CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 881:

  A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern?

  A. Create consultant accounts for each region, each configured with push MFA notifications.
  B. Create one global administrator account and enforce Kerberos authentication
  C. Create different accounts for each region. limit their logon times, and alert on risky logins
  D. Create a guest account for each region. remember the last ten passwords, and block password reuse
  C. Create different accounts for each region. limit their logon times, and alert on risky logins

  ---

  Explanation Explanation/Reference:https://www.crowdstrike.com/blog/service-accounts-performing-interactive- logins/

• Question 882:

  Which biometric error would allow an unauthorized user to access a system?

  A. False acceptance
  B. False entrance
  C. False rejection
  D. False denial
  A. False acceptance

  ---

  False Acceptance - There are only two metrics that are used to determine the performance of biometrics: FAR (False Acceptance Rate) and FRR (False Rejection Rate). False Acceptance Rate is a metric for biometric performance that determines the number of instances where unauthorized persons were incorrectly authorized. For this question, a biometric error would mean that someone was authorized when they weren't supposed to be authorized.

• Question 883:

  Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?

  A. SCAP
  B. NetFlow
  C. Antivirus
  D. DLP
  D. DLP

• Question 884:

  An organization recently experienced the following social engineering attacks that introduced malware into the network:

  ? In the first attack, the sender impersonated a staff member in the legal department and sent an email stating that the employee needed to click a link to sign an NDA in order to remain employed. The link provided was to a malicious website. ? In the second attack, the sender impersonated the director of finance and instructed the accounts payable department to pay an outstanding invoice. The attached invoice contained malware.

  Which of the following is the most likely reason these attacks were successful?

  A. Both attacks passed the spam filters, which resulted in the end users thinking the emails were legitimate.
  B. Both attacks concealed the delivery of malware, which led end users to trust the emails.
  C. Both attacks appealed to authority, which made the end users feel obligated to perform the requested actions.
  D. Both attacks relied on dumpster diving to obtain a list of valid contacts to receive the malicious emails.
  C. Both attacks appealed to authority, which made the end users feel obligated to perform the requested actions.

• Question 885:

  Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

  A. Standard naming conventions
  B. Domain services
  C. Baseline configurations
  D. Diagrams
  A. Standard naming conventions

  ---

  Explanation Explanation/Reference:Quoting from the official guide below. A standard naming convention for hardware assets, and for digital assets such as accounts and virtual machines, makes the environment more consistent. This means that errors are easier to spot and that it is easier to automate through scripting. The naming strategy should allow administrators to identify the type and function of any particular resource or location at any point in the CMDB or network directory. Each label should conform to rules for host and DNS names.

• Question 886:

  An enterpnse has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered. Which of the following BEST represents the type of testing that is being used?

  A. White-box
  B. Red-leam
  C. Bug bounty
  D. Gray-box
  E. Black-box
  C. Bug bounty

  ---

  A bug bounty program provides a monetary incentive for security researchers to discover vulnerabilities. One of the benefits is that bug bounty programs only pay researchers when they find vulnerabilities. Companies don't pay researchers for their time. https://en.wikipedia.org/wiki/Bug_bounty_program

• Question 887:

  An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

  A. Network
  B. System
  C. Application
  D. Authentication
  A. Network

  ---

  Network log sources can show the traffic between the user's device and the phishing website, such as DNS queries, the IP addresses, the port, and the protocols. Network logs can also reveal if the connection was blocked by a firewall or other security tools

• Question 888:

  A systems administrator receives the following alert from a file integrity monitoring tool:

  The hash of the cmd.exe file has changed.

  The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

  A. The end user changed the file permissions.
  B. A cryptographic collision was detected.
  C. A snapshot of the file system was taken.
  D. A rootkit was deployed.
  D. A rootkit was deployed.

  ---

  When a file integrity monitoring tool detects a change in the hash of a critical system file like "cmd.exe," it could indicate that a rootkit has been deployed. Rootkits are malicious software designed to hide their presence on a system by modifying critical files and processes, including system utilities like "cmd.exe." By changing the hash of the file, the rootkit aims to evade detection by security tools that rely on file integrity checks. Rootkits often have the capability to tamper with system logs and other monitoring mechanisms, making them difficult to detect using traditional methods.

• Question 889:

  Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?

  A. DDoS
  B. Man-in-the-middle
  C. MAC flooding
  D. Domain hijacking
  A. DDoS

  ---

  Password spraying is a type of brute-force attack used by hackers to gain unauthorized access to user accounts, systems, or services. Unlike traditional brute-force attacks that attempt to guess the password for a single user account by trying various combinations of characters, password spraying involves trying a small number of commonly used passwords against multiple accounts. The goal is to avoid detection by avoiding excessive failed login attempts for a single account, which could trigger account lockouts or other security measures. In a password spraying attack, the attacker typically selects a few common passwords (such as "password," "123456," "admin," etc.) and tries these passwords against many user accounts. This approach takes advantage of the fact that many users often choose weak and easily guessable passwords, and the attacker hopes that at least one of the accounts will have a weak password that matches the ones attempted.

• Question 890:

  A marketing coordinator is trying to access a social media application on a company laptop but is getting blocked. The coordinator opens a help desk ticket to report the issue. Which of the following documents should a security analyst review to determine whether accessing social media applications on a company device is permitted?

  A. Incident response policy
  B. Business continuity policy
  C. Change management policy
  D. Acceptable use policy
  D. Acceptable use policy

  ---

  The acceptable use policy (AUP) defines the rules and guidelines for using company resources, including computers, laptops, and other devices. It typically specifies what activities are allowed and prohibited on company devices, such as accessing social media applications. By reviewing the AUP, a security analyst can determine whether accessing social media applications on a company device is permitted or not.