CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 871:

  The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

  A. SSO would simplify username and password management, making it easier for hackers to pass guess accounts.

  B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

  C. SSO would reduce the password complexity for frontline staff.

  D. SSO would reduce the resilience and availability of system if the provider goes offline.

  Correct Answer: D

  SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider, like OneLogin. This trust relationship is often based upon a certificate that is exchanged between the identity provider and the service provider. This certificate can be used to sign identity information that is being sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens which contain identifying bits of information about the user like a user's email address or a username.

• Question 872:

  The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

  A. data controller.

  B. data owner

  C. data custodian.

  D. data processor

  Correct Answer: C

  From the official CompTIA Security+ Study Guide glossary:

  data custodian - An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

• Question 873:

  Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?

  A. Whaling

  B. Spam

  C. Invoice scam

  D. Pharming

  Correct Answer: D

  Pharming: Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file)

• Question 874:

  Which of the following describes the BEST approach for deploying application patches?

  A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

  B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems

  C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment

  D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment

  Correct Answer: A

  A is the only one that was in the correct order. Having a patch in a testing server should be the first to test the patch and only after it has been tested should it be staged. test -> stage -> production. https://oroinc.com/b2b-ecommerce/blog/testing-and-staging-environments-in-ecommerce-implementation/

• Question 875:

  Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?

  A. RTO

  B. MTBF

  C. MTTR

  D. RPO

  Correct Answer: C

  Mean time to repair (MTTR) is a measure of the maintainability of a repairable item, which tells the average time required to repair a specific item or component and return it to working status. It is a basic measure of the maintainability of equipment and parts. This includes the notification time, diagnosis and the time spent on actual repair as well as other activities required before the equipment can be used again. Mean time to repair is also known as mean repair time.

  https://www.techopedia.com/definition/2719/mean-time-to-repair-mttr

• Question 876:

  A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?

  A. inability to authenticate

  B. Implied trust

  C. Lack of computing power

  D. Unavailable patch

  Correct Answer: D

  The reason the findings cannot be remediated is due to the unavailability of patches. Since the company that developed the embedded systems is no longer in business, there is no one to provide updates, including security patches, for the systems. This lack of support leaves the systems vulnerable to the unsecure protocols they are running, and there is no feasible way to update or patch them to address the security issues.

• Question 877:

  A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?

  A. Establish chain of custody.

  B. Inspect the file metadata.

  C. Reference the data retention policy.

  D. Review the email event logs

  Correct Answer: D

  inspecting the file meta data isn't going to do anything because the file's creation or modified date isn't in question. The question is if they sent the file at all. In this case they didn't which can be proven via email event log.

• Question 878:

  An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?

  A. Apply a DLP solution.

  B. Implement network segmentation

  C. Utilize email content filtering,

  D. isolate the infected attachment.

  Correct Answer: B

  Implementing network segmentation can effectively contain the spread of the worm by isolating the infected system or segment from the rest of the network. This prevents the worm from propagating to other parts of the network and helps mitigate the impact of the incident. Network segmentation is a proactive approach to prevent lateral movement of malware within the network.

  While isolating the infected attachment (Option D) can be useful, it might not be as effective in preventing the worm from attempting to spread through other means or vectors beyond the isolated system. Implementing network segmentation provides a broader approach to isolating the affected systems and reducing the potential attack surface for the worm.

• Question 879:

  An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

  A. HSM

  B. CASB

  C. TPM

  D. DLP

  Correct Answer: A

  "A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys"

  Reference:

  https://www.techtarget.com/searchsecurity/definition/hardware-security-module-HSM

• Question 880:

  Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).

  A. Page files

  B. Event logs

  C. RAM

  D. Cache

  E. Stored files

  F. HDD

  Correct Answer: AD