CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 851:

  A company has installed badge readers for building access but is finding unauthorized individuals roaming the hallways. Which of the following is the most likely cause?

  A. Shoulder surfing
  B. Phishing
  C. Tailgating
  D. Identity fraud
  C. Tailgating

  ---

  Tailgating, also known as piggybacking, is the act of an unauthorized individual following closely behind an authorized person to gain entry into a restricted area without their own valid access credentials. In this scenario, the badge readers are meant to control building access, but unauthorized individuals are gaining access by simply following authorized employees who use their badges to open doors. This practice compromises the security of the building and allows unauthorized people to roam the hallways. To prevent tailgating, employees should be trained to be vigilant about not allowing unauthorized individuals to follow them through access-controlled doors. Additionally, security measures like mantraps or turnstiles can be implemented to prevent tailgating incidents.

• Question 852:

  Which of the following refers to applications and systems that are used within an organization without consent or approval?

  A. Shadow IT
  B. OSINT
  C. Dark web
  D. Insider threats
  A. Shadow IT

• Question 853:

  A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

  A. Something you know
  B. Something you have
  C. Somewhere you are
  D. Someone you are
  E. Something you are
  F. Something you can do
  A. Something you know
  B. Something you have

  ---

  This is yet another poorly worded question, obviously the password is something you know, the authentication code is extremely vague. If you are like me you were looking for the option that this isn't MFA or two options of "something you know". But it is up to us to suss out that an authentication code can come from a item you have such as a phone or phob etc.....

• Question 854:

  A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

  A. DLP
  B. SIEM
  C. NIDS
  D. WAF
  D. WAF

  ---

  A Web Application Firewall (WAF) is a security solution specifically designed to protect web applications and APIs from various attacks, including those that attempt to manipulate parameters and exploit vulnerabilities in the application layer. It sits between the clients (users or third parties) and the web server, inspecting the HTTP/HTTPS traffic and filtering out malicious requests. In this scenario, the security analyst has identified that the web API is being abused by an unknown third party attempting to manipulate the parameters being passed to the API endpoint. A WAF would be able to analyze and validate the incoming requests to the API, blocking any requests that contain suspicious or malicious parameters. It can enforce security policies, perform input validation, and protect against common web application attacks like SQL injection, cross-site scripting (XSS), and parameter tampering.

• Question 855:

  A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

  A. Provisioning
  B. Staging
  C. Quality assurance
  A. Provisioning

• Question 856:

  An organization would like to store customer data on a separate part of the network that is not accessible to users on the mam corporate network. Which of the following should the administrator use to accomplish this goal?

  A. Segmentation
  B. Isolation
  C. Patching
  D. Encryption
  A. Segmentation

  ---

  Segmentation involves dividing a network into separate subnetworks or segments, each with its own security controls and access permissions. By segmenting the network, the administrator can isolate sensitive customer data from the main corporate network, reducing the risk of unauthorized access to the data.

• Question 857:

  A company is under investigation for possible fraud. As part of the investigation. the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?

  A. Legal hold
  B. Chain of custody
  C. Data loss prevention
  D. Content filter
  A. Legal hold

  ---

  Legal hold: Protecting any documents that can be used in evidence from being altered or destroyed, sometimes called litigation hold.

• Question 858:

  While investigating a recent security incident, a security analyst decides to view all network connections on a particular server, Which of the following would provide the desired information?

  A. arp
  B. nslookup
  C. netstat
  D. nmap
  C. netstat

  ---

  Explanation Explanation/Reference:The netstat command shows all active network connections, network interface information, and ports that are listening. The question is asking to view all the connections on the server which the netstat command will do. ================================== Nmap or network mapper is a network discovery and security auditing tool mainly used to find services, hosts, and open ports on a network. Nslookup - This command queries DNS servers to obtain DNS records ARP Command is a TCP/IP utility used for viewing and modifying the local Address Resolution Protocol (ARP) cache.

• Question 859:

  An employee's laptop was stolen last month. This morning, the was returned by the A cyberrsecurity analyst retrieved laptop and has since cybersecurity incident checklist Four incident handlers are responsible for executing the checklist. Which of the following best describes the process for evidence collection assurance?

  A. Time stamp
  B. Chain of custody
  C. Admissibility
  D. Legal hold
  B. Chain of custody

  ---

  Chain of custody is a process that documents the chronological and logical sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Chain of custody is important to ensure the integrity and admissibility of evidence in legal proceedings. Chain of custody can help evidence collection assurance by providing proof that the evidence has been handled properly and has not been tampered with or contaminated. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.thoughtco.com/chain-of-custody-4589132

• Question 860:

  A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Select TWO).

  A. The order of volatility
  B. A CRC32 checksum
  C. The provenance of the artifacts
  D. The vendor's name
  E. The date time
  F. A warning banner
  C. The provenance of the artifacts
  E. The date time

  ---

  Date and time of collection Location of collection Name of investigator(s) Name or owner of the media or computer Reason for collection Matter name or case number Type of media Serial number of media if available Make and model of hard drive or other media Storage capacity of device or hard drive Method of capture (tools used) Physical description of computer and whether it was on or off Name of the image file or resulting files that were collected Hash value(s) of source hard drive or files Hash value(s) of resulting image files for verification Any comments or issues encountered Signature(s) of persons giving and taking possession of evidence