CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 811:

  Which of the following would satisfy three-factor authentication?

  A. Password, retina scanner, and NFC card

  B. Password, fingerprint scanner, and retina scanner

  C. Password, hard token, and NFC card

  D. Fingerpnint scanner, hard token, and retina scanner

  Correct Answer: A

• Question 812:

  An application owner has requested access for an external application to upload data from the central internal website without providing credentials at any point. Which of the following authentication methods should be configured to allow this type of integration access?

  A. OAuth

  B. SSO

  C. TACACS+

  D. Kerberos

  Correct Answer: B

• Question 813:

  A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

  Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.

  Which of the following BEST describe this type of attack? (Choose two.)

  A. DoS

  B. SSL stripping

  C. Memory leak

  D. Race condition

  E. Shimming

  F. Refactoring

  Correct Answer: AC

  A DoS attack is a type of cyber attack that is designed to disrupt the availability of a network, system, or service. In this case, the attacker is using the exploit outlined in the CVE to disrupt the availability of Internet and VoIP services at the university's remote campuses.

  A Memory Leak is a type of software bug that occurs when a program or application allocates memory for a task, but fails to release the memory when it is no longer needed. This can lead to a depletion of available memory resources, causing the system to crash or become unstable. The fact that the outages at the university are occurring at random intervals and are being caused by system reloads suggests that a Memory Leak may be present.

• Question 814:

  Which of the following policies establishes rules to measure third-party work tasks and ensure deliverables are provided within a specific time line?

  A. SLA

  B. MOU

  C. AUP

  D. NDA

  Correct Answer: A

• Question 815:

  Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.)

  A. Unsecure protocols

  B. Use of penetration-testing utilities

  C. Weak passwords

  D. Included third-party libraries

  E. Vendors/supply chain

  F. Outdated anti-malware software

  Correct Answer: DE

  A. Unsecure protocols

  --> Could be correct. This is a vector that could be used shortly before the final release to somehow include malicious code.

  B. Use of penetration-testing utilities

  --> Makes no sense

  C. Weak passwords

  --> Is an attack vector and "unauthorized" could match that. Might be correct.

  D. Included third-party libraries

  --> unintentional would fit. But if there was something wrong with a 3rd party libary, that should have been discovered before the final release.

  E. Vendors/supply chain

  --> Depends on what these vendors do. If they are developing code that is used in the final release it could contain vulnerabilities that are included unintentionally. But that would be kind of similar to the 3rd party libraries.

  F. Outdated anti-malware software

  --> With outdated anti-malware, and attacker could gain acces to a developers machine and include vulnerable code. The developer could then commit it unintentionally.

• Question 816:

  The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

  A. Updating the playbooks with better decision points

  B. Dividing the network into trusted and untrusted zones

  C. Providing additional end-user training on acceptable use

  D. Implementing manual quarantining of infected hosts

  Correct Answer: A

  The question asks for the "Best" way to improve the "incident response process."

  -A: directly effects and makes the decision process better.

  -B: Does not effect the incident response process. It is a preventative measure.

  -C: Does not effect the incident response process. Again preventative and also it focus on the end user not the IT staff making the decisions during the attack.

  -D: Trick answer. This was the course of action taken during the incident. The question asks for a way to lessen the 30min response time by the IT staff.

• Question 817:

  A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization's security posture?

  A. Configure the DLP policies to allow all PII

  B. Configure the firewall to allow all ports that are used by this application

  C. Configure the antivirus software to allow the application

  D. Configure the DLP policies to whitelist this application with the specific PII

  E. Configure the application to encrypt the PII

  Correct Answer: D

• Question 818:

  A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)

  A. Perform a site survey

  B. Deploy an FTK Imager

  C. Create a heat map

  D. Scan for rogue access points

  E. Upgrade the security protocols

  F. Install a captive portal

  Correct Answer: AC

  site survey shows what WiFi APs are out there + heat map shows the strength of the signal

• Question 819:

  A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

  A. Automated information sharing

  B. Open-source intelligence

  C. The dark web

  D. Vulnerability databases

  Correct Answer: C

  The dark web is where you go for the purchase of illegal items, but damn ima bout to fail this exam lol.

• Question 820:

  A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

  

  Which of the following attacks MOST likely occurred?

  A. Dictionary

  B. Credential-stuffing

  C. Password-spraying

  D. Brute-forcea

  Correct Answer: C

  Password-spraying is an attack method where an attacker tries a few common or easily guessable passwords against multiple usernames. Instead of attempting numerous passwords for a single user (as in a brute-force attack), the attacker spreads out login attempts across many accounts using a small set of common passwords. They hope that at least one of these attempts will result in a successful login.

  We can see multiple failed login attempts (audit failures) for different usernames (USER1, USER2, USER3, USER4) with variations of "UNKNOWN USERNAME OR BAD PASSWORD." This indicates that the attacker attempted to log in with different usernames using a limited set of passwords. When they succeeded in gaining access to USER4 ("SUCCESSFUL LOGON"), it suggested that one of the username and password combinations used in the password-spraying attempt was correct.