CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 921:

  A systems administrator wants to add a second factor to the single sign-on portal that the organization uses. Currently, only a username and password are required. Which of the following should the administrator implement to best meet this requirement?

  A. Personal verificationQuestions
  B. Software-based TOTP
  C. Log-in image checks
  D. Secondary PIN code
  B. Software-based TOTP

  ---

  A. Personal verificationQuestions - something you know B. Software-based TOTP - something you have C. Log-in image checks - something you know D. Secondary PIN code - something you know

• Question 922:

  Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

  A. Compensating control
  B. Network segmentation
  C. Transfer of risk
  D. SNMP traps
  A. Compensating control

  ---

  In a legacy system where modern security practices or network segmentation may not be fully implemented, a compensating control could be used to provide additional security or restrict access. In this case, the host-based firewall rule allowing connections from specific internal IP addresses serves as a compensating control to restrict access and enhance security within the limitations of the legacy environment.

• Question 923:

  A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks. Which of the following will this practice reduce?

  A. Dumpster diving
  B. Shoulder surfing
  C. Information elicitation
  D. Credential harvesting
  A. Dumpster diving

• Question 924:

  A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can integrate easily into a user’s workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

  A. Push notifications
  B. Phone call
  C. Smart card
  D. Offline backup codes
  A. Push notifications

• Question 925:

  A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

  1.

  The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.

  2.

  One of the websites the manager used recently experienced a data breach

  3.

  The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country

  Which of the following attacks has MOST likely been used to compromise the manager's corporate account?

  A. Remote access Trojan
  B. Brute-force
  C. Dictionary
  D. Credential stuffing
  E. Password spraying
  D. Credential stuffing

  ---

  "Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts"

• Question 926:

  A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

  A. Creating a unified password complexity standard
  B. Integrating each SaaS solution with the identity provider
  C. Securing access to each SaaS by using a single wildcard certificate
  D. Configuring geofencing on each SaaS solution
  B. Integrating each SaaS solution with the identity provider

• Question 927:

  A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information.

  Which of the following methods did the attacker MOST likely use to gain access?

  A. A bot
  B. A fileless virus
  C. A logic bomb
  D. A RAT
  D. A RAT

  ---

  Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response.

• Question 928:

  An employee received a word processing file that was delivered as an email attachment The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

  A. Embedded Python code
  B. Macro-enabled file
  C. Bash scripting
  D. Credential-harvesting website
  B. Macro-enabled file

  ---

  Phishing emails with a word document attachment typically will have macros that can be ran for malicious purposes. Macros are scripts that can run whatever you want and however many times you want it to run, it's generally used for automating frequently used tasks. Since macros can practically do whatever you want, they can be used for malicious purposes such as infecting other files, or downloading/installing other malicious software. Macros would normally run as soon as the document is opened but now macros are disabled in Office apps by default so you would need to manually enable marcos on the file for them to run.

• Question 929:

  A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident.

  During which of the following phases of the response process is this activity MOST likely occurring?

  A. Containment
  B. Identification
  C. Recovery
  D. Preparation
  B. Identification

• Question 930:

  An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

  A. DNS cache poisoning
  B. Domain hijacking
  C. Distributed denial-of-service
  D. DNS tunneling
  A. DNS cache poisoning

  ---

  DNS Client Cache Poisoning - Even though all name resolution now functions through DNS, the HOSTS file is still present and most operating systems check the file before using DNS. Its contents are loaded into a cache of known name:IP mappings and the client only contacts a DNS server if the name is not cached. Therefore, if an attacker is able to place a false name: IP address mapping in the HOSTS file and effectively poison the DNS cache, he or she will be able to redirect traffic. The HOSTS file requires administrator access to modify. In UNIX and Linux systems it is stored as /etc/hosts, while in Windows it is placed in %SystemRoot%\System32\Drivers\etc\hosts.