CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 931:

  A company was recently breached, Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

  A. Log enrichment

  B. Log aggregation

  C. Log parser

  D. Log collector

  Correct Answer: D

  Log collectors are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a SIEM. Log aggregation is the process of combining logs together. This is done to allow different formats from different systems to work together.

• Question 932:

  A security engineering installing A WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

  A. A reverse proxy

  B. A decryption certificate

  C. A split-tunnel VPN

  D. Load-balanced servers

  Correct Answer: B

  Web Application Firewall (WAF):

  A web application firewall (WAF) is a device that performs restrictions based on rules associated with HTTP/HTTPS traffic. By definition, web application firewalls are a form of content filter, and their various configurations allow them to

  provide significant capabilities and protections. The level of specificity in what can be allowed or blocked can be as precise as "allow Facebook but block Facebook games." WAFs can detect and block disclosure of critical data, such as

  account numbers, credit card numbers, and so on. WAFs can also be used to protect websites from common attack vectors such as cross-site scripting, fuzzing, and buffer overflow attacks.

  You can configure a web application firewall to examine inside a TLS session. This is important if an attacker is attempting to use an encrypted channel such as TLS to mask their activity. Because legitimate TLS channels are instantiated by

  the system, you can pass the appropriate credentials internally to the WAF to enable TLS inspection

• Question 933:

  An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would BEST support this solution?

  A. Web log files

  B. Browser cache

  C. DNS query logs

  D. Antivirus

  Correct Answer: C

  A. Web Log Files - this can be eliminated because web log files are only viewable by the website's owner. We are not the owner, thus this is not useful to us.

  B. Browser Cache - this can be eliminated because the malware does not communicate through the browser.

  C. DNS query logs - the malware reaches out to an internet service. This will be logged in the DNS query logs.

  D. Antivirus - I don't think this solution is that bad, but what if the antivirus does not detect the malware? An antivirus, in this case, is not reliable for detecting indicators of compromise.

• Question 934:

  A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations.

  Which of the following would address the CSO's concerns?

  A. SPF

  B. DMARC

  C. SSL

  D. DKIM

  E. TLS

  Correct Answer: E

  DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through cryptographic authentication. Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence

• Question 935:

  A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which of the following configurations should an analyst enable to improve security? (Choose two.)

  A. RADIUS

  B. PEAP

  C. WPS

  D. WEP-TKIP

  E. SSL

  F. WPA2-PSK

  Correct Answer: AF

  WPA2-PSK: WPA works using discrete modes for enterprise and personal use.

  The most recent enterprise mode, WPA-EAP, uses a stringent 802.1x authentication.

  The latest personal mode, WPA-PSK, uses Simultaneous Authentication of Equals (SAE) to create a secure handshake.

• Question 936:

  Joe, a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:

  

  Which of the following can be determined about the organization's public presence and security posture? (Select TWO).

  A. Joe used Whois to produce this output.

  B. Joe used cURL to produce this output.

  C. Joe used Wireshark to produce this output.

  D. The organization has adequate information available in public registration.

  E. The organization has too much information available in public registration.

  F. The organization has too little information available in public registration.

  Correct Answer: AD

• Question 937:

  An organization's finance department is implementing a policy to protect against collusion. Which of the following control types and corresponding procedures should the organization implement to fulfill this policy's requirement? (Select TWO).

  A. Corrective

  B. Deterrent

  C. Preventive

  D. Mandatory vacations

  E. Job rotation

  F. Separation of duties

  Correct Answer: DE

• Question 938:

  A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on- site customer support. Which of the following should the administrator employ to meet these criteria?

  A. Implement NAC.

  B. Implement an SWG.

  C. Implement a URL filter.

  D. Implement an MDM.

  Correct Answer: B

  What is SWG in cyber security?

  " A secure web gateway (SWG) protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies. Instead of connecting directly to a website, a user accesses the SWG, which is then responsible

  for connecting the user to the desired website and performing functions such as URL filtering, web visibility, malicious content inspection, web access controls and other security measures."

  This hits all the points.

• Question 939:

  Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

  A. A right-to-audit clause allowing for annual security audits

  B. Requirements for event logs to be kept for a minimum of 30 days

  C. Integration of threat intelligence in the company's AV

  D. A data-breach clause requiring disclosure of significant data loss

  Correct Answer: A

  The right-to-audit clause in a contract would enable the company to perform annual security audits on the vendor. This clause gives the company the ability to monitor the ongoing security practices and maturity of the vendor. By conducting security audits, the company can assess the vendor's compliance with security requirements, identify potential security risks, and ensure that the vendor is implementing appropriate security measures. This is a common practice to maintain oversight and ensure security alignment between the company and its vendors.

• Question 940:

  Which of tre following would BEST identity and remediate a catatoss event in an enterprise using third-pany, web-based services and file-sharing platanmns?

  A. SIEM

  B. CASE

  C. UTM

  D. EDR

  Correct Answer: B