CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 131:

  Which of the following vulnerabilities is the attacker trying to exploit?

  A. SSRF

  B. CSRF

  C. xss

  D. SQLi

  Correct Answer: D

  SQLi stands for SQL injection, which is a type of web security vulnerability that allows an attacker to execute malicious SQL statements on a database server. SQLi can result in data theft, data corruption, denial of service, or remote code execution. The attacker in the web server log is trying to exploit a SQLi vulnerability by sending a malicious GET request that contains a UNION ALL SELECT statement. This statement is used to combine the results of two or more SELECT queries into a single result set. The attacker is attempting to retrieve user login, user pass, and user email from the wp users table, which is a WordPress database table that stores user information. The attacker may use this information to compromise the WordPress site or the users' accounts.

• Question 132:

  A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

  A. Log enrichment

  B. Log queue

  C. Log parser

  D. Log collector

  Correct Answer: D

  A log collector can collect logs from various sources, such as servers, devices, applications, or network components, and forward them to a central source for analysis and storage23.

• Question 133:

  Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?

  A. Public cloud

  B. Hybrid cloud

  C. Community cloud

  D. Private cloud

  Correct Answer: A

  There are three main models for cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)12. Each model represents a different part of the cloud computing stack and provides

  different levels of control, flexibility, and management.

  According to one source1, a public cloud is a type of cloud deployment where the cloud resources (such as servers and storage) are owned and operated by a third-party cloud service provider and delivered over the Internet. A public cloud

  can be shared with multiple organizations or users who pay for the service on a subscription or pay-as-you-go basis.

• Question 134:

  After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred. Which Of the following describes the incident?

  A. Supply chain attack

  B. Ransomware attack

  C. Cryptographic attack

  D. Password attack

  Correct Answer: A

  A supply chain attack is a type of attack that involves compromising a trusted third-party provider or vendor and using their products or services to deliver malware or gain access to the target organization. The attacker can exploit the trust and dependency that the organization has on the provider or vendor and bypass their security controls. In this case, the attacker may have tampered with the patch for the security appliance and used it to exfiltrate data from the organization.

• Question 135:

  Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?

  A. Shadow IT

  B. Hacktivist

  C. Insider threat

  D. script kiddie

  Correct Answer: A

  shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge or approval of the IT or security group within the organization12. Shadow IT can encompass cloud services, software, and hardware. The main area of concern today is the rapid adoption of cloud-based services1. According to one source3, shadow IT helps you know and identify which apps are being used and what your risk level is. 80% of employees use non-sanctioned apps that no one has reviewed, and may not be compliant with your security and compliance policies.

• Question 136:

  A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

  A. MDM

  B. RFID

  C. DLR

  D. SIEM

  Correct Answer: A

  MDM stands for Mobile Device Management, which is a solution that can be used to manage and secure personal devices that access company data. MDM can enforce policies and rules, such as password protection, encryption, remote wipe, device lock, application control, and more. MDM can help a company enable BYOD (Bring Your Own Device) while protecting sensitive organizational information.

• Question 137:

  A company recently upgraded its authentication infrastructure and now has more computing power. Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?

  A. Blockchain

  B. Salting

  C. Quantum

  D. Digital signature

  Correct Answer: B

  Salting is a technique that adds random data to user credentials before hashing them. This makes the hashed credentials more secure and resistant to brute-force attacks or rainbow table attacks. Salting also ensures that two users with the

  same password will have different hashed credentials.

  A company that has more computing power can consider using salting to ensure user credentials are being transmitted and stored more securely. Salting can increase the complexity and entropy of the hashed credentials, making them

  harder to crack or reverse.

• Question 138:

  A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is most likely preventing the IT manager at the hospital from upgrading the specialized OS?

  A. The time needed for the MRI vendor to upgrade the system would negatively impact patients.

  B. The MRI vendor does not support newer versions of the OS.

  C. Changing the OS breaches a support SLA with the MRI vendor.

  D. The IT team does not have the budget required to upgrade the MRI scanner.

  Correct Answer: B

  This option is the most likely reason for preventing the IT manager at the hospital from upgrading the specialized OS. The MRI scanner is a complex and sensitive device that requires a specific OS to control and operate it. The MRI vendor may not have developed or tested newer versions of the OS for compatibility and functionality with the scanner. Upgrading the OS without the vendor's support may cause the scanner to malfunction or stop working altogether.

• Question 139:

  A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

  A. Continuous deployment

  B. Continuous integration

  C. Data owners

  D. Data processor

  Correct Answer: D

• Question 140:

  Which of the following social engineering attacks best describes an email that is primarily intended to mislead recipients into forwarding the email to others?

  A. Hoaxing

  B. Pharming

  C. Watering-hole

  D. Phishing

  Correct Answer: A

  Hoaxing is a type of social engineering attack that involves sending false or misleading information via email or other means to trick recipients into believing something that is not true. Hoaxing emails often contain a request or an incentive for the recipients to forward the email to others, such as a warning of a virus, a promise of a reward, or a petition for a cause. The goal of hoaxing is to spread misinformation, cause panic, waste resources, or damage reputations. A hoaxing email is primarily intended to mislead recipients into forwarding the email to others, which can increase the reach and impact of the hoax.