CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 861:

  A financial analyst is expecting an email containing sensitive information from a client.

  When the email arrives, the analyst receives an error and is unable to open the encrypted message.

  Which of the following is the MOST likely cause of the issue?

  A. The S/MME plug-in is not enabled.

  B. The SLL certificate has expired.

  C. Secure IMAP was not implemented

  D. POP3S is not supported

  Correct Answer: A

  S/MIME provides for cryptographic security services such as authentication, message integrity, and non-repudiation of origin (using digital signatures). It also helps enhance privacy and data security (using encryption) for electronic messaging.

• Question 862:

  Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log m to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Select TWO)

  A. COPE

  B. VDI

  C. GPS

  D. TOTP

  E. RFID

  F. BYOD

  Correct Answer: BE

  B. is the Virtual Desktop Infrastructure that presents their login session to whatever terminal they're at

  E. is the RFID component of their badge which they tap on a reader to sign in or out of a thin client. The other options are unrelated to any of this.

• Question 863:

  Which of the following corporate policies is used to help prevent employee fraud and to detect system log modifications or other malicious activity based on tenure?

  A. Background checks

  B. Mandatory vacation

  C. Social media analysis

  D. Separation of duties

  Correct Answer: B

• Question 864:

  A user's account is constantly being locked out. Upon further review, @ security analyst found the following in the SIEM: Which of the following describes what is occurring?

  

  A. An attacker is utilizing a password-spraying attack against the account

  B. An attacker is utilizing a dictionary attack against the account

  C. An attacker is utilizing a brute-force attack against the account

  D. An attacker is utilizing a rainbow table attack against the account

  Correct Answer: C

  A simple brute-force attack uses automation and scripts to guess passwords. Typical brute-force attacks make a few hundred guesses every second. Simple passwords, such as those lacking a mix of upper- and lowercase letters and those using common expressions like `123456' or `password,' can be cracked in minutes. Look at the time of attacks performed.

• Question 865:

  A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

  A. Key escrow

  B. A self-signed certificate

  C. Certificate chaining

  D. An extended validation certificate

  Correct Answer: B

  Internal certificates don't need to be signed by a public CA ? Your company is the only one going to use it

  1.

  No need to purchase trust for devices that already trust you

  2.

  Build your own CA ?Issue your own certificates signed by your own CA

  3.

  Install the CA certificate/trusted chain on all devices

  4.

  They'll now trust any certificates signed by your internal CA

  5.

  Works exactly like a certificate you purchased

• Question 866:

  A cybersecunty administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO)

  A. HIDS

  B. NIPS

  C. HSM

  D. WAF

  E. HIPS

  F. NIDS

  G. Stateless firewall

  Correct Answer: BD

  A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-sitescripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model).

  A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. NIPS consists of NIDS and IPS. WAF is a firewall. NIPS can operate up to layer 7 by passing or allowing traffic

• Question 867:

  Ann. a forensic analyst. needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should Ann use?

  A. Chain of custody

  B. Checksums

  C. Non-repudiaton

  D. Legal hold

  Correct Answer: B

  If the checksum of the original file is known, an authorized user can run a checksum/hashing utility on the file to match the resulting checksum to the original checksum. If these two checksums match, the file is identical. However, if they don't match, the user can identify a fake version of the original file.

  Checksums are used to check files and other data for errors or manipulation that might have occurred during data transmission or storage.

• Question 868:

  A symmetric encryption algorithm Is BEST suited for:

  A. key-exchange scalability.

  B. protecting large amounts of data.

  C. providing hashing capabilities,

  D. implementing non-repudiation.

  Correct Answer: B

  Symmetric key distribution does not scale as well as Asymmetric (Dion Symmetric VS Asymmetric Obj. 2.8). Non-Repudiation does not apply here as well..but symmetric does support large amounts of data.

• Question 869:

  During an incident response, a security analyst observes the following log entry on the web server.

  

  Which of the following BEST describes the type of attack the analyst is experience?

  A. SQL injection

  B. Cross-site scripting

  C. Pass-the-hash

  D. Directory traversal

  Correct Answer: D

  the attacker manipulates the URL parameters by using "../" sequences or absolute file paths to navigate to parent directories and access arbitrary files and directories on the URL parameter "show" contains multiple "../" sequences, indicating an attempt to navigate to parent directories. The attacker is trying to access the "/etc/passwd" file, which is a commonly targeted file that stores user account information on Unix-based systems.

• Question 870:

  Which of the following control sets should a well-written BCP include? (Select THREE)

  A. Preventive

  B. Detective

  C. Deterrent

  D. Corrective

  E. Compensating

  F. Physical

  G. Recovery

  Correct Answer: ADG