CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 861:

  An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap: Which of the following should the analyst recommend to disable?

  

  A. 21/tcp
  B. 22/tcp
  C. 23/tcp
  D. 443/tcp
  C. 23/tcp

• Question 862:

  An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

  A. Order of volatility
  B. Data recovery
  C. Chain of custody
  D. Non-repudiation
  C. Chain of custody

• Question 863:

  A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

  A. Disable unneeded services.
  B. Install the latest security patches.
  C. Run a vulnerability scan.
  D. Encrypt all disks.
  C. Run a vulnerability scan.

• Question 864:

  Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

  A. Lessons learned
  B. Identification
  C. Simulation
  D. Containment
  A. Lessons learned

  ---

  Lessons learned is a process that would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges. Lessons learned is a process that involves reviewing and evaluating the incident response exercise to identify what went well, what went wrong, and what can be improved. Lessons learned can help an organization enhance its incident response capabilities, address any gaps or weaknesses, and update its incident response plan accordingly. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.sans.org/reading-room/whitepapers/incident/incident-handlers- handbook- 33901

• Question 865:

  A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully.

  Which of the following BEST describes the policy that is being implemented?

  A. Time-based logins
  B. Geofencing
  C. Network location
  D. Password history
  A. Time-based logins

  ---

  Explanation Explanation/Reference:Time based logins should be the answer because Geofencing is accepting or rejecting access requests based on location.

• Question 866:

  A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware.

  Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

  A. BYOD
  B. VDI
  C. COPE
  D. CYOD
  D. CYOD

  ---

  CYOD allows employees to choose their preferred devices from a pre-approved list of options provided by the company. While it offers flexibility, it also enables the organization to maintain control and ensure security by limiting the device choices to a predetermined set of hardware that meets the company's standards and security requirements. By providing a defined set of approved devices, the company can streamline support, manageability, and security measures for those specific devices. The IT department can focus on thoroughly testing and supporting a smaller range of hardware configurations, which reduces complexity and allows for tighter control over the devices accessing the company's data and infrastructure.

• Question 867:

  Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers' accounts. Which of the following should be implemented to prevent similar situations in the future?

  A. Ensure input validation is in place to prevent the use of invalid characters and values.
  B. Calculate all possible values to be added together and ensure the use of the proper integer in the code.
  C. Configure the web application firewall to look for and block session replay attacks.
  D. Make sure transactions that are submitted within very short time periods are prevented from being processed.
  A. Ensure input validation is in place to prevent the use of invalid characters and values.

• Question 868:

  A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers Which of the following is the BEST remediation strategy?

  A. Update the base container image and redeploy the environment
  B. Include the containers in the regular patching schedule for servers
  C. Patch each running container individually and test the application
  D. Update the host in which the containers are running
  A. Update the base container image and redeploy the environment

  ---

  Explanation Explanation/Reference:In the scenario, the vulnerabilities found were critical meaning that patches would need to be applied immediately. The options to patch the containers (B andC) could work, however, patching would likely take months, seeing how this vulnerability is critical, neither would address the concern's urgency. The option to update the host (D) also could work, however, the scenario specified that the vulnerabilities have been detected only on some applications and not on the host itself. While a container runs on a host machine, it does not mean they share the same vulnerabilities. So updating the host would likely not patch the vulnerabilities that were found in the containers. Out of the given options, the option to update on the base container image would 1.) addresses where the vulnerabilities were found and what needs to be updated and 2.) addresses the urgency to patch the critical vulnerability.

• Question 869:

  Which of the following would produce the closet experience of responding to an actual incident response scenario?

  A. Lessons learned
  B. Simulation
  C. Walk-through
  D. Tabletop
  B. Simulation

• Question 870:

  A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?

  A. The DNS logs
  B. The web server logs
  C. The SIP traffic logs
  D. The SNMP logs
  A. The DNS logs

  ---

  Explanation Explanation/Reference:https://www.netsurion.com/articles/monitoring-dns-traffic-for-security-threats DNS queries can reveal: Botnets/Malware connecting to CandC servers What websites visited by an employee Which malicious and DGA domains were accessed Which dynamic domains (DynDNS) accessed DDOS attack detection like NXDomain, phantom domain. random subdomain