CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 741:

  A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

  A. Create an OCSP

  B. Generate a CSR

  C. Create a CRL

  D. Generate a .pfx file

  Correct Answer: B

  A certificate signing request (CSR) is one of the first steps towards getting your own SSL/TLS certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key. We'll go into more details on the roles of these keys below.

• Question 742:

  A user downloaded an extension for a browser, and the user's device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data. The following was observed

  running:

  New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -DriveLetter C - FileSystemLabel "New"-FileSystem NTFS - Full -Force -Confirm:$false |

  Which of the following is the malware using to execute the attack?

  A. PowerShell

  B. Python

  C. Bash

  D. Macros

  Correct Answer: A

  The code in question uses 'NTFS' which stands for New Technology File System that is used by Microsoft. Using the process of elimination, bash is used for Linux systems, and macros can be used by any scripting language, which leaves us Python and PowerShell.

  PowerShell uses capitals in each word throughout the code, python does not.

• Question 743:

  An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

  A. DNS cache poisoning

  B. Domain hijacking

  C. Distributed denial-of-service

  D. DNS tunneling

  Correct Answer: A

  DNS Client Cache Poisoning - Even though all name resolution now functions through DNS, the HOSTS file is still present and most operating systems check the file before using DNS. Its contents are loaded into a cache of known name:IP mappings and the client only contacts a DNS server if the name is not cached. Therefore, if an attacker is able to place a false name: IP address mapping in the HOSTS file and effectively poison the DNS cache, he or she will be able to redirect traffic. The HOSTS file requires administrator access to modify. In UNIX and Linux systems it is stored as /etc/hosts, while in Windows it is placed in %SystemRoot%\System32\Drivers\etc\hosts.

• Question 744:

  A security administrator needs to create a RAID configuration that is focused on high read/write speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

  A. RA1D 0

  B. RAID1

  C. RAID 5

  D. RAID 10

  Correct Answer: D

  RAID 0 - no fault tollerance/ high write speed RAID 1 - low write speed RAID 5 - low write speed RAID 10 - fault tolerance of RAID 1 + high speed of RAID 0

  https://techgenix.com/raid-10-vs-raid-5/

• Question 745:

  A security engineer is reviewing log files after a third discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

  A. Man-in- the middle

  B. Spear-phishing

  C. Evil twin

  D. DNS poising

  Correct Answer: D

  DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer (or any other computer). https://en.wikipedia.org/wiki/DNS_spoofing

• Question 746:

  A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the following BEST describes these systems?

  A. DNS sinkholes

  B. Hafieypots

  C. Virtual machines

  D. Neural networks

  Correct Answer: B

  Honeypots are decoy systems or resources intentionally set up by an organization to attract and monitor unauthorized users, attackers, or malware. These systems are isolated from the production network and have no legitimate purpose, making any activity on them highly suspicious. The primary goal of honeypots is to gather information about the tactics, techniques, and procedures used by attackers and to learn more about their motives and potential threats to the organization.

• Question 747:

  A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

  A. Developing an incident response plan

  B. Building a disaster recovery plan

  C. Conducting a tabletop exercise

  D. Running a simulation exercise

  Correct Answer: C

  This is a tabletop exercise as they are talking about all hypothetical events that could happen a and what to do if it where to happen. A simulation on the other hand would be recreating a specific event to practice what to do in that scenario.

• Question 748:

  An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?

  A. Incident response

  B. Communications

  C. Disaster recovery

  D. Data retention

  Correct Answer: C

• Question 749:

  A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Select TWO)

  A. DNSSEC

  B. Reverse proxy

  C. VPN concentrator

  D. PKI

  E. Active Directory

  F. RADIUS

  Correct Answer: DF

  Developing a robust WPA2-Enterprise network requires additional tasks, like setting up a PKI or CA (Certificate Authority), to seamlessly distribute certificates to users. But contrary to what you might think, you can make any of these upgrades without buying new hardware or making changes to the infrastructure. For example, rolling out guest access or changing the authentication method can be accomplished without additional infrastructure. Recently, many institutions have been switching EAP methods from PEAP to EAP-TLS after seeing noticeable improvement in connection time and roaming ability or switching from a physical RADIUS server to a Cloud RADIUS solution. Improving the functionality of wireless networks can be gained without changing a single piece of hardware.

• Question 750:

  Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

  A. Testing security systems and processes regularly

  B. Installing and maintaining a web proxy to protect cardholder data

  C. Assigning a unique ID to each person with computer access

  D. Encrypting transmission of cardholder data across private networks

  E. Benchmarking security awareness training for contractors

  F. Using vendor-supplied default passwords for system passwords

  Correct Answer: AC

  This is straight forward, Admin please update the answer.. plz check 8 and 11 https://www.controlcase.com/what-are-the-12-requirements-of-pci-dss-compliance/ https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security