CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 781:

  A major clothing company recently lost of large of priority information. The security officer must find a solution to ensure this never happens again. Which of the following is the BEST technician implementation to present this from happening again?

  A. Configure DLP solution
  B. Disable peer-to-peer sharing
  C. Enable role-based access controls.
  D. Mandate job rotation
  E. Implement content filters
  A. Configure DLP solution

  ---

  Explanation Explanation/Reference:Makes the most sense implementing a DLP solution wont allow this Proprietary information be leaked or sent from the inside of the company.

• Question 782:

  A security engineer needs to create a network segment that can be used for servers that require connections form untrusted networks. Which of the following should the engineer implement?

  A. An air gap
  B. A hot site
  C. A VLAN
  D. A screened subnet
  D. A screened subnet

  ---

  from the comptia official textbook: "A screened subnet (previously known as a demilitarized zone [DMZ]) is a special-purpose subnet that is designed specifically for low-trust users to access specific systems, such as the public accessing a web server. If the screened subnet is compromised, the private LAN isn't necessarily affected or compromised. Access to a screened subnet is usually controlled or restricted by a firewall and router system. The screened subnet can act as a buffer network between the public untrusted Internet and the private trusted LAN. This implementation is known as a screened subnet. It is deployed by placing the screened subnet between two firewalls, where one firewall leads to the Internet and the other to the private LAN. A screened subnet can also be deployed through the use of a multihomed firewall. Such a firewall has three interfaces: one to the Internet, one to the private LAN, and one to the screened subnet."

• Question 783:

  A bank detects fraudulent activity on user's account. The user confirms transactions completed yesterday on the bank's website at https://www.company.com. A security analyst then examines the user's Internet usage logs and observes the following output:

  

  Which of the following has MOST likely occurred?

  A. Replay attack
  B. SQL injection
  C. SSL stripping
  D. Race conditions
  C. SSL stripping

  ---

  Secure Sockets Layer (SSL) Stripping: Secure sockets layer (SSL) stripping is a man in the middle attack against all SSL and early versions of TLS connections. The attack is performed anywhere a man in the middle attack can happen, which makes wireless hotspots a prime location. The attack works by intercepting the initial connection request for HTTPS, redirecting it to an HTTP site, and then mediating in the middle. The reason the attack works is because the beginning of an SSL or TLS (v1.0 or v1.1) handshake is vulnerable to attack. The main defense is technical: only use TLS 1.2 or 1.3, as these versions have protections against the specific attack method.

• Question 784:

  A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website The malicious actor posted an entry in an attempt to trick users into cltckmg the following:

  

  Which of the following was MOST likely observed?

  A. DLL injection
  B. Session replay
  C. SOLI
  D. XSS
  D. XSS

  ---

  URL Structure: The URL starts with "https://www.c0mpt1a.com/contact-us/," which is a typical URL structure for a website's contact page. This part appears normal. Query Parameter: Following the "/", there is a query parameter represented as "?name=". Query parameters in a URL are often used to pass data to a web application. Payload: After the "name=" query parameter, there is a URL-encoded string: "%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E". Let's decode and analyze this payload step by step: "%3C" represents "". So, "%3Cscript%3E" is "", and "%3C%2Fscript%3E" is "" in HTML. Between the "" and "" tags, there is JavaScript code: "alert(document.cookie)".

• Question 785:

  A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds,

  Which of the following cryptographic techniques would BEST meet the requirement?

  A. Asymmatric
  B. Symmetric
  C. Homeomorphic
  D. Ephemeral
  C. Homeomorphic

  ---

  Explanation Explanation/Reference:

• Question 786:

  Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly?

  A. API integrations
  B. Auditing
  C. Resource policies
  D. Virtual networks
  C. Resource policies

• Question 787:

  A tax organization is working on a solution to validate the online submission of documents The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely.

  Which of the following is the BEST certificate for these requirements?

  A. User certificate
  B. Self-signed certificate
  C. Computer certificate
  D. Root certificate
  A. User certificate

  ---

  The best certificate for these requirements would be a user certificate. A user certificate is a digital certificate that is issued to an individual and is used to authenticate the user's identity when accessing a network or system. In this case, the organization could issue a user certificate to each individual who is authorized to submit documents online, and the certificate could be stored on a portable USB device. When the individual inserts the USB device into a computer and initiates a transaction, the user certificate would be used to securely authenticate the user's identity and allow the transaction to be processed. Other types of certificates such as a self-signed certificate, a computer certificate, or a root certificate could potentially be used for these purposes, but a user certificate would be the most appropriate solution in this scenario.

• Question 788:

  A malicious actor recently penetration a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

  A. Security
  B. Application
  C. Dump
  D. Syslog
  C. Dump

  ---

  Dump files are a special type of files that store information about your computer, the software on it, and the data loaded in the memory when something bad happens. They are usually automatically generated by Windows or by the apps that crash, but you can also manually generate them https://www.digitalcitizen.life/view-contents- dump-file/

• Question 789:

  In which of the following common use cases would steganography be employed?

  A. Obfuscation
  B. Integrity
  C. Non-repudiation
  D. Blockchain
  A. Obfuscation

  ---

  https://www.professormesser.com/security-plus/sy0-501/steganography-3/

• Question 790:

  A security engineer needs to Implement the following requirements:

  1.

  All Layer 2 switches should leverage Active Directory tor authentication.

  2.

  All Layer 2 switches should use local fallback authentication If Active Directory Is offline.

  3.

  All Layer 2 switches are not the same and are manufactured by several vendors.

  Which of the following actions should the engineer take to meet these requirements? (Select TWO).

  A. Implement RADIUS.
  B. Configure AAA on the switch with local login as secondary
  C. Configure port security on the switch with the secondary login method.
  D. Implement TACACS+
  E. Enable the local firewall on the Active Directory server.
  F. Implement a DHCP server
  A. Implement RADIUS.
  B. Configure AAA on the switch with local login as secondary

  ---

  Explanation Explanation/Reference:You need to implement the radius server. after that you have to configure the switch to use the AAA server (Radius in this case) with fallback to local authentication