CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 951:

  A security analyst is working on a project to implement a solution that monitors network communications and provides alerts when abnormal behavior is detected

  Which of the following is the security analyst MOST likely implementing?

  A. Vulnerability scans
  B. User behavior analysis
  C. Security orchestration, automation, and response
  D. Threat hunting
  B. User behavior analysis

  ---

  "UEBA is an extension of SIEM where, in addition to observing suspicious network behavior, they also trigger alerts when unusual entity or user behavior is observed"

• Question 952:

  HOTSPOT

  The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication.

  1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.

  2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port

  3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

  Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

  

  Hot Area:

  

  

  ---

  Explanation/Reference:

  

  Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you’re denied access by default.

  Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.

  Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22

  Rule #3 and Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp.26, 44

  http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 953:

  A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?

  A. Non-repudiation
  B. Baseline configurations
  C. MFA
  D. DLP
  A. Non-repudiation

  ---

  Non-repudiation is the process of ensuring that a party involved in a transaction or communication cannot deny their involvement. By implementing non-repudiation controls, a cybersecurity analyst can properly track and log user actions, attributing them to a specific individual. This can be achieved through methods such as digital signatures, timestamps, and secure logging mechanisms. References: 1. CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/CompTIA%20Security%2B%20SY0- 601%20Exam%20Objectives.pdf

• Question 954:

  An audit Identified Pll being utilized In the development environment of a critical application. The Chief Privacy Officer (CPO) Is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?

  A. Data anonymlzallon
  B. Data encryption
  C. Data masking
  D. Data tokenization
  C. Data masking

  ---

  Data masking refers to modifying data to hide the original content. The primary reason to do so is to protect sensitive information such as PII. The process retains usable data but converts it to inauthentic data.

• Question 955:

  A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment.

  Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?

  A. DNS sinkholing
  B. DLP rules on the terminal
  C. An IP blacklist
  D. Application whitelisting
  D. Application whitelisting

  ---

  Application whitelisting. Application whitelisting is a security measure that allows only approved and trusted applications to run on a system, while blocking all other applications. By implementing application whitelisting on the vulnerable process control terminal, any attempt to install and execute unauthorized software would be blocked, effectively mitigating the reported vulnerability..

• Question 956:

  A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

  A. Use password hashing.
  B. Enforce password complexity.
  C. Implement password salting.
  D. Disable password reuse.
  B. Enforce password complexity.

• Question 957:

  A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

  A. Scanning
  B. Alerting
  C. Reporting
  D. Archiving
  A. Scanning

  ---

  Scanning involves using automated tools to actively check the entire environment for vulnerabilities. The process typically involves using vulnerability scanning tools to identify and assess potential security weaknesses in the network, systems, and applications. The scan may include checks for known security vulnerabilities, misconfigurations, outdated software versions, and other potential issues that could be exploited by attackers. By performing regular vulnerability scanning, the systems administrator can proactively identify and address security risks, allowing them to take appropriate measures to patch or mitigate vulnerabilities before they can be exploited by malicious actors. Scanning is an essential part of a proactive security posture and helps ensure that the organization's systems and data remain secure and protected from potential threats.

• Question 958:

  A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:

  1.

  The devices will be used internationally by staff who travel extensively.

  2.

  Occasional personal use is acceptable due to the travel requirements.

  3.

  Users must be able to install and configure sanctioned programs and productivity suites.

  4.

  The devices must be encrypted

  5.

  The devices must be capable of operating in low-bandwidth environments.

  Which of the following would provide the GREATEST benefit to the security posture of the devices?

  A. Configuring an always-on VPN
  B. Implementing application whitelisting
  C. Requiring web traffic to pass through the on-premises content filter
  D. Setting the antivirus DAT update schedule to weekly
  A. Configuring an always-on VPN

  ---

  1-hackers spying on network traffic 2-they can still install stuff. app listing would only allow stuff IT OK'd. Do you want to tell IT all your personal apps? 3-Sure can 4-network traffic is encrypted. These better have minimum TPM and antimalware on them. 5-Always on vpn is faster then regular vpn - our company has been using it for years.

• Question 959:

  An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

  A. Bug bounty
  B. White-box
  C. Black-box
  D. Gray-box
  B. White-box

• Question 960:

  During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

  A. A vulnerability scanner
  B. A NGFW
  C. The Windows Event Viewer
  D. A SIEM
  D. A SIEM

  ---

  A SIEM is a centralized logging and monitoring solution that collects, analyzes, and correlates log data from various sources within an organization's network and security infrastructure. It helps security analysts to gain visibility into security events and incidents by aggregating and correlating logs from multiple systems and devices. In the scenario described, the EDR system and firewall are both generating logs that provide valuable information about the incident. By using a SIEM, the analyst can collect and correlate the logs from these different sources to get a comprehensive view of the incident. The SIEM will help the analyst identify patterns, anomalies, and potential indicators of compromise that may not be immediately apparent when reviewing individual logs in isolation.