CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 771:

  When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

  A. Acceptance

  B. Mitigation

  C. Avoidance

  D. Transference

  Correct Answer: D

• Question 772:

  Given the following logs:

  

  Which of the following BEST describes the type of attack that is occurring?

  A. Rainbow table

  B. Dictionary

  C. Password spraying

  D. Pass-the-hash

  Correct Answer: C

• Question 773:

  An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication?

  A. Quarantining the compromised accounts and computers, only providing them with network access

  B. Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.

  C. Isolating the compromised accounts and computers, cutting off all network and internet access.

  D. Logging off and deleting the compromised accounts and computers to eliminate attacker access.

  Correct Answer: B

• Question 774:

  An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files.

  Which of the following controls should the organization consider to mitigate this risk?

  A. EDR

  B. Firewall

  C. HIPS

  D. DLP

  Correct Answer: D

• Question 775:

  Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

  A. Development

  B. Staging

  C. Production

  D. Test

  Correct Answer: B

• Question 776:

  A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

  1.

  The devices will be used internationally by staff who travel extensively.

  2.

  Occasional personal use is acceptable due to the travel requirements.

  3.

  Users must be able to install and configure sanctioned programs and productivity suites.

  4.

  The devices must be encrypted

  5.

  The devices must be capable of operating in low-bandwidth environments.

  Which of the following would provide the GREATEST benefit to the security posture of the devices?

  A. Configuring an always-on VPN

  B. Implementing application whitelisting

  C. Requiring web traffic to pass through the on-premises content filter

  D. Setting the antivirus DAT update schedule to weekly

  Correct Answer: A

  1-hackers spying on network traffic

  2-they can still install stuff. app listing would only allow stuff IT OK'd. Do you want to tell IT all your personal apps?

  3-Sure can

  4-network traffic is encrypted. These better have minimum TPM and antimalware on them.

  5-Always on vpn is faster then regular vpn - our company has been using it for years.

• Question 777:

  A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

  A. Security patches were uninstalled due to user impact.

  B. An adversary altered the vulnerability scan reports

  C. A zero-day vulnerability was used to exploit the web server

  D. The scan reported a false negative for the vulnerability

  Correct Answer: D

• Question 778:

  A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows. Which of the following is MOST likely the cause of the malware infection?

  A. Open permissions

  B. Improper or weak patch management

  C. Unsecure root accounts

  D. Default settings

  Correct Answer: B

  The reason for this is that older versions of Windows may have known vulnerabilities that have been patched in more recent versions. If a company is not regularly patching their systems, they are leaving those vulnerabilities open to exploit, which can allow malware to infect the systems. It is important to regularly update and patch systems to address known vulnerabilities and protect against potential malware infections. This is an important aspect of proper security management. Here is a reference to the CompTIA Security+ certification guide which states that "Properly configuring and maintaining software, including patch management, is critical to protecting systems and data." Reference: CompTIA Security+ Study Guide: SY0-601 by Emmett Dulaney, Chuck Easttom https:// www.wiley.com/en-us/CompTIA+Security%2B+Study+Guide%3A+SY0- 601-p-9781119515968

• Question 779:

  Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation (or a few days). Which of the following attacks can the account lockout be attributed to?

  A. Backdoor

  B. Brute-force

  C. Rootkit

  D. Trojan

  Correct Answer: B

  The account lockout can be attributed to a brute-force attack. A brute-force attack is a type of attack where an attacker attempts to guess a user's password by continually trying different combinations of characters. In this case, it is likely that the security engineer's account was locked out due to an attacker attempting to guess their password. Backdoor, rootkit, and Trojan attacks are not relevant in this scenario.

• Question 780:

  Which ol the following is required in order or an IDS and a WAF to be effective on HTTPS traffic?

  A. Hashing

  B. DNS sinkhole

  C. TLS inspection

  D. Data masking

  Correct Answer: C

  TLS (Transport Layer Security) is a protocol that is used to encrypt data sent over HTTPS (Hypertext Transfer Protocol Secure). In order for an intrusion detection system (IDS) and a web application firewall (WAF) to be effective on HTTPS traffic, they must be able to inspect the encrypted traffic. TLS inspection allows the IDS and WAF to decrypt and inspect the traffic, allowing them to detect any malicious activity. References:

  [1] CompTIA Security+ Study Guide Exam SY0-601 [1], Sixth Edition, Chapter 11, "Network Security Monitoring" [2] CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, Chapter 7, "Intrusion Detection and Prevention"