CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 821:

  A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization's executives determine the next course of action?

  A. An incident response plan

  B. A communications plan

  C. A disaster recovery plan

  D. A business continuity plan

  Correct Answer: D

  Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident",[1] and business continuity planning [2][3] (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company.[4] In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery.[5] Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

• Question 822:

  A Chief Security Officer (CSO) has asked a technician to devise a solution that can detect unauthorized execution privileges from the OS in both executable and data files and can work in conjunction with proxies or UTM. Which of the following would BEST meet the CSO's requirements?

  A. Fuzzing

  B. Sandboxing

  C. Static code analysis

  D. Code review

  Correct Answer: B

  What is a sandbox?

  A sandbox can be defined as an isolated environment in a computer system or on a network that is designed and developed to mimic end user operating system (OS) and environments, so as to detect unauthorized execution privileges from

  the operating system (OS).

  In cybersecurity, sandboxing is typically used to safely execute suspicious code and data files without causing any harm to the host device or network. Also, sandboxing can work in conjunction with proxies or unified threat management

  (UTM).

• Question 823:

  In which of the following situations would it be BEST to use a detective control type for mitigation?

  A. A company implemented a network load balancer to ensure 99.999% availability of its web application.

  B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.

  C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.

  D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.

  E. A company purchased liability insurance for flood protection on all capital assets.

  Correct Answer: D

  A: Not sure a load balancer directly falls into a specific control type, but maybe preventive?

  B: Backups from disasters are corrective

  C: Firewalls are preventive

  D: IPS can be considered detective and preventive. The answer makes absolutely no sense, but this is the only one that has anything to do with detection.

  E: Insurance, compensating

• Question 824:

  A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?

  A. Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag

  B. Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy

  C. Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches

  D. Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy evidence

  Correct Answer: B

  "To obtain a forensically sound image from nonvolatile storage, you need to ensure that nothing you do alters data or metadata (properties) on the source disk or file system. A write blocker assures this process by preventing any data on the disk or volume from being changed by filtering write commands at the driver and OS level. Data acquisition would normally proceed by attaching the target device to a forensics workstation or field capture device equipped with a write blocker." For purposes of knowing, https://security.opentext.com/tableau/hardware/details/t8u write blockers like this are the most popular hardware blockers

• Question 825:

  A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

  A. Open the document on an air-gapped network

  B. View the document's metadata for origin clues

  C. Search for matching file hashes on malware websites

  D. Detonate the document in an analysis sandbox

  Correct Answer: C

  Not every malicious doc has matching hash on malware website.

• Question 826:

  A company uses wireless tor all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?

  A. A BPDU guard

  B. WPA-EAP

  C. IP filtering

  D. A WIDS

  Correct Answer: B

  "EAP is in wide use. For example, in IEEE 802.11 (WiFi) the WPA and WPA2 standards have adopted IEEE 802.1X (with various EAP types) as the canonical authentication mechanism." https://en.wikipedia.org/wiki/ Extensible_Authentication_Protocol

• Question 827:

  A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

  A. Nmapn

  B. Heat maps

  C. Network diagrams

  D. Wireshark

  Correct Answer: B

  Heat maps directly correlate to wireless technology. A network diagram isn't specific to wireless, and isn't going to solve the issue.

• Question 828:

  A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

  A. A firewall

  B. A device pin

  C. A USB data blocker

  D. Biometrics

  Correct Answer: C

  https://www.promorx.com/blogs/blog/how-does-a-usb-data-blocker-work Connecting via the data port of your mobile device, the Data Blockers creates a barrier between your mobile device and the charging station. Your phone will draw power as usual, allowing you to use it normally and charge it at the same time, but this clever piece of equipment will prevent any data exchange. "Malicious USB charging cables and plugs are also a widespread problem. As with card skimming, a device may be placed over a public charging port at airports and other transit locations. A USB data blocker can provide mitigation against these juice- jacking attacks by preventing any sort of data transfer when the smartphone or laptop is connected to a charge point "

• Question 829:

  During an intemal penetration test, a security analyst identified a network device that had accepted cleartext authentication and was configured with a default credential. Which of the following recommendations should the security analyst make to secure this device?

  A. Configure SNMPv1.

  B. Configure SNMPv2c

  C. Configure SNMPv3.

  D. Configure the default community string.

  Correct Answer: C

  In this scenario, the security analyst discovered a network device with cleartext authentication and a default credential. To secure the device, the best recommendation is to configure SNMPv3.

  SNMP (Simple Network Management Protocol) is commonly used for network monitoring and management. SNMPv1 and SNMPv2c use cleartext authentication, which means that the credentials are transmitted without encryption, making them vulnerable to eavesdropping and potential credential theft.

  SNMPv3 is the most secure version of SNMP and provides several security features, including data encryption, message integrity, and authentication. It uses technologies such as HMAC (Hash-based Message Authentication Code) and encryption algorithms to protect sensitive information, making it the preferred choice when securing network devices and preventing unauthorized access or misuse.

• Question 830:

  To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset?

  A. A password reuse policy

  B. Account lockout after three failed attempts

  C. Encrypted credentials in transit

  D. A geofencing policy based on login history

  Correct Answer: A

  1) Data breach -> password leak 2) Reset -> new password 3) User's reuse password for 1) -> account easily compromised

  A password resue policy would mean that you cannot use the same or previously used password. This is also the most common option you see whenever there is a big data leak that was done.