CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 751:

  A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?

  1.

  The solution must be inline in the network

  2.

  The solution must be able to block known malicious traffic

  3.

  The solution must be able to stop network-based attacks

  Which of the following should the network administrator implement to BEST meet these requirements?

  A. HIDS
  B. NIDS
  C. HIPS
  D. NIPS
  D. NIPS

  ---

  1. "The solution must be inline in the network"; can't be host based so NIDS or NIPS. 2. "The solution must be able to block known malicious traffic."; can't be IDS as must prevent so NIPS. 3. "The solution must be able to stop network-based attacks."; again, network based so can't be HIDS or HIPS.

• Question 752:

  A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

  A. DDoS
  B. Privilege escalation
  C. DNS poisoning
  D. Buffer overflow
  A. DDoS

  ---

  The scenario described in the question is indicative of a Distributed Denial of Service (DDoS) attack. In a DDoS attack, the attacker floods a target system or network with a massive amount of traffic, overwhelming its resources and causing services to become unavailable to legitimate users. In this case, the security analyst identified and blocked a specific source IP address involved in the attack, but the attack is still ongoing from multiple other source IP addresses. DDoS attacks typically involve a large number of compromised or maliciously controlled devices (such as botnets) that are distributed across various locations, making it difficult to stop the attack by simply blocking individual sources.

• Question 753:

  A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate that could be in use on the company domain?

  A. Private key and root certificate
  B. Public key and expired certificate
  C. Private key and self-signed certificate
  D. Public key and wildcard certificate
  C. Private key and self-signed certificate

  ---

  Private key and self-signed certificate. This is the type of uniidentied key and the certificate that could be in use on the company domain if a spoofed identity was detected. A private key is needed to create a self-signed certificate, and a self-signed certificate is vulnerable to spoofing.

• Question 754:

  Which of the following allow access to remote computing resources, a operating system and centrdized configuration and data?

  A. Containers
  B. Edge computing
  C. Thin client
  D. Infrastructure as a service
  C. Thin client

  ---

  Thin clients are devices that have minimal hardware and software components and rely on a remote server to provide access to computing resources, an operating system, and centralized configuration and data. Thin clients can reduce the cost, complexity, and security risks of managing multiple devices.

• Question 755:

  A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

  

  Which of the following attacks was successfully implemented based on the output?

  A. Memory leak
  B. Race conditions
  C. SQL injection
  D. Directory traversal
  D. Directory traversal

  ---

  A - Memory Leak - If there was a memory leak, the first line of the HTTP header probably wouldn't be HTTP/1.0 200 OK because it'd likely result in the server crashing. It is possible to have an ongoing memory leak without crashing the server, but there is no evidence of that. B - Race conditions - There is no evidence of race conditions. C - SQL injection - There is no evidence of SQL injection. D - Directory Traversal - This picture shows the output of an HTTP response, including both a header (first three lines) and a body. An HTTP response should not contain a body, especially one consisting of the contents of the passwd file. So the HTTP request was probably something like "example.com/../../../../../../../etc/passwd".

• Question 756:

  A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment Which of the following is an immediate consequence of these integrations?

  A. Non-compliance with data sovereignty rules
  B. Loss of the vendor's interoperability support
  C. Mandatory deployment of a SIEM solution
  D. Increase in the attack surface
  D. Increase in the attack surface

  ---

  While Non-compliance with data sovereignty rules is an implication of having multiple cloud providers at DIFFERENT countries, this is not specified in the question, besides, they are security solutions, which typically means they will not collect any kind of PII, PHI, SPI

• Question 757:

  An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?

  A. The vulnerability scanner was not properly configured and generated a high number of false positives
  B. Third-party libraries have been loaded into the repository and should be removed from the codebase.
  C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.
  D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.
  A. The vulnerability scanner was not properly configured and generated a high number of false positives

  ---

  The most likely cause for the high number of findings is that the vulnerability scanner was not properly configured and generated a high number of false positives. False positive results occur when a vulnerability scanner incorrectly identifies a non-vulnerable system or application as being vulnerable. This can happen due to incorrect configuration, over- sensitive rule sets, or outdated scan databases. https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia- security-plus- course/

• Question 758:

  Which of the following represents a biometric FRR?

  A. Authorized users being denied access
  B. Users failing to enter the correct PIN
  C. The denied and authorized numbers being equal
  D. The number of unauthorized users being granted access
  A. Authorized users being denied access

  ---

  Explanation Explanation/Reference:This is from chapter Authentication and Authorization, The false rejection rate (FRR) determines level false negatives, or rejections

• Question 759:

  While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

  A. Data loss prevention
  B. Blocking IP traffic at the firewall
  C. Containerization
  D. File integrity monitoring
  A. Data loss prevention

  ---

  Data loss prevention (DLP) is a set of tools and processes that aim to prevent unauthorized access, use, or transfer of sensitive data. DLP can help reduce the risk of further exfiltration using file storage sites on the internet by monitoring and controlling data flows across endpoints, networks, and cloud services. DLP can also detect and block attempts to copy, upload, or download sensitive data to or from file storage sites based on predefined policies and rules. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.microsoft.com/en-us/security/business/security-101/what-is-data-loss- prevention-dlp

• Question 760:

  Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

  A. IP schema
  B. Application baseline configuration
  C. Standard naming convention policy
  D. Wireless LAN and network perimeter diagram
  C. Standard naming convention policy

  ---

  A standard naming convention policy would provide guidelines on how to label new network devices as part of the initial configuration. A standard naming convention policy is a document that defines the rules and formats for naming network devices, such as routers, switches, firewalls, servers, or printers. A standard naming convention policy can help an organization achieve consistency, clarity, and efficiency in network management and administration. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/ PathIsol ationDesignGuide/PathIsolationDesignGuide.pdf