virtualization infrastructure.

  It is a significant security concern in virtualized environments because compromising the hypervisor can lead to the compromise of all the virtual machines running on that host, effectively bypassing the isolation and security measures provided by virtualization.

• Question 732:

  A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

  A. Configure the perimeter firewall to deny inbound external connections to SMB ports.

  B. Ensure endpoint detection and response systems are alerting on suspicious SMB connections.

  C. Deny unauthenticated users access to shared network folders.

  D. Verify computers are set to install monthly operating system, updates automatically.

  Correct Answer: A

  If its' zero day there is no prepared IDS v IPS solutions; hence the most ssecure to block all SMB traffic (might be problematic, but this might be only temporary solution until zero-day stop being zero-day)

• Question 733:

  A security analyst reports a company policy volation ina case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized dowloads are occurring. The @nalyst also discovers a couple of WAP are using the same SSID, but they have non-siandard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

  A. Evil twin

  B. Jamming

  C. DNS poisoning

  D. Bluesnarfing

  E. DDoS

  Correct Answer: A

• Question 734:

  A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause?

  A. Checksums

  B. Watermarks

  C. Oder of volatility

  D. A log analysis

  E. A right-to-audit clause

  Correct Answer: D

  If it had mentioned Cloud, it could have been E. You need to write the right to audit clause in to cloud contracts etc. At least you could make that argument it would be E. However based on the wording, the only feasible option is D. Watermarks would let you ascertain the document is yours, but it is shared on company owned websites, so watermark is a security aspect of the document etc.

  https://www.sumologic.com/glossary/log-analysis/ "While companies can operate private clouds, forensics in a public cloud are complicated by the right to audit permitted to you by your service level agreement (SLA) with the cloud provider."

• Question 735:

  Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)

  A. Cross-site scripting

  B. Data exfiltration

  C. Poor system logging

  D. Weak encryption

  E. SQL injection

  F. Server-side request forgery

  Correct Answer: AE

  talking about web based security

• Question 736:

  A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks Which of the following would be BEST for the security manager to use in a threat mode?

  A. Hacktivists

  B. White-hat hackers

  C. Script kiddies

  D. Insider threats

  Correct Answer: A

  First the executive is in a pretty high position to be a threat at all. Because an insider threat for me is someone with intention to harm the company. Second, by uploading an controversial article isn't going to harm the company directly.

• Question 737:

  A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

  A. Loss of proprietary information

  B. Damage to the company's reputation

  C. Social engineering

  D. Credential exposure

  Correct Answer: A

  In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information think phishing, spoofing. That is not being demonstrated in this question. The company is protecting themselves from loss of proprietary information by clearing it all out. so that if anyone in the tour is looking to take it they will be out of luck

• Question 738:

  A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective?

  A. OAuth

  B. SSO

  C. SAML

  D. PAP

  Correct Answer: C

• Question 739:

  An organidation recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation, a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved. Which of the following attacks MOST likely explains the behavior?

  A. Birthday

  B. Rainbow table

  C. Impersonation

  D. Whaling

  Correct Answer: C

• Question 740:

  Which of the following would MOST likely support the integrity of a voting machine?

  A. Asymmetric encryption

  B. Blockchain

  C. Transport Layer Security

  D. Perfect forward secrecy

  Correct Answer: B

  As Per notes from Professor Messer Blockchain A distributed ledger -Keep track of transactions Everyone on the blockchain network maintains the ledger

  -Records and replicates to anyone and everyone Many practical applications ?Payment processing

  -Digital identification

  -Supply chain monitoring ?Digital voting