CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 851:

  A network administrator has been asked to install an IDS to improve the security posture of an organization.

  Which of the following control types is an IDS?

  A. Corrective

  B. Physical

  C. Detective

  D. Administrative

  Correct Answer: C

  Intrusion DECECTION system.. DETECTION, as in sherlock holmes. Imagine sherlock holmes smoking a big fat bowl and you'll always answer this correctly

• Question 852:

  A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

  

  Which of the following steps would be best for the security engineer to take NEXT?

  A. Allow DNS access from the internet.

  B. Block SMTP access from the Internet

  C. Block HTTPS access from the Internet

  D. Block SSH access from the Internet.

  Correct Answer: D

  The reason for D is because you want to block the SSH as it will be a vulnerability.

• Question 853:

  When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

  A. Tokenization

  B. Data masking

  C. Normalization

  D. Obfuscation

  Correct Answer: C

  Reference: https://www.informit.com/articles/article.aspx?p=30646

• Question 854:

  A security analyst Is investigating a malware incident at a company. The malware is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in / logfiles/messages. Which of the following commands would be BEST for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

  A. head -500 www.comptia.com | grep /logfiles/messages

  B. cat /logfiles/messages | tail -500 wew.comptia.com

  C. tail -500 /legfiles/messages | grep www.comptia.com

  D. grep -500 /logfiles/messages | cat www.comptia.com

  Correct Answer: C

• Question 855:

  A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter.

  Which of the following should the security manager implement to achieve the objective?

  A. Segmentation

  B. Containment

  C. Geofencing

  D. Isolation

  Correct Answer: A

• Question 856:

  A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

  A. SIEM

  B. DLP

  C. CASB

  D. SWG

  Correct Answer: C

  A cloud access security broker is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies A CASB has a separate, and more distinctive role. Differing from the use case for SWG, which focuses on the broader filtering and protection against inbound threats and filtering illegitimate web traffic, a CASB is more deeply integrated and has control over your cloud application usage. It can be tied into an applications API to scan data at rest or can be used with a proxy based deployment to enforce inline policies for more real time protection.

• Question 857:

  An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?

  A. Lessons learned

  B. Eradication

  C. Recovery

  D. Preparation

  Correct Answer: D

  The preparation phase is when the organization is preparing for the attack. Tuning the SIEM is just providing the latest threat information to the system for preparation. Phases of the Incident Response Plan:

  1.

  Preparation - Preparing for an attack and how to respond

  2.

  Identification - Identifying the threat

  3.

  Containment - Containing the threat

  4.

  Eradication - Removing the threat

  5.

  Recovery - Recovering affected systems

  6.

  Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.

• Question 858:

  Which of the following is a difference between a DRP and a BCP?

  A. A BCP keeps operations running during a disaster while a DRP does not.

  B. A BCP prepares for any operational interruption while a DRP prepares for natural disasters.

  C. BCP is a technical response to disasters while a DRP is operational.

  D. A BCP is formally written and approved while a DRP is not.

  Correct Answer: C

• Question 859:

  A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?

  A. SINT

  B. SIEM

  C. CVSS

  D. CVE

  Correct Answer: D

  CVE as answer doesn't make sense to me, unless I'm reading/interpreting it in a wrong way, here's why: If tha analyst is reviwring info regarding recent vulnerabilities, that means he's aware of the vuln, so why bother to look into the CVE at the first place? The questions goes "...to validate **which platforms have been affected**", how can you possibly know which platforms have been affected in your environment just looking at an external informational database like CVE/ CVSS? You need some sort of internal tool that will log which platform/devices are likely vulnerable to a given CVE, and a SIEM solution has definitely all the requirements to give you that information.

• Question 860:

  The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company's Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

  A. Phishing

  B. Whaling

  C. Type squatting

  D. Pharming

  Correct Answer: B

  Target is an executive. This type of social engineering is whaling.