CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 91:

  A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running. Which of the following should the engineer is to quickly contain the incident with the least amount of impact?

  A. Configure firewall rules to block malicious inbound access.

  B. Manually uninstall the update that contains the backdoor.

  C. Add the application hash to the organization's blocklist.

  D. Tum off all computers that have the application installed.

  Correct Answer: C

  A reverse proxy backdoor is a malicious reverse proxy that can intercept and manipulate the traffic between the client and the web server3. This can allow an attacker to access sensitive data or execute commands on the web server. One possible way to quickly contain the incident with the least amount of impact is to add the application hash to the organization's blocklist. A blocklist is a list of applications or files that are not allowed to run on a system or network. By adding the application hash to the blocklist, the security engineer can prevent the malicious application from running and communicating with the reverse proxy backdoor.

• Question 92:

  Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

  A. nmap

  B. tracert

  C. ping

  D. ssh

  Correct Answer: A

  Tracert is a command-line tool that shows the route that packets take to reach a destination on a network1. It also displays the time it takes for each hop along the way1. By using tracert, you can see if there is a router or firewall that is blocking or slowing down the traffic between the internal workstation and the specific server1.

• Question 93:

  While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet. Which of the following controls would work best to reduce the risk of further exfiltration using this method?

  A. Data loss prevention

  B. Blocking IP traffic at the firewall

  C. Containerization

  D. File integrity monitoring

  Correct Answer: A

  Data loss prevention (DLP) is a set of tools and processes that aim to prevent unauthorized access, use, or transfer of sensitive data. DLP can help reduce the risk of further exfiltration using file storage sites on the internet by monitoring and controlling data flows across endpoints, networks, and cloud services. DLP can also detect and block attempts to copy, upload, or download sensitive data to or from file storage sites based on predefined policies and rules.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.microsoft.com/en-us/security/business/security-101/what-is-data-loss- prevention-dlp

• Question 94:

  Which of the following can reduce vulnerabilities by avoiding code reuse?

  A. Memory management

  B. Stored procedures

  C. Normalization

  D. Code obfuscation

  Correct Answer: D

• Question 95:

  Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

  A. EF x asset value

  B. ALE / SLE

  C. MTBF x impact

  D. SLE x ARO

  Correct Answer: D

  The total loss expected per year due to a threat targeting an asset can be calculated using the Single Loss Expectancy (SLE) multiplied by the Annualized Rate of Occurrence (ARO). SLE is the monetary loss expected from a single event, while ARO is the estimated frequency of that event occurring in a year. Reference: CompTIA Security+ Study Guide: Exam SY0-501, 7th Edition, by Emmett Dulaney and Chuck Easttom, Chapter 9: Risk Management, page 414.

• Question 96:

  Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

  A. IP schema

  B. Application baseline configuration

  C. Standard naming convention policy

  D. Wireless LAN and network perimeter diagram

  Correct Answer: C

  A standard naming convention policy would provide guidelines on how to label new network devices as part of the initial configuration. A standard naming convention policy is a document that defines the rules and formats for naming network devices, such as routers, switches, firewalls, servers, or printers. A standard naming convention policy can help an organization achieve consistency, clarity, and efficiency in network management and administration.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/ PathIsol ationDesignGuide/PathIsolationDesignGuide.pdf

• Question 97:

  A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?

  A. Kerberos

  B. SSL/TLS

  C. IPSec

  D. SSH

  Correct Answer: C

  IPSec is a protocol suite that provides secure communication over IP networks. It uses encryption, authentication, and integrity mechanisms to protect data from unauthorized access or modification. IPSec can operate in two modes: transport mode and tunnel mode. In tunnel mode, IPSec can create a virtual private network (VPN) between two endpoints, such as external partners and internal networks. To establish a VPN connection, IPSec requires a pre-shared key (PSK) or other parameters to negotiate the security association.

  References: https://www.comptia.org/content/guides/what-is-vpn

• Question 98:

  A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away. Which of the following concepts would help the analyst meet this goal m a secure manner?

  A. Digital signatures

  B. Key exchange

  C. Salting

  D. PPTP

  Correct Answer: B

  Key exchange Short Key exchange is the process of securely sharing cryptographic keys between two parties over a public network. This allows them to establish a secure communication channel and encrypt their messages. There are different methods of key exchange, such as Diffie-Hellman or RSA.

  References: https://www.comptia.org/content/guides/what-is-encryption

• Question 99:

  A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output

  

  Which of the following best describes the attack that is currently in progress?

  A. MAC flooding

  B. Evil twin

  C. ARP poisoning

  D. DHCP spoofing

  Correct Answer: A

• Question 100:

  A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

  A. Unsecure root accounts

  B. Lack of vendor support

  C. Password complexity

  D. Default settings

  Correct Answer: A