CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1201:

  The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?

  A. Requiring all new, on-site visitors to configure their devices to use WPS

  B. Implementing a new SSID for every event hosted by the college that has visitors

  C. Creating a unique PSK for every visitor when they arrive at the reception area

  D. Deploying a captive portal to capture visitors' MAC addresses and names

  Correct Answer: D

• Question 1202:

  A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN.

  Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

  A. 135

  B. 139

  C. 143

  D. 161

  E. 443

  F. 445

  Correct Answer: BF

• Question 1203:

  A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable To improve security? (Select TWO.)

  A. RADIUS

  B. PEAP

  C. WPS

  D. WEP-EKIP

  E. SSL

  F. WPA2-PSK

  Correct Answer: AF

  WPA2-PSK: WPA works using discrete modes for enterprise and personal use.

  The most recent enterprise mode, WPA-EAP, uses a stringent 802.1x authentication.

  The latest personal mode, WPA-PSK, uses Simultaneous Authentication of Equals (SAE) to create a secure handshake.

• Question 1204:

  A security engineer needs to create a network segment that can be used for servers that require connections form untrusted networks. Which of the following should the engineer implement?

  A. An air gap

  B. A hot site

  C. A VLAN

  D. A screened subnet

  Correct Answer: D

  from the comptia official textbook:

  "A screened subnet (previously known as a demilitarized zone [DMZ]) is a special-purpose subnet that is designed specifically for low-trust users to access specific systems, such as the public accessing a web server. If the screened subnet

  is compromised, the private LAN isn't necessarily affected or compromised. Access to a screened subnet is usually controlled or restricted by a firewall and router system. The screened subnet can act as a buffer network between the public

  untrusted Internet and the private trusted LAN. This implementation is known as a screened subnet. It is deployed by placing the screened subnet between two firewalls, where one firewall leads to the Internet and the other to the private LAN.

  A screened subnet can also be deployed through the use of a multihomed firewall. Such a firewall has three interfaces: one to the Internet, one to the private LAN, and one to the screened subnet."

• Question 1205:

  A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

  

  Which of the following MOST likely would have prevented the attacker from learning the service account name?

  A. Race condition testing

  B. Proper error handling

  C. Forward web server logs to a SIEM

  D. Input sanitization

  Correct Answer: B

• Question 1206:

  A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third- party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?

  A. IP restrictions

  B. Multifactor authentication

  C. A banned password list

  D. A complex password policy

  Correct Answer: B

• Question 1207:

  A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

  A. Run a vulnerability scan against the CEOs computer to find possible vulnerabilities

  B. Install a sandbox to run the malicious payload in a safe environment

  C. Perform a traceroute to identify the communication path

  D. Use netstat to check whether communication has been made with a remote host

  Correct Answer: B

• Question 1208:

  A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

  

  Which of the following BEST explains this type of attack?

  A. DLL injection to hijack administrator services B. SQL on the field to bypass authentication

  C. Execution of a stored XSS on the website

  D. Code to execute a race condition on the server

  Correct Answer: C

• Question 1209:

  A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA, Which of the following will the engineer MOST likely use to achieve this objective?

  A. A forward proxy

  B. A stateful firewall

  C. A jump server

  D. A port tap

  Correct Answer: C

• Question 1210:

  Which of the following must be in place before implementing a BCP?

  A. SLA

  B. AUP

  C. NDA

  D. BIA

  Correct Answer: D