CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 1211:

  A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

  

  Which of the following BEST describes the attack the company is experiencing?

  A. MAC flooding

  B. URL redirection

  C. ARP poisoning

  D. DNS hijacking

  Correct Answer: C

  https://en.wikipedia.org/wiki/ARP_spoofing#Static_ARP_entries

• Question 1212:

  A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

  A. A An incident response plan

  B. A communications plan

  C. A business continuity plan

  D. A disaster recovery plan

  Correct Answer: A

• Question 1213:

  Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?

  A. ISO 27701

  B. The Center for Internet Security

  C. SSAE SOC 2

  D. NIST Risk Management Framework

  Correct Answer: B

• Question 1214:

  A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?

  A. Enforce the use of a controlled trusted source of container images

  B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers

  C. Define a vulnerability scan to assess container images before being introduced on the environment

  D. Create a dedicated VPC for the containerized environment

  Correct Answer: A

  Enforcing the use of a controlled and trusted source of container images is the best solution to prevent incidents like the one described. When using containerized applications, it is crucial to ensure that the container images come from trusted sources, such as a private container registry, where the images are scanned for vulnerabilities and controlled by the organization. This way, the risk of downloading images with zero-day vulnerabilities or other malicious code from public registries is minimized.

• Question 1215:

  The following are the logs of a successful attack.

  

  Which of the following controls would be BEST to use to prevent such a breach in the future?

  A. Password history

  B. Account expiration

  C. Password complexity

  D. Account lockout

  Correct Answer: D

  Reference: https://www.computerhope.com/jargon/a/accolock.htm#:~:text=Account%20lockout%20keeps%20the%20account,log%20into%20your%20account%20again

• Question 1216:

  During a Chiet Information Securty Officer (CISO) comvenbon to discuss security awareness, the affendees are provided with a network connection to use as a resource. As the Convention progresses. and of the attendees starts to notice delays in the connection. and the HTTPS ste requests are reverting to HTTP. Which of the folowing BEST describes what is happening?

  A. Birtuday colfisices on the cartificate key

  B. DNS hijackeng to reroute tratic

  C. Brute force 1 tho access point

  D. A SSL/TLS downgrade

  Correct Answer: D

• Question 1217:

  Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

  A. Test

  B. Staging

  C. Development

  D. Production

  Correct Answer: A

  The question is about "component parts", so not the entire application. Assessment of components is done on test, not staging.

  Keyword: "execution of component parts "

  Source:https://www.flagship.io/test-environment/

  Testing Env- the focus here is testing individual components rather than the entire application

  Staging - The focus here is to test the application or software as a whole

• Question 1218:

  Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.)

  A. Unsecure protocols

  B. Use of penetration-testing utilities

  C. Weak passwords

  D. Included third-party libraries

  E. Vendors/supply chain

  F. Outdated anti-malware software

  Correct Answer: DF

  A. Unsecure protocols

  --> Could be correct. This is a vector that could be used shortly before the final release to somehow include malicious code.

  B. Use of penetration-testing utilities

  --> Makes no sense

  C. Weak passwords

  --> Is an attack vector and "unauthorized" could match that. Might be correct.

  D. Included third-party libraries

  --> unintentional would fit. But if there was something wrong with a 3rd party libary, that should have been discovered before the final release.

  E. Vendors/supply chain

  --> Depends on what these vendors do. If they are developing code that is used in the final release it could contain vulnerabilities that are included unintentionally. But that would be kind of similar to the 3rd party libraries.

  F. Outdated anti-malware software

  --> malware outdated in the developer's computer... Hence a malware located in the developer's computer can be unintentionally added to the SW before it is released

• Question 1219:

  Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

  A. Block cipher

  B. Hashing

  C. Private key

  D. Perfect forward secrecy

  E. Salting

  F. Symmetric keys

  Correct Answer: BC

  Non-repudiation is the guarantee that no one can deny a transaction. The terminology of non-repudiation is frequently used for digital signatures and email messages. When a data hashing algorithm is combined with public/private keys, data origination authentication can be achieved. Public Key Infrastructure (PKI) ensures that an author cannot refute that they signed or encrypted a particular message once it has been sent, assuming the private key is secured.

  B:

  You can think of this as a digital fingerprint. You would take that fingerprint or create that hash when you first collect the data. And then you would verify that hash whenever you perform the analysis to make sure that nothing has changed in

  the meantime. - Prof Messer

  C:

  A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key of the claimed

  signatory.

  https://csrc.nist.gov/glossary/term/non_repudiation#:~:text=Non%2Drepudiation%20refers%20to%20the,deny%20having%20signed%20the%20data.

• Question 1220:

  After a phishing scam for a user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session

  Which of the following types of attacks has occurred?

  A. Privilege escalation

  B. Session replay

  C. Application programming interface

  D. Directory traversal

  Correct Answer: A

  Privilege escalation DOES NOT always mean you are escalating to elevated permissions. Privilege escalations can also be horiztonal movements. In this case, the red team compromises a user's account through the phising attack. The red team then deploys payload on the server through the comprised user account. The malware then initiates a new remote session, enabling the hackers to access the server directly. The comprised account is User A and the red team directly connected as a result of the malware can be thought of as User B. In this case, privilege escalation refers to user B being able to access user A resources.