CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 881:

  A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

  A. Incremental backups followed by differential backups

  B. Full backups followed by incremental backups

  C. Delta backups followed by differential backups

  D. Incremental backups followed by delta backups

  E. Full backup followed by different backups

  Correct Answer: E

  The difference in incremental vs. differential backup is that, while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.

• Question 882:

  An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap: Which of the following should the analyst recommend to disable?

  

  A. 21/tcp

  B. 22/tcp

  C. 23/tcp

  D. 443/tcp

  Correct Answer: C

• Question 883:

  An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

  A. SLA

  B. BPA

  C. NDA

  D. MOU

  Correct Answer: A

• Question 884:

  Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

  A. The key length of the encryption algorithm

  B. The encryption algorithm's longevity

  C. A method of introducing entropy into key calculations

  D. The computational overhead of calculating the encryption key

  Correct Answer: B

  SY0-601 Student guide, "In another sense, longevity is the consideration of how long data must be kept secure. If you assume that a ciphertext will be exposed at some point, how long must that ciphertext resist cryptanalysis? For example, imagine an NSA operative's laptop is stolen. The thief cannot hope to break the encryption with current computing resources, but how long must that encryption mechanism continue to protect the data? If advances in cryptanalysis will put it at risk within 5 years, or 10 years, or 20 years, could a more secure algorithm have been chosen?"

• Question 885:

  The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files

  The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again.

  Which of the following is MOST capable of accomplishing both tasks?

  A. HIDS

  B. Allow list

  C. TPM

  D. NGFW

  Correct Answer: C

• Question 886:

  A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

  A. Check the metadata in the email header of the received path in reverse order to follow the email's path.

  B. Hover the mouse over the CIO's email address to verify the email address.

  C. Look at the metadata in the email header and verify the orF m: line matches the CIO's email address.

  D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

  Correct Answer: A

  https://www.cmu.edu/iso/news/2020/email-spoofing.html

• Question 887:

  A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

  A. A reverse proxy

  B. A decryption certificate

  C. A spill-tunnel VPN

  D. Load-balanced servers

  Correct Answer: B

  WAF can only block abnormal traffic by filtering the plaintext data.

• Question 888:

  A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

  A. Implementation of preventive controls

  B. Implementation of detective controls

  C. Implementation of deterrent controls

  D. Implementation of corrective controls

  Correct Answer: B

  Its a CompTIA tricky one like always: The reason that B is the answer is because the SIEM is simply sending alerts [Detecting], the Antivirus is already implementing the preventive controls by blocking malicious activity, the SIEMs job is to detect when something is prevented by the Antivirus.

• Question 889:

  As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

  As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?

  A. TAXII

  B. TLP

  C. TTP

  D. STIX

  Correct Answer: C

  TTPs Within Cyber Threat Intelligence Tactics, techniques and procedures (TTPs) are the "patterns of activities or methods associated with a specific threat actor or group of threat actors." Analysis of TTPs aids in counterintelligence and security operations by describing how threat actors perform attacks. Top threats facing an organization should be given priority for TTP maturation. Smaller organizations may benefit strategically by outsourcing research and response. One acronym everyone working on a cybersecurity team should be familiar with is TTPs ?tactics, techniques and procedures ?but not everyone understands how to use them properly within a cyber threat intelligence solution. TTPs describe how threat actors (the bad guys) orchestrate, execute and manage their operations attacks. ("Tactics" is also sometimes called "tools" in the acronym.) Specifically, TTPs are defined as the "patterns of activities or methods associated with a specific threat actor or group of threat actors," according to the Definitive Guide to Cyber Threat Intelligence.

• Question 890:

  An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

  A. It allows for the sharing of digital forensics data across organizations

  B. It provides insurance in case of a data breach

  C. It provides complimentary training and certification resources to IT security staff.

  D. It certifies the organization can work with foreign entities that require a security clearance

  E. It assures customers that the organization meets security standards

  Correct Answer: E

  According to the ISO (https://www.iso.org/standard/54534.html):

  ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the

  assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or

  nature.