CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 891:

  A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

  A. Dumpster diving

  B. Shoulder surfing

  C. Information elicitation

  D. Credential harvesting

  Correct Answer: A

• Question 892:

  A company recently experienced an attack during which its main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack occurring in the future?

  A. IPSec

  B. SSL/TLS

  C. DNSSEC

  D. S/MIME

  Correct Answer: B

• Question 893:

  A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

  A. A new firewal rule is needed to access the application.

  B. The system was quarantined for missing software updates.

  C. The software was not added to the application whitelist.

  D. The system was isolated from the network due to infected software

  Correct Answer: C

  Firewall is irrelevant to the question. Firewall rules determine if traffic will go trough or get blocked. The firewall has no access or control over processes or applications on the system. The issue is that the application is not whitelisted, which prevents it from booting.

• Question 894:

  A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

  A. Asymmetric

  B. Symmetric

  C. Homomorphic

  D. Ephemeral

  Correct Answer: C

  Homomorphic

  "Homomorphic encryption is a big deal because it makes it possible to perform calculations on encrypted data. This means that data processing can be outsourced to a third party without the need to trust the third party to properly secure the data. Without the proper decryption key, the original data can't be accessed.

  This ability to perform processing on encrypted data has the potential to solve many major business challenges faced by companies across all industries."

  https://www.keyfactor.com/blog/what-is-homomorphic-encryption/#:~:text=Homomorphic%20encryption%20algorithms%20are%20a,with%20a%20number%20of%20applications.

• Question 895:

  A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database. Which of the following was the MOST likely cause?

  A. Shadow IT

  B. Credential stuffing

  C. SQL injection

  D. Man in the browser

  E. Bluejacking

  Correct Answer: A

  Another example of unintentional insider threat is the concept of shadow IT, where users purchase or introduce computer hardware or software to the workplace without the sanction of the IT department and without going through a procurement and security analysis process. The problem of shadow IT is exacerbated by the proliferation of cloud services and mobile devices, which are easy for users to obtain. Shadow IT creates a new unmonitored attack surface for malicious adversaries to exploit.

  While SQL Injection might be one way that enterprise data from the local database was compromised, an attacker could simple have hacked into the person machine and opened up the local database to steal the data. SQL Injection is possible, but is not MOST Likely. You need to ask the question: If the enterprise has moved everything into the cloud, then the only reason there is a local database on the person's machine is because they installed the database. They installed an application on their local machine when they should have been using an application on the company's cloud. That, in its definition, is shadow IT.

• Question 896:

  Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

  A. Production

  B. Test

  C. Staging

  D. Development

  Correct Answer: D

  A development environment is essentially what is on the development team's computers. It's where the developers are writing their code, making code updates, and where all their commits and branches exist. The development environment does not affect what the end user sees. Instead, it allows development to try out new features and updates before pushing them forward to deployment. A lot of preliminary testing is done at this point before moving to the next environment ? the stage environment.

  https://www.pagerduty.com/resources/learn/what-is-production-environment/

• Question 897:

  A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

  A. Evil twin

  B. Jamming

  C. DNS poisoning

  D. Bluesnarfing

  E. DDoS

  Correct Answer: A

  In an Evil Twin attack, the attacker sets up a rogue wireless access point (WAP) with the same SSID as a legitimate WAP to mimic it and trick users into connecting to the rogue WAP. The rogue WAP is configured to perform various malicious activities, such as intercepting sensitive data, stealing credentials, and performing man-in-the-middle attacks.

  In this scenario, the large amount of sensitive data being downloaded from various mobile devices to an external site is likely being intercepted and exfiltrated by the attacker via the rogue WAP. The "impossible travel times" in successful login attempts indicate that the attacker is likely performing man-in-the-middle attacks, intercepting user login credentials, and using them to access the company's internal resources and download the sensitive data.

  The presence of two WAPs using the same SSID with non-standard DHCP configurations and overlapping channels suggests the existence of the rogue WAP, which is characteristic of an Evil Twin attack.

• Question 898:

  An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

  A. Data protection officer

  B. Data owner

  C. Backup administrator

  D. Data custodian

  E. Internal auditor

  Correct Answer: D

  Data Custodians The primary responsibilities of a data custodian are: Maintain physical and system security including physical security of servers and data user security as determined appropriate by the Data Trustees or Data Stewards. Ensure adequate system backups and disaster recovery plans.

  https://www.belmont.edu/oair/data-governance/role-data-custodians.html#:~:text=Data%20Custodiansandtext=The%20primary%20responsibilities%20of%20a,backups%20and%20disaster%20recovery%20plans.

• Question 899:

  After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time.

  Which of the following BEST explains what happened?

  A. The unexpected traffic correlated against multiple rules, generating multiple alerts.

  B. Multiple alerts were generated due to an attack occurring at the same time.

  C. An error in the correlation rules triggered multiple alerts.

  D. The SIEM was unable to correlate the rules, triggering the alerts.

  Correct Answer: A

  The unexpected traffic correlated against multiple rules, generating multiple alerts.

• Question 900:

  During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

  A. Physical move the PC to a separate internet pint of presence

  B. Create and apply microsegmentation rules.

  C. Emulate the malware in a heavily monitored DMZ segment.

  D. Apply network blacklisting rules for the adversary domain

  Correct Answer: B

  AH secure in entire packet