CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 831:

  A security analyst is reviewing logs on a server and observes the following output:

  

  Which of the following is the security analyst observing?

  A. A rainbow table attack

  B. A password-spraying attack

  C. A dictionary attack

  D. A keylogger attack

  Correct Answer: C

  predefined list of words = dictionary attack

  Reference: https://www.imperva.com/learn/application-security/brute-force-attack/

• Question 832:

  A financial analyst has been accused of violating the company's AUP and there is forensic evidence to substantiate the allegation, Which of the following would dispute the analyst's claim of innocence?

  A. Legal hold

  B. Order of volatility

  C. Non-repudiation

  D. Chain of custody

  Correct Answer: C

  Chapter 30 Digital Forensics Nonrepudiation Nonrepudiation is a characteristic that refers to the inability to deny an action has taken place. This can be a very important issue in transactions via computers that involve money or things of value.

• Question 833:

  Which of the following is the BEST method for ensuring non-repudiation?

  A. SSO

  B. Digital certificate

  C. Token

  D. SSH key

  Correct Answer: B

  Digital certificates are the best method for ensuring non-repudiation. A digital certificate is an electronic credential that binds an entity's identity to a public key. It is issued by a trusted third party known as a Certificate Authority (CA). When a user digitally signs a message or document using their private key, the recipient can verify the signature using the corresponding public key from the user's digital certificate. This process provides assurance that the sender of the message cannot later deny having sent it, thus ensuring non-repudiation.

• Question 834:

  A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions Which of the following should the administrator use when configuring the VPN?

  A. AH

  B. EDR

  C. ESP

  D. DNSSEC

  Correct Answer: C

  https://www.hypr.com/encapsulating-security-payload-esp/ Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN). The focus and layer on which ESP operates makes it possible for VPNs to function securely.

• Question 835:

  A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:

  

  Which of the following attacks does the analyst MOST likely see in this packet capture?

  A. Session replay

  B. Evil twin

  C. Bluejacking

  D. ARP poisoning

  Correct Answer: B

  https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack One of the main purposes of deauthentication used in the hacking community is to force clients to connect to an evil twin access point which then can be used to capture network packets transferred between the client and the access point.

• Question 836:

  A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?

  A. CASB

  B. SWG

  C. Containerization

  D. Automated failover

  Correct Answer: C

  Containerization is defined as a form of operating system virtualization, through which applications are run in isolated user spaces called containers, all using the same shared operating system (OS).

• Question 837:

  Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team?

  A. Tabletop

  B. Parallel

  C. Full interruption

  D. Simulation

  Correct Answer: A

  Its Tabletop exercise , the simulation is more time consuming.Tabletop , is the cheapest and fastets, after walktrough(from memory) and then simulation (more recources, tedious,time consuming)

• Question 838:

  Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS.

  Which of the following is MOST likely causing the malware alerts?

  A. A worm that has propagated itself across the intranet, which was initiated by presentation media

  B. A fileless virus that is contained on a vCard that is attempting to execute an attack

  C. A Trojan that has passed through and executed malicious code on the hosts

  D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

  Correct Answer: B

  V-card make perfect sense because it can be embedded with File-less Virus. The statement ''malware alerts coming from each of the employee's workstations" Not everyone would be Carrying a Usb in a trade show, However V-card is a virtual card and it can be stored in your phone and people are more likely to exchange V-card in trade show for information than Usb Sticks.

• Question 839:

  A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

  A. Use password hashing.

  B. Enforce password complexity.

  C. Implement password salting.

  D. Disable password reuse.

  Correct Answer: B

• Question 840:

  An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective? (Select TWO)

  A. Load balancing

  B. Incremental backups

  C. UPS

  D. RAID

  E. Dual power supply

  F. NIC teaming

  Correct Answer: AD