CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 821:

  A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow?

  A. Payment Card Industry Data Security Standard
  B. Cloud Security Alliance Best Practices
  C. ISO/IEC 27032 Cybersecurity Guidelines
  D. General Data Protection Regulation
  D. General Data Protection Regulation

  ---

  For example, the GDPR does not apply to US ( in this case Datacenters) data subjects, but it does apply to US companies that collect or process personal data from people in countries of the EU.And in this case, there are a lof of clients in Europe, China and Australia.

• Question 822:

  The new Chief Executive Officer (CEO) of a large company has announced a partnership with a vendor that will provide multiple collaboration applications t make remote work easier. The company has a geographically dispersed staff located in numerous remote offices in different countries. The company's IT administrators are concerned about network traffic and load if all users simultaneously download the application.

  Which of the following would work BEST to allow each geographic region to download the software without negatively impacting the corporate network?

  A. Update the host IDS rules.
  B. Enable application whitelisting.
  C. Modify the corporate firewall rules.
  D. Deploy all applications simultaneously.
  B. Enable application whitelisting.

• Question 823:

  A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

  A. Concurrent session usage
  B. Secure DNS cryptographic downgrade
  C. On-path resource consumption
  D. Reflected denial of service
  D. Reflected denial of service

  ---

  In a reflected denial of service (DoS) attack, the attacker sends requests to a large number of public servers, spoofing the source IP address to make it appear as if the requests are coming from the target server. These public servers, acting as amplifiers, then send the responses back to the target server, overwhelming it with inbound traffic. In this case, the DNS server is receiving a flood of inbound traffic due to the DNS requests being amplified by other servers. The DNS server's CPU, disk, and memory usage are minimal because it is only processing legitimate DNS queries sent to it. However, the network interface is overwhelmed with amplified responses, causing the end users to be unable to reach external websites.

• Question 824:

  An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

  A. Development
  B. Test
  C. Production
  D. Staging
  D. Staging

  ---

  Explanation Explanation/Reference:The staging environment is an optional environment, but it is commonly used when an organization has multiple production environments. After passing testing, the system moves into staging, from where it can be deployed to the different production systems.

• Question 825:

  A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

  A. hping
  B. Wireshark
  C. PowerShell
  D. netstat
  A. hping

  ---

  Hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.

• Question 826:

  During a security incident investigation, an analyst consults the company's SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide the information?

  A. WAF logs
  B. DNS logs
  C. System logs
  D. Application logs
  B. DNS logs

  ---

  Explanation Explanation/Reference:DNS logs can contain a record for every query and response. It can show the IP addresses and domain names that your system should/shouldn't be communicating with, it can reveal malware calling out to its command-and-control server, or data transfers to non-company locations. This is one of the reasons why DNS logs are some of the most valuable logs to import into a SIEM system.

• Question 827:

  DRAG DROP

  An attack has occurred against a company.

  INSTRUCTIONS

  You have been tasked to do the following:

  Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1)

  Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2) All objects will be used, but not all placeholders may be filled. Objects may only be used once. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  Select and Place:

  

  

  ---

  Explanation/Reference:

• Question 828:

  Which of the following control types is focused primarily on reducing risk before an incident occurs?

  A. Preventive
  B. Deterrent
  C. Corrective
  D. Detective
  A. Preventive

  ---

  Explanation Explanation/Reference:"Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of success from the perspective of the attacker".

• Question 829:

  An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

  A. Antivirus
  B. IPS.
  C. FTP
  D. FIM
  D. FIM

  ---

  Explanation Explanation/Reference:File Integrity Monitoring (FIM) is a security measure that helps identify and prevent data tampering within the enterprise. FIM systems monitor files and directories for any unauthorized changes, modifications, or tampering. When changes are detected, alerts or notifications are generated, allowing security teams to investigate and respond to potential security incidents. FIM is particularly useful for detecting unauthorized changes to critical system files, configurations, and sensitive data. It helps maintain the integrity of important files and ensures that they remain in their original state, protecting against unauthorized access or manipulation. https://www.cypressdatadefense.com/blog/data-tampering-prevention/

• Question 830:

  A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department Which of the following account types Is MOST appropriate for this purpose?

  A. Service
  B. Shared
  C. eneric
  D. Admin
  A. Service

  ---

  The study guide explicitly states that generic accounts are for many different individuals doing the same work whereas a service account is explicitly for a application/service to run its work.