CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 901:

  A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes.

  Which of the following roles should the developer configure to meet these requirements?

  A. Identity processor

  B. Service requestor

  C. Identity provider

  D. Service provider

  E. Tokenized resource

  F. Notarized referral

  Correct Answer: CD

  service and identifty providers

  Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.

  https://www.nts-solutions.com/blog/saml-que-es.html

• Question 902:

  A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

  A. RA

  B. OCSP

  C. CRL

  D. CSR

  Correct Answer: C

  OCSP is quicker that CRL

• Question 903:

  The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML- based protocols. Which of the following will this enable?

  A. SSO

  B. MFA

  C. PKI

  D. OLP

  Correct Answer: A

• Question 904:

  A retail company that is launching @ new website to showcase the company's product line and other information for online shoppers registered the following URLs:

  1.

  www companysite com

  2.

  shop companysite com

  3.

  about-us companysite com

  4.

  contact-us. companysite com

  5.

  secure-logon companysite com

  Which of the following should the company use to secure its website rf the company is concerned with convenience and cost?

  A. A self-signed certificate

  B. A root certificate

  C. A code-signing certificate

  D. A wildcard certificate

  E. An extended validation certificate

  Correct Answer: D

  A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. Wildcard notation consists of an asterisk and a period before the domain name. Secure

• Question 905:

  A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

  A. Enforcing encryption

  B. Deploying GPOs

  C. Removing administrative permissions

  D. Applying MDM software

  Correct Answer: D

  MDM stands for Mobile Device Management, is software that assists in the implementation of the process of managing, monitoring, and securing several mobile devices such as tablets, smartphones, and laptops used in the organization to access the corporate information.

• Question 906:

  An attack relies on an end user visiting a website the end user would typically visit; however, the site is compromised and uses vulnerabilities in the end user's browser to deploy malicious software. Which of the following types of attacks does this describe?

  A. Smishing

  B. Whaling

  C. Watering hole

  D. Phishing

  Correct Answer: C

  A. Smishing - Can't be because it's fishing through text.

  B. Whaling - Question doesn't mention a high ranking position target.

  C. Watering hole - C is my answer.

  D. Phishing - If you know the definition of this you know it's not this one.

• Question 907:

  A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the application?

  A. Repository transaction logs

  B. Common Vulnerabilities and Exposures

  C. Static code analysis

  D. Non-credentialed scans

  Correct Answer: C

  Its a newly Developed application. no CVEs exist.

• Question 908:

  The website http://companywebsite.com requires users to provide personal information, including security question responses, for registration. Which of the following would MOST likely cause a data breach?

  A. Lack of input validation

  B. Lack of input validation

  C. Unsecure protocol

  D. Missing patches

  Correct Answer: C

  Website is using HTTP which is the unsecure protocol of HTTP

• Question 909:

  A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.

  Which of the following tools can the analyst use to verify the permissions?

  A. ssh

  B. chmod

  C. ls

  D. setuid

  E. nessus

  F. nc

  Correct Answer: B

  chmod is used to set permissions for the file.

  If you use: ls -l <---this will list the files with their permissions

  Reference:

  https://www.freecodecamp.org/news/the-linux-ls-command-how-to-list-files-in-a-directory-with-options/

• Question 910:

  Which of the following is a reason why an organization would define an AUP?

  A. To define the lowest level of privileges needed for access and use of the organization's resources

  B. To define the set of rules and behaviors for users of the organization's IT systems

  C. To define the intended partnership between two organizations

  D. To define the availability and reliability characteristics between an IT provider and consumer

  Correct Answer: B