CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 941:

  A user enters a password to log in to a workstation and is then prompted to enter an authentication code.

  Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

  A. Something you know
  B. Something you have
  C. Somewhere you are
  D. Someone you are
  E. Something you are
  F. Something you can do
  A. Something you know
  B. Something you have

  ---

  This is yet another poorly worded question, obviously the password is something you know, the authentication code is extremely vague. If you are like me you were looking for the option that this isn't MFA or two options of "something you know". But it is up to us to suss out that an authentication code can come from a item you have such as a phone or phob etc.....

• Question 942:

  A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

  A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
  B. Restrict administrative privileges and patch all systems and applications.
  C. Rebuild all workstations and install new antivirus software.
  D. Implement application whitelisting and perform user application hardening.
  A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

  ---

  This question is fairly confusing because it says what is the best to do after recovery. This implies that the recovery step was completed successfully. However, in the context of the rest of the question paying for the decryption keys is not enough to complete recovery. They must ensure the threat is gone from the network entirely before proceeding. Regular backups will then allow them to restore to an unencrypted version in the event of additional ransomware.

• Question 943:

  A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether odified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

  A. Check the hash of the installation file
  B. Match the file names
  C. Verify the URL download location
  D. Verify the code-signing certificate
  A. Check the hash of the installation file

  ---

  The hardware manufacturer will post the hash of the file publicly, and anyone who receives a copy of that file will be able to run a checksum on the file themselves, and compare them to the official manufacturer-provided checksum. Hashing is almost always the correct answer in these type of questions. You'll see a lot of Github repositories using hashed checksums as well for verification, and I recently just installed Java onto my new computer. Java provided me with a hashed checksum for the setup executable.

• Question 944:

  A network administrator needs to determine Ihe sequence of a server farm's logs. Which of the following should Ihe administrator consider? (Select TWO).

  A. Chain of custody
  B. Tags
  C. Reports
  D. Time stamps
  E. Hash values
  F. Time offset
  D. Time stamps
  F. Time offset

• Question 945:

  DRAG DROP

  Drag the items on the left to show the different types of security for the shown devices. Not all fields need to be filled. Not all items need to be used.

  Select and Place:

  

  

  ---

  Explanation/Reference:

  For mobile devices, at bare minimum you should have the following security measures in place: Screen lock, Strong password, Device encryption, Remote wipe/Sanitation, voice encryption, GPS tracking, Application control, Storage segmentation, Asset tracking as well as Device Access control.

  For servers in a data center your security should include: Fire extinguishers such as FM200 as part of fire suppression; Biometric, proximity badges, mantraps, HVAC, cable locks;

  these can all be physical security measures to control access to the server.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 418

• Question 946:

  A company recently experienced an attack during which its main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack occurring in the future?

  A. IPSec
  B. SSL/TLS
  C. DNSSEC
  D. S/MIME
  B. SSL/TLS

• Question 947:

  A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears. The task list shows the following results

  

  Which of the following is MOST likely the issue?

  A. RAT
  B. PUP
  C. Spyware
  D. Keylogger
  A. RAT

• Question 948:

  A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

  A. One-time passwords
  B. Email tokens
  C. Push notifications
  D. Hardware authentication
  C. Push notifications

  ---

  Multi-factor authentication (MFA) is a security process that requires users to provide additional evidence of their identity beyond just a username and password. When implementing MFA, it is essential to consider user experience, convenience, and ease of use factors. Push notifications can be an effective technology for implementing MFA because they are non-disruptive and user-friendly. With push notifications, users can receive a notification on their mobile devices when they need to authenticate themselves. They can then tap on the notification to complete the authentication process, without having to enter any additional information. Onetime passwords, email tokens, and hardware authentication are other options that can be used for implementing MFA, but they may not be as user-friendly as push notifications.

• Question 949:

  A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

  A. Segmentation
  B. Firewall whitelisting
  C. Containment
  D. isolation
  A. Segmentation

  ---

  Segmentation. DMZ and VLAN are examples of segmentation. You can configure the device to be on its own isolated network while having access to the third-party vendor. The device will still try to communicate with the file server but traffic will be dropped and logged. This is how you would want to set up IoT and untrusted devices.

• Question 950:

  Which of the following would be used to find the MOST common web-application vulnerabilities?

  A. OWASP
  B. MITRE ATTandCK
  C. Cyber Kill Chain
  D. SDLC
  A. OWASP

  ---

  Anything related to WEB APPLICATION SECURITY = OWASP The Open Web Application Security Project (FRAMEWORK) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Open Web Application Security Project provides free and open resources. MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATTandCKTM) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's lifecycle and the platforms they are known to target. ATTandCK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.