CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 951:

  Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline?

  A. Something you exhibit

  B. Something you can do

  C. Someone you know

  D. Somewhere you are

  Correct Answer: B

  Something you do is a type of authentication which proves identities by observing actions. These actions could be things like gestures or touches D is wrong because is not biometric (fingerprint, eyes, voice, face,etc)

• Question 952:

  A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would BEST support the organization's strategy?

  A. FIM

  B. DLP

  C. EDR

  D. UTM

  Correct Answer: C

  FIM File Integrity Monitoring DLP Data Loss Prevention EDR Endpoint Detection and Response UTM Unified Threat Management

  I think the answer is EDR (when signature detection is not enough -> behavioral analysis, machine learning) update from UTM is NGFF

• Question 953:

  Which of the following represents a biometric FRR?

  A. Authorized users being denied access

  B. Users failing to enter the correct PIN

  C. The denied and authorized numbers being equal

  D. The number of unauthorized users being granted access

  Correct Answer: A

  This is from chapter Authentication and Authorization, The false rejection rate (FRR) determines level false negatives, or rejections

• Question 954:

  A hospital's administration is concerned about a potential loss of patient data that is stored on tablets. A security administrator needs to implement controls to alert the SOC any time the devices are near exits. Which of the following would BEST achieve this objective?

  A. Geotargeting

  B. Geolocation

  C. Geotagging

  D. Geofencing

  Correct Answer: B

• Question 955:

  A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The file-sharing service is the same one used by company staff as one of its approved third- party applications. After further investigation, the security team determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from reoccurring but does not want to impact existing business processes.

  Which of the following would BEST meet the CSO's objectives?

  A. DLP

  B. SWG

  C. CASB

  D. Virtual network segmentation

  E. Container security

  Correct Answer: A

• Question 956:

  An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

  A. Using geographic diversity to have VPN terminators closer to end users

  B. Utilizing split tunneling so only traffic for corporate resources is encrypted

  C. Purchasing higher-bandwidth connections to meet the increased demand

  D. Configuring QoS properly on the VPN accelerators

  Correct Answer: B

  https://support.zoom.us/hc/en-us/articles/360053610731-VPN-Split-Tunneling-Recommendations

• Question 957:

  A security analyst Is reviewing the following output from a system:

  

  Which of the following is MOST likely being observed?

  A. ARP poisoning

  B. Man in the middle

  C. Denial of service

  D. DNS poisoning

  Correct Answer: C

  TIME_WAIT means it's waiting for a reply or connection. this often happens when a port is activated and the connection has not yet. been established

• Question 958:

  During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?

  A. ls

  B. chflags

  C. chmod

  D. lsof

  E. setuid

  Correct Answer: C

  Chmod removes the setuido permission, that is, it removes the S bit. Setuido is the specific permission, but it is removed with Chmod. In Unix and Unix-like operating systems, chmod is the command and system call used to change the access permissions of file system objects sometimes known as modes. It is also used to change special mode flags such as setuid and setgid flags and a 'sticky' bit. The request is filtered by the umask

  https://www.cbtnuggets.com/blog/technology/system-admin/linux-file-permissions-understanding-setuid-setgid-and-the-sticky-bit

• Question 959:

  An organization is having difficulty correlating events from its individual AV, EDR. DLP. SWG, WAF, MDM. HIPS. and CASB systems. Which of the following Is the BEST way to improve the situation?

  A. Remove expensive systems that generate few alerts,

  B. Modify the systems to alert only on critical issues.

  C. Utilize a SIEM to centralize logs and dashboards.

  D. Implement a new syslog/NetFlow appliance.

  Correct Answer: C

  A SIEM is a centralized solution that aggregates and correlates log data from multiple security devices, applications, and systems in real-time. It provides a unified view of security events and alerts, making it easier for security analysts to detect and respond to security incidents. With a SIEM, the organization can create custom dashboards, perform advanced analytics, and automate incident response workflows.

• Question 960:

  A SOC is implementing an in sider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat?

  A. A honeyfile

  B. ADMZ

  C. DLP

  D. File integrity monitoring

  Correct Answer: A