CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 971:

  Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

  A. An RTO report

  B. A risk register

  C. A business impact analysis

  D. An asset value register

  E. A disaster recovery plan

  Correct Answer: B

  A risk register is a document that records all of your organisation's identified risks, the likelihood and consequences of a risk occurring, the actions you are taking to reduce those risks and who is responsible for managing them

• Question 972:

  To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?

  A. Install a hypervisor firewall to filter east-west traffic

  B. Add more VLANs to the hypervisor network switches

  C. Move exposed or vulnerable VMs to the DMZ.

  D. Implement a zero-trust policy and physically segregate the hypervisor servers.

  Correct Answer: B

  Vlans segment traffic so I guess so I guess that's what they mean by segregate

• Question 973:

  Which of the following is the correct order of volatility from MOST to LEAST volatile?

  A. Memory, temporary filesystems, routing tables, disk, network storage

  B. Cache, memory, temporary filesystems, disk, archival media

  C. Memory, disk, temporary filesystems, cache, archival media

  D. Cache, disk, temporary filesystems, network storage, archival media

  Correct Answer: B

  https://www.computer-forensics-recruiter.com/order-of-volatility/

  The IETF and the Order of Volatility

  The Internet Engineering Task Force (IETF) released a document titled, Guidelines for Evidence Collection and Archiving. It is also known as RFC 3227. This document explains that the collection of evidence should start with the most volatile

  item and end with the least volatile item. So, according to the IETF, the Order of Volatility is as follows:

  1.

  Registers, Cache

  2.

  Routing Table, ARP Cache, Process Table, Kernel Statistics, Memory

  3.

  Temporary File Systems

  4.

  Disk

  5.

  Remote Logging and Monitoring Data that is Relevant to the System in Question

  6.

  Physical Configuration, Network Topology

  7.

  Archival Media

• Question 974:

  Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?

  A. Cameras

  B. Faraday cage

  C. Access control vestibule

  D. Sensors

  E. Guards

  Correct Answer: C

• Question 975:

  An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

  A. Always On

  B. Remote access

  C. Site-to-site

  D. Full tunnel

  Correct Answer: C

  key word "expanded its operations" - a new office has been opened that needs to connect to already existing offices.

• Question 976:

  The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure.

  The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established.

  Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories?

  A. VLAN zoning with a file-transfer server in an external-facing zone

  B. DLP running on hosts to prevent file transfers between networks

  C. NAC that permits only data-transfer agents to move data between networks

  D. VPN with full tunneling and NAS authenticating through the Active Directory

  Correct Answer: A

  The labs are not part of the network so data access/loss controls within the network will not solve the issue. Network design (segmentation) with a FS accessible to the labs solves better as only authorised data is stored and no access to internal network/data. Of course other security measures for data at rest and in transit will be applied to FS i.e firewalls, VPN to authenticate and secure connections from the labs but the issue here is what data are they allowed access

• Question 977:

  a user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?

  A. Something you know, something you have, and somewhere you are

  B. Something you know, something you can do, and somewhere you are

  C. Something you are, something you know, and something you can exhibit

  D. Something you have, somewhere you are, and someone you know

  Correct Answer: A

  Something you know = password Something you have = USB key Somewhere you are = state where company resides

• Question 978:

  A company Is concerned about is security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1,

  Which of the following BEST explains the findings?

  A. Default settings on the servers

  B. Unsecured administrator accounts

  C. Open ports and services

  D. Weak Data encryption

  Correct Answer: C

• Question 979:

  An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Select TWO).

  A. ISO

  B. PCI DSS

  C. SOC

  D. GDPR

  E. CSA

  F. NIST

  Correct Answer: BD

  No need for ISO as we are only in EU and USA region GDPR will do just fine, PCI DSS for card processing is always needed. It CompTIA they are tricky with there wording and they try to throw you off.

• Question 980:

  Which of the following often operates in a client-server architecture to act as a service repository, providing enterprise consumers access to structured threat intelligence data?

  A. STIX

  B. CIRT

  C. OSINT

  D. TAXII

  Correct Answer: D

  From Sec+ Book - STIX represents the cyber-threat information (threat intelligence) while TAXII defines how the information is exchanged. You can think of TAXII as "how you get there. Look at this Pic >https://oasis-open.github.io/ctidocumentation/taxii/intro.html - There is a TAXII client/TAXII Server. KEY word are "providing enterprise consumers access to structured threat intelligence data?"