CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 931:

  Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

  A. Disaster recovery plan
  B. Incident response procedure
  C. Business continuity plan
  D. Change management procedure
  D. Change management procedure

  ---

  Change management procedure," is the correct answer when it comes to adhering to best practices for setting up a new set of firewall rules. creating a change procedure for the firewall configuration is one of the best practices for firewall rule configuration managing firewall rulesets and policies by a formal change management control process is also recommended. A change management procedure ensures that any changes made to the firewall configuration are done in a controlled and documented manner, reducing the risk of errors and unauthorized changes.

• Question 932:

  HOTSPOT

  A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

  INSTRUCTIONS

  Please click on the below items on the network diagram and configure them accordingly:

  1. WAP

  2. DHCP Server

  3. AAA Server

  4. Wireless Controller

  5. LDAP Server

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  

  

  Hot Area:

  

  

  ---

  Explanation/Reference:

• Question 933:

  A network manager wants to protect the company's VPN by multifactor authentication that uses:

  1.

  Something you know

  2.

  Something you have

  3.

  Somewhere you are

  Which of the following would accomplish the manager's goal?

  A. Domain name. PKI, GeoIP lookup
  B. VPN IP address, company ID. partner site
  C. Password, authentication token, thumbprint
  D. Company URL, TLS certificate, home address
  C. Password, authentication token, thumbprint

• Question 934:

  A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

  A. Reconnaissance
  B. Impersonation
  C. Typosquatting
  D. Watering-hole
  C. Typosquatting

  ---

  Typosquatting is a type of cyberattack that involves registering domains with deliberately misspelled names of well-known websites. The attackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes. Visitors may end up at these alternative websites by inadvertently mistyping the name of popular websites into their web browser or by being lured by a phishing scam. The attackers may emulate the look and feel of the legitimate websites and trick users into entering sensitive information or downloading malware. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.kaspersky.com/resource-center/definitions/what-is-typosquatting

• Question 935:

  Which of the following would satisfy three-factor authentication requirements?

  A. Password, PIN, and physical token
  B. PIN, fingerprint scan, and ins scan
  C. Password, fingerprint scan, and physical token
  D. PIN, physical token, and ID card
  C. Password, fingerprint scan, and physical token

  ---

  Explanation Explanation/Reference:Three-factor authentication combines three types of authentication methods: something you know (password), something you have (physical token), and something you are (fingerprint scan). Option C satisfies these requirements, as it uses a password (something you know), a physical token (something you have), and a fingerprint scan (something you are) for authentication. Reference: CompTIA Security+ Study Guide (SY0-601) 7th Edition by Emmett Dulaney, Chuck Easttom Note: There could be other options as well that could satisfy the three-factor authentication requirements as per the organization's security policies.

• Question 936:

  Callers speaking a foreign language are using company phone numbers to make unsolicited phone calls to a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

  A. The executive team is traveling internationally and trying to avoid roaming charges.
  B. The company’s SIP server security settings are weak.
  C. Disgruntled employees are making calls to the partner organization.
  D. The service provider has assigned multiple companies the same numbers.
  B. The company’s SIP server security settings are weak.

• Question 937:

  A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

  A. Snapshot
  B. Differential
  C. Full
  D. Tape
  B. Differential

  ---

  Explanation Explanation/Reference:A snapshot is not a back up. If your machine goes down so do the backups. Also microsoft might delete all your snapshots if you I/O is too high or the storage is low and they are saved on the same drive. Because it stakes "saving most amount of storage", I believe its B. Once you have the full back up, you would do differentials. If you did full backups daily, you will run out of storage soon. Tape is long recovery.

• Question 938:

  Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

  A. Air gap
  B. Barricade
  C. Port security
  D. Screened subnet
  D. Screened subnet

  ---

  One of the most effective ways to protect an application server is to use a screened subnet. A screened subnet is a network segment that is isolated from both the internet and the internal network by two firewalls. The application server is placed in the screened subnet, also known as the demilitarized zone (DMZ), and only the necessary ports are opened for communication. This way, the application server is shielded from external attacks and internal breaches, and the impact of a compromise is minimized.

• Question 939:

  Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

  A. Crossover error rate
  B. False match raw
  C. False rejection
  D. False positive
  C. False rejection

  ---

  False rejection Short A false rejection occurs when a biometric system fails to recognize an authorized user and denies access. This can happen due to poor quality of the biometric sample, environmental factors, or system errors. References: https://www.comptia.org/blog/what-is-biometrics

• Question 940:

  A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents Which of the following backup types should be used?

  A. Snapshot
  B. Differential
  C. Cloud
  D. Full
  E. Incremental
  A. Snapshot

  ---

  A snapshot preserves the state and data of a virtual machine at a specific point in time. The state includes the virtual machine's power state (for example, powered-on, powered-off, suspended). The data includes all of the files that make up the virtual machine. This includes disks, memory, and other devices, such as virtual network interface cards. A virtual machine provides several operations for creating and managing snapshots and snapshot chains. These operations let you create snapshots, revert to any snapshot in the chain, and remove snapshots. You can create extensive snapshot trees.