CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 801:

  Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?

  A. incident response pian

  B. Business continuity plan

  C. Communication pian

  D. Disaster recovery plan

  Correct Answer: C

  A communication plan is a policy-driven approach to providing company stakeholders with certain information

• Question 802:

  A network engineer at a company with a web server is building a new web environment with the following requirements:

  1.

  Only one web server at a time can service requests.

  2.

  If the primary web server fails, a failover needs to occur to ensure the secondary web server becomes the primary.

  Which of the following load-balancing options BEST fits the requirements?

  A. Cookie-based

  B. Active-passive

  C. Persistence

  D. Round robin

  Correct Answer: A

• Question 803:

  A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

  A. Trusted Platform Module

  B. A host-based firewall

  C. A DLP solution

  D. Full disk encryption

  E. A VPN

  F. Antivirus software

  Correct Answer: BE

  BandE are the only ones that protect against anyone that wanted to snoop via the open WIFI connection. A host based fire wall makes a firewall on your device, think of this as window's firewall. A VPN is used to make a secure connection which helps when you are in a public WIFI setting. A TPM or choice A would not help as its only to store/manage cryptographic keys not deal with people snooping on open WIFI

  B: Host based firewall on laptop

  E: VPN to create a secure connection. These questions needed to be review so that people don't get confused with their concepts.

• Question 804:

  Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

  A. SaaS

  B. PaaS

  C. IaaS

  D. DaaS

  Correct Answer: C

  IaaS provides clients with virtualized infrastructure resources over the internet. It includes servers, storage, and networking components, allowing clients to have more control over the infrastructure without having to manage the physical hardware. Clients can deploy and run their own applications, as well as manage operating systems and applications. However, the management of the underlying infrastructure, such as data centers and virtualization, is the responsibility of the cloud service provider.

• Question 805:

  A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:

  1.

  The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP

  2.

  The forged website's IP address appears to be 10.2.12.99. based on NetFtow records

  3.

  AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP

  4.

  DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

  Which of the following MOST likely occurred?

  A. A reverse proxy was used to redirect network traffic

  B. An SSL strip MITM attack was performed

  C. An attacker temporarily pawned a name server

  D. An ARP poisoning attack was successfully executed

  Correct Answer: C

  DNS (server cache) poisoning is also referred to as a "Redirection Attack" per the official CompTIA Certmaster study guide. The user was redirected to a website that looked like the legitimate one.

• Question 806:

  Which of the following BEST helps to demonstrate integrity during a forensic investigation?

  A. Event logs

  B. Encryption

  C. Hashing

  D. Snapshots

  Correct Answer: C

  Hahshing = Checksum = Integrity

• Question 807:

  A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review?

  A. Vulnerability feeds

  B. Trusted automated exchange of indicator information

  C. Structured threat information expression

  D. Industry information-sharing and collaboration groups

  Correct Answer: D

  What is an ISAO? An Information Sharing and Analysis Organization (ISAO) is a trusted community that actively collaborates to identify and disseminate information about cybersecurity threats. These organizations focus on providing technical information about attacks on businesses, governments and organizations. An ISAO gathers data about threat actors and their techniques from various sources. This data can come from governments, large and small companies, and cybersecurity organizations from around the world. The ISAO then crunches this data, turns it into useable information, and sends it to its members. Because an ISAO provides relevant, useful information, it effectively becomes a trusted advisor that raises an industry's cybersecurity resilience.

  https://connect.comptia.org/content/articles/what-is-an-isao

• Question 808:

  An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

  A. Data custodian

  B. Data controller

  C. Data proton officer

  D. Data processor

  Correct Answer: B

• Question 809:

  A securtly analyst wants to reference a standard to develop a risk management program. Which af the following ts the BEST source for the analyst to use?

  A. SSAE SOC 2

  B. SO 31000

  C. NIST CSF

  D. GDPR

  Correct Answer: B

  ISO 31000 The ISO 31000 Risk Management framework is an international standard that provides businesses with guidelines and principles for risk management from the International Organization for Standardization. Regulatory compliance initiatives are usually specific to a particular country and applicable to certain sized businesses or businesses in specific industries. However, ISO 31000 is designed to be used in organizations of any size. Its concepts work equally well in the public and the private sector, in large or small businesses and nonprofit organizations.

• Question 810:

  A user's PC was recently infected by malware. The user has a legacy printer without vendor support, and the user's OS is fully patched. The user downloaded a driver package from the internet. No threats were found on the downloaded file, but during file installation, a malicious runtime threat was detected. Which of the following is MOST likely cause of the infection?

  A. The driver has malware installed and was refactored upon download to avoid detection.

  B. The user's computer has a rootkit installed that has avoided detection until the new driver overwrote key files

  C. The user's antivirus software definitions were out of date and were damaged by the installation of the driver.

  D. The user's computer has been infected with a logic bomb set to run when new driver was installed

  Correct Answer: B