CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 911:

  A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

  A. Semi-authorized hackers

  B. State actors

  C. Script kiddies

  D. Advanced persistent threats

  Correct Answer: B

  Comptia's handbook:

  APT=An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.

• Question 912:

  A bank detects fraudulent activity on user's account. The user confirms transactions completed yesterday on the bank's website at https://www.company.com. A security analyst then examines the user's Internet usage logs and observes the following output:

  

  Which of the following has MOST likely occurred?

  A. Replay attack

  B. SQL injection

  C. SSL stripping

  D. Race conditions

  Correct Answer: C

  Secure Sockets Layer (SSL) Stripping:

  Secure sockets layer (SSL) stripping is a man in the middle attack against all SSL and early versions of TLS connections. The attack is performed anywhere a man in the middle attack can happen, which makes wireless hotspots a prime

  location. The attack works by intercepting the initial connection request for HTTPS, redirecting it to an HTTP site, and then mediating in the middle. The reason the attack works is because the beginning of an SSL or TLS (v1.0 or v1.1)

  handshake is vulnerable to attack. The main defense is technical: only use TLS 1.2 or 1.3, as these versions have protections against the specific attack method.

• Question 913:

  An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

  A. HSM

  B. CASB

  C. TPM

  D. DLP

  Correct Answer: A

  "A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys"

• Question 914:

  An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

  A. The vulnerability scan output

  B. The security logs

  C. The baseline report

  D. The correlation of events

  Correct Answer: B

• Question 915:

  A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

  A. Perform a vulnerability scan to identify the weak spots.

  B. Use a packet analyzer to investigate the NetFlow traffic

  C. Check the SIEM to review the correlated logs.

  D. Require access to the routers to view current sessions,

  Correct Answer: C

  A SIEM (Security Information and Event Management) system collects and aggregates logs from various sources across an enterprise's network and IT infrastructure. It can correlate and analyze these logs to identify security incidents and provide a comprehensive view of activities across the network. In the case of a data breach investigation, the SIEM can be a valuable tool to review the logs generated during the attack and trace the attacker's activities from the perimeter network to the sensitive information.

• Question 916:

  When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?

  A. Z-Wave compatibility

  B. Network range

  C. Zigbee configuration

  D. Communication protocols

  Correct Answer: D

• Question 917:

  A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?

  A. Key escrow

  B. A self-signed certificate

  C. Certificate chaining

  D. An extended validation certificate

  Correct Answer: B

• Question 918:

  A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

  A. Security research publications

  B. The MITRE ATTandCK framework

  C. The Diamond Model of Intrusion Analysis

  D. The Cyber Kill Chain

  Correct Answer: B

• Question 919:

  Which of the following will MOST likely cause machine-learning and AI-enabled systems to operate with unintended consequences?

  A. Stored procedures

  B. Buffer overflows

  C. Data bias

  D. Code reuse

  Correct Answer: C

  https://bernardmarr.com/default.asp?contentID=1827

• Question 920:

  An organization that has a large number of mobile devices is exploring enhanced security controls to manage unauthorized access if a device is lost or stolen. Specifically, if mobile devices are more than 3mi(4.8km) from the building, the

  management team would like to have the security team alerted and server resources restricted on those devices.

  Which of the following controls should the organization implement?

  A. Geofencing

  B. Lockout

  C. Near-field communication

  D. GPS tagging

  Correct Answer: A

  Reference: https://www.npws.net/blog/attract-customers-with-beacons-geotagging-geofencing/#:~:text=Geo%2Dtagging%3A%20The%20method%20consists,for%20a%20promotion%20or%20coupon.