CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1151:

  A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115.

  Which of the following is occurring?

  A. DoS attack

  B. ARP poisoning

  C. DNS spoofing

  D. NXDOMAIN attack

  Correct Answer: C

  Domain Name Server (DNS) spoofing, or DNS cache poisoning, is an attack involving manipulating DNS records to redirect users toward a fraudulent, malicious website that may resemble the user's intended destination.

• Question 1152:

  A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user's PCs.

  Which of the following is the most likely cause of this issue?

  A. TFTP was disabled on the local hosts

  B. SSH was turned off instead of modifying the configuration file

  C. Remote login was disabled in the networkd.config instead of using the sshd.conf

  D. Network services are no longer running on the NAS

  Correct Answer: B

• Question 1153:

  A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

  

  Based on the IoCS, which of the following was the MOST likely attack used to compromise the network communication?

  A. Denial of service

  B. ARP poisoning

  C. Command injection

  D. MAC flooding

  Correct Answer: D

• Question 1154:

  The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity. Which of the following Is the BEST solution for the pilot?

  A. Geofencing

  B. Self-sovereign identification

  C. PKl certificates

  D. SSO

  Correct Answer: A

• Question 1155:

  A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

  http://comptia.org/../../../etc/passwd

  Which ol the following types of attacks is being attempted and how can it be mitigated?

  A. XSS. mplement a SIEM

  B. CSRF. implement an IPS

  C. Directory traversal implement a WAF

  D. SQL infection, mplement an IDS

  Correct Answer: C

• Question 1156:

  A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?

  A. Add a deny-all rule to that host in the network ACL

  B. Implement a network-wide scan for other instances of the malware.

  C. Quarantine the host from other parts of the network

  D. Revoke the client's network access certificates

  Correct Answer: C

• Question 1157:

  The SIEM at an organization has detected suspicious traffic coming from a workstation in its internal network. An analyst in the SOC investigates the workstation and discovers malware that is associated with a botnet is installed on the

  device.

  A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator.

  To which of the following groups should the analyst report this real-world event?

  A. The NOC team

  B. The vulnerability management team

  C. The CIRT

  D. The read team

  Correct Answer: C

  Also known as a "computer incident response team," this group is responsible for responding to security breaches, viruses and other potentially catastrophic incidents in enterprises that face significant security risks. In addition to technical specialists capable of dealing with specific threats, it should include experts who can guide enterprise executives on appropriate communication in the wake of such incidents.

  https://csrc.nist.gov/glossary/term/computer_incident_response_team

• Question 1158:

  A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?

  A. Snapshot

  B. Differential

  C. Full

  D. Tape

  Correct Answer: B

  A snapshot is not a back up. If your machine goes down so do the backups. Also microsoft might delete all your snapshots if you I/O is too high or the storage is low and they are saved on the same drive. Because it stakes "saving most amount of storage", I believe its B. Once you have the full back up, you would do differentials. If you did full backups daily, you will run out of storage soon. Tape is long recovery.

• Question 1159:

  A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?

  A. Preventive

  B. Compensating

  C. Corrective

  D. Detective

  Correct Answer: D

• Question 1160:

  A company recently experienced an attack during which its main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack from occurring in the future?

  A. IPSec

  B. SSL/TLS

  C. DNSSEC

  D. S/MIME

  Correct Answer: C

  DNSSEC guarantees the authenticity of DNS responses. When a user receives a DNSSEC-authenticated IP, they gain confidence that the page they are opening is valid.