CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1161:

  After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:

  A. privilege escalation

  B. footprinting

  C. persistence

  D. pivoting.

  Correct Answer: D

  Pivoting -> The act of an attacker moving from one compromised system to one or more other systems on the network

• Question 1162:

  A security engineer is installing a WF io protect the company's website from malicious wed requests over SSL, Which of the following is needed io meet the objective?

  A. A reverse proxy

  B. A decryption certificate

  C. A split-tunnel VPN

  D. Load-balanced servers

  Correct Answer: B

  WAF can only block abnormal traffic by filtering the plaintext data.

• Question 1163:

  After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

  A. A DMZ

  B. A VPN a

  C. A VLAN

  D. An ACL

  Correct Answer: D

  "CONTROL" the trafic between segments.

  the network is already segmented either via VLAN or physicaly.

• Question 1164:

  Which of the following conditions impacts data sovereignty?

  A. Rights management

  B. Criminal investigations

  C. Healthcare data

  D. Intemational operations

  Correct Answer: D

• Question 1165:

  A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).

  A. Create a new network for the mobile devices and block the communication to the internal network and servers

  B. Use a captive portal for user authentication.

  C. Authenticate users using OAuth for more resiliency

  D. Implement SSO and allow communication to the internal network

  E. Use the existing network and allow communication to the internal network and servers.

  F. Use a new and updated RADIUS server to maintain the best solution

  Correct Answer: BC

• Question 1166:

  A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

  A. HIDS

  B. NIPS

  C. HSM

  D. WAF

  E. NAC

  F. NIDS

  G. Stateless firewall

  Correct Answer: BD

  Answer: (B) NIPS and (D) WAF

  A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-sitescripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model).

  A network intrusion protection system (NIPS) is an umbrella term for a combination of hardware and software systems that protect computer networks from unauthorized access and malicious activity. NIPS consists of NIDS and IPS. WAF is a firewall. NIPS can operate up to layer 7 by passing or allowing traffic

• Question 1167:

  A user reports trouble using a corporate laptop. The laptop freezes and responds slowly when writing documents and the mouse pointer occasional disappears. The task list shows the following results

  

  Which of the following is MOST likely the issue?

  A. RAT

  B. PUP

  C. Spyware

  D. Keylogger

  Correct Answer: A

• Question 1168:

  A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?

  A. A laaS

  B. PaaS

  C. XaaS

  D. SaaS

  Correct Answer: C

• Question 1169:

  After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

  A. loT sensor

  B. Evil twin

  C. Rogue access point

  D. On-path attack

  Correct Answer: C

• Question 1170:

  A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:

  

  Which of the following is MOST likely occurring?

  A. Invalid trust chain

  B. Domain hijacking

  C. DNS poisoning

  D. URL redirection

  Correct Answer: C