CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 151:

  A security team discovered a large number of company-issued devices with non-work- related software installed. Which of the following policies would most likely contain language that would prohibit this activity?

  A. NDA

  B. BPA

  C. AUP D. SLA

  Correct Answer: C

  AUP stands for acceptable use policy, which is a document that defines the rules and guidelines for using an organization's network, systems, devices, and resources. An AUP typically covers topics such as authorized and unauthorized activities, security requirements, data protection, user responsibilities, and consequences for violations. An AUP can help prevent non-work-related software installation on company-issued devices by clearly stating what types of software are allowed or prohibited, and what actions will be taken if users do not comply with the policy. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.techopedia.com/definition/2471/acceptable-use-policy-aup

• Question 152:

  A security analyst receives an alert that indicates a user's device is displaying anomalous behavior The analyst suspects the device might be compromised. Which of the following should the analyst to first?

  A. Reboot the device

  B. Set the host-based firewall to deny an incoming connection

  C. Update the antivirus definitions on the device

  D. Isolate the device

  Correct Answer: D

  Isolating the device is the first thing that a security analyst should do if they suspect that a user's device might be compromised. Isolating the device means disconnecting it from the network or placing it in a separate network segment to prevent further communication with potential attackers or malicious hosts. Isolating the device can help contain the incident, limit the damage or data loss, preserve the evidence, and facilitate the investigation and remediation.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://resources.infosecinstitute.com/topic/incident-response-process/

• Question 153:

  Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?

  A. Stored procedures

  B. Code reuse

  C. Version control

  D. Continunus

  Correct Answer: C

  Version control is a solution that can help a development team to analyze the deletion or editing of data sets without affecting the original copy. Version control is a system that records changes to a file or set of files over time so that specific versions can be recalled later. Version control can help developers track and manage changes to code, data, or documents, as well as collaborate with other developers and resolve conflicts.

  References: https://www.comptia.org/ certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.atlassian.com/git/tutorials/what-is-version-control

• Question 154:

  Which of the following measures the average time that equipment will operate before it breaks?

  A. SLE

  B. MTBF

  C. RTO

  D. ARO

  Correct Answer: B

• Question 155:

  A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.

  Which of the following additional controls should be put in place first?

  A. GPS tagging

  B. Remote wipe

  C. Screen lock timer

  D. SEAndroid

  Correct Answer: B

• Question 156:

  An employee's laptop was stolen last month. This morning, the was returned by the A cyberrsecurity analyst retrieved laptop and has since cybersecurity incident checklist Four incident handlers are responsible for executing the checklist. Which of the following best describes the process for evidence collection assurance?

  A. Time stamp

  B. Chain of custody

  C. Admissibility

  D. Legal hold

  Correct Answer: B

  Chain of custody is a process that documents the chronological and logical sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Chain of custody is important to ensure the integrity and admissibility of evidence in legal proceedings. Chain of custody can help evidence collection assurance by providing proof that the evidence has been handled properly and has not been tampered with or contaminated.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.thoughtco.com/chain-of-custody-4589132

• Question 157:

  Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following Plans would fulfill this requirement?

  A. Communication plan

  B. Disaster recovery plan

  C. Business continuity plan

  D. Risk plan

  Correct Answer: A

  A communication plan is a plan that would fulfill the requirement of keeping stakeholders at an organization aware of any incidents and receiving updates on status changes as they occur. A communication plan is a document that outlines the communication objectives, strategies, methods, channels, frequency, and audience for an incident response process. A communication plan can help an organization communicate effectively and efficiently with internal and external stakeholders during an incident and keep them informed of the incident's impact, progress, resolution, and recovery.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/ comptia-security-sy0-601-exam-objectives https://www.ready.gov/business-continuity-plan

• Question 158:

  A security analyst is reviewing the following logs:

  

  Which of the following attacks is most likely occurring?

  A. Password spraying

  B. Account forgery

  C. Pass-the-hash

  D. Brute-force

  Correct Answer: A

• Question 159:

  A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?

  A. Reconnaissance

  B. Impersonation

  C. Typosquatting

  D. Watering-hole

  Correct Answer: C

  Typosquatting is a type of cyberattack that involves registering domains with deliberately misspelled names of well-known websites. The attackers do this to lure unsuspecting visitors to alternative websites, typically for malicious purposes. Visitors may end up at these alternative websites by inadvertently mistyping the name of popular websites into their web browser or by being lured by a phishing scam. The attackers may emulate the look and feel of the legitimate websites and trick users into entering sensitive information or downloading malware. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.kaspersky.com/resource-center/definitions/what-is-typosquatting

• Question 160:

  A new security engineer has started hardening systems. One o( the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability lo use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?

  A. TFTP was disabled on the local hosts.

  B. SSH was turned off instead of modifying the configuration file.

  C. Remote login was disabled in the networkd.conf instead of using the sshd. conf.

  D. Network services are no longer running on the NAS

  Correct Answer: B

  SSH is used to securely transfer files to the remote server and is required for SCP to work. Disabling SSH will prevent users from being able to use SCP to transfer files to the server. To enable SSH, the security engineer should modify the SSH configuration file (sshd.conf) and make sure that SSH is enabled. For more information on hardening systems and the security techniques that can be used, refer to the CompTIA Security+ SY0-601 Official Text Book and Resources.