CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 741:

  A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization:

  

  Which of the following attacks has taken place?

  A. Domain reputation
  B. Domain hijacking
  C. Disassociation
  D. DNS poisoning
  D. DNS poisoning

  ---

  DNS server cache poisoning aims to corrupt the records held by the DNS server itself. This can be accomplished by performing DoS against the server that holds the authorized records for the domain, and then spoofing replies to requests from other name servers. Another attack involves getting the victim name server to respond to a recursive query from the attacking host. A recursive query compels the DNS server to query the authoritative server for the answer on behalf of the client.

• Question 742:

  The Chief Compliance Officer from a bank has approved a background check policy for all new hires Which of the following is the policy MOST likely protecting against?

  A. Preventing any current employees' siblings from working at the bank to prevent nepotism
  B. Hiring an employee who has been convicted of theft to adhere to industry compliance
  C. Filtenng applicants who have added false information to resumes so they appear better qualified
  D. Ensuring no new hires have worked at other banks that may be trying to steal customer information
  B. Hiring an employee who has been convicted of theft to adhere to industry compliance

  ---

  Source: https://www.pcicomplianceguide.org/what-does-the-pci-dss-say-about-employee-background-checks/ PCI DSS requires background checks for employees handling credit card holder data.

• Question 743:

  Which of the following is a cryptographic concept that operates on a fixed length of bits?

  A. Block cipher
  B. Hashing
  C. Key stretching
  D. Salting
  A. Block cipher

  ---

  Explanation Explanation/Reference:Single-key or symmetric-key encryption algorithms create a fixed length of bits known as a block cipher with a secret key that the creator/sender uses to encipher data (encryption) and the receiver uses to decipher it.

• Question 744:

  An organization plans to take online orders via a new website. Three web servers are available for this website. However, the organization does not want to reveal the network addresses or quantity of the individual servers to the general public. Which of the following would best fulfill these requirements?

  A. IPSec
  B. Explicit proxy
  C. Port security
  D. Virtual IP
  D. Virtual IP

• Question 745:

  An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

  A. FRR
  B. Difficulty of use
  C. Cost
  D. FAR
  E. CER
  D. FAR

  ---

  The Crossover Error Rate (CER) describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal. CER is also known as the Equal Error Rate (EER). The Crossover Error Rate describes the overall accuracy of a biometric system.

• Question 746:

  After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

  A. loT sensor
  B. Evil twin
  C. Rogue access point
  D. On-path attack
  C. Rogue access point

• Question 747:

  The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

  A. prepending
  B. An influence campaign
  C. A watering-hole attack.
  D. Intimidation.
  E. Information elicitation.
  B. An influence campaign

  ---

  From Chapter 1 Social Engineering Techniques Influence campaigns involve the use of collected information and selective publication of material to key individuals in an attempt to alter perceptions and change people's minds on a topic. One can engage in an influence campaign against a single person, but the effect is limited. Influence campaigns are even more powerful when used in conjunction with social media to spread influence through influencer propagation. Influencers are people who have large followings of people who read what they post, and in many cases act in accordance or agreement. This results in an amplifying mechanism, where single pieces of disinformation can be rapidly spread and build a following across the Internet. https://www.darpa.mil/program/influence-campaign-awareness-and-sensemaking

• Question 748:

  A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

  A. Run a vulnerability scan against the CEOs computer to find possible vulnerabilities
  B. Install a sandbox to run the malicious payload in a safe environment
  C. Perform a traceroute to identify the communication path
  D. Use netstat to check whether communication has been made with a remote host
  B. Install a sandbox to run the malicious payload in a safe environment

• Question 749:

  Security analysts are conducting an investigation of an attack that occurred inside the organization's network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:

  

  The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

  A. SQL injection
  B. DNS spoofing
  C. MAC flooding
  D. ARP poisoning
  C. MAC flooding

  ---

  Explanation Explanation/Reference:The question mentions that the table is on Layer 2 which is the Data link layer. The data-link layer is where switches operates on to move traffic. Switches will use MAC addresses to find the physical address of the device. This is because the Layer 2 address(MAC Address) will be unique on the local network. MAC flooding is a cyber attack that overflows the MAC Table (Layer 2 Table) of switches by sending out invalid MAC addresses. When a MAC Address table is full, the switch is no longer able to save new addresses, so it will enter into fail-open mode and begin broadcasting data (like a hub) to all ports. This will allow an attacker to get data packets intended for another computer and be able to steal sensitive information.

• Question 750:

  A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away. Which of the following solutions should the CISO implement?

  A. VAF
  B. SWG
  C. VPN
  D. WDS
  B. SWG

  ---

  A secure web gateway (SWG) is a solution that can filter and block malicious or inappropriate web traffic based on predefined policies. It can protect users from web- based threats, such as malware, phishing, or ransomware, whether they are in the office or away. An SWG can be deployed as a hardware appliance, a software application, or a cloud service. References: https://www.comptia.org/content/guides/what-is-a-secure-web- gateway