CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 981:

  Which of the following will MOST likely cause machine-learning and AI-enabled systems to operate with unintended consequences?

  A. Stored procedures

  B. Buffer overflows

  C. Data bias

  D. Code reuse

  Correct Answer: C

• Question 982:

  An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

  A. The baseline

  B. The endpoint configurations

  C. The adversary behavior profiles

  D. The IPS signatures

  Correct Answer: A

  Professor Messer notes : Anomaly-based ?Build a baseline of what's "normal" Behavior-based ?Observe and report

  Behavior based systems need baseline behavior data to be able to observe abnormal behavior that is different from normal (baseline)

• Question 983:

  A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend?

  A. 802.1X utilizing the current PKI infrastructure

  B. SSO to authenticate corporate users

  C. MAC address filtering with ACLs on the router

  D. PAM for users account management

  Correct Answer: A

  It's possible to combine an 802.1x server with other network elements such as a virtual local area network (VLAN). For example, imagine you want to provide visitors with Internet access, but prevent them from accessing internal network resources. You can configure the 802.1x server to grant full access to authorized clients, but redirect unauthorized clients to a guest area of the network via a VLAN.

• Question 984:

  A security operations analyst is using the company's SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of?

  A. Eradication

  B. Recovery

  C. Identification

  D. Preparation

  Correct Answer: C

  C: Identification

  Incident response lifecycle:

  -preparation

  -detection and analysis

  -containment, eradication, recovery

  -post-incident activity

• Question 985:

  A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees. Which of the following controls should the company consider using as part of its IAM strategy? (Select TWO).

  A. A complex password policy

  B. Geolocation

  C. An impossible travel policy

  D. Self-service password reset

  E. Geofencing

  F. Time-based logins

  Correct Answer: AB

• Question 986:

  A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following

  1.

  The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.

  2.

  One of the websites the manager used recently experienced a data breach

  3.

  The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country

  Which of the following attacks has MOST likely been used to compromise the manager's corporate account?

  A. Remote access Trojan

  B. Brute-force

  C. Dictionary

  D. Credential stuffing

  E. Password spraying

  Correct Answer: D

  "Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords (often from a data breach), and then uses the credentials to gain unauthorized access to user accounts"

• Question 987:

  A web server administrator has redundant servers and needs to ensure failover to the secondary server when the primary server goes down. Which of the following should the administrator implement to avoid disruption?

  A. NIC teaming

  B. High availability

  C. Dual power supply

  D. laaS

  Correct Answer: B

  Failover is the key word in here. We can get redundancy with NIC Teaming. But they dont take the fail over. The traffic is directed automaticly to another NIC. it is not a failover.

• Question 988:

  To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used?

  A. PFS

  B. SPF

  C. DMARC

  D. DNSSEC

  Correct Answer: C

• Question 989:

  A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and Is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

  A. Dual power supplies

  B. A UPS

  C. A generator

  D. A PDU

  Correct Answer: B

  based on the name itself "Uninterruptible Power Supply", so an interruption of a 1 second will not gonna happen.

• Question 990:

  An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following solutions should the organization implement to reduce the likelihood of future data breaches?

  A. MDM

  B. MAM

  C. VDI

  D. DLP

  Correct Answer: A

  D)DLP won't prevent data being recovered from a stolen/lost phone.

  A) MDM would have the data encrypted or the ability to have it wiped remotely.