CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 11:

  A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

  A. NIST CSF

  B. SOC 2 Type 2 report

  C. CIS Top 20 compliance reports

  D. Vulnerability report

  Correct Answer: B

• Question 12:

  A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?

  A. Role-based

  B. Need-to-know

  C. Mandatory

  D. Discretionary

  Correct Answer: A

• Question 13:

  Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

  A. Order of volatility

  B. Preservation of event logs

  C. Chain of custody

  D. Compliance with legal hold

  Correct Answer: A

  The order of volatility is a concept in digital forensics and incident response that refers to the sequence in which different types of data should be preserved or collected during an investigation, based on their likelihood to change or be lost. The general principle is to start with the most volatile data first, as it is more prone to alteration or loss, and then proceed to less volatile data. The order of volatility typically follows a hierarchy from more volatile to less volatile data.

• Question 14:

  Which of the following are common VoIP-associated vulnerabilities? (Choose two).

  A. SPIM

  B. Vishing

  C. VLAN hopping

  D. Phishing

  E. DHCP snooping

  F. Tailgating

  Correct Answer: AB

  SPIM (Spam over Internet Messaging) poses a threat to VoIP systems by consuming bandwidth, diverting resources, and potentially causing denial of service attacks. The influx of SPIM messages can degrade the quality of VoIP calls, overload servers, and serve as a platform for social engineering attacks, jeopardizing the security of VoIP users. To mitigate these risks, organizations should implement spam filters, intrusion detection systems, and regular software updates while also educating users to recognize and avoid potential threats associated with SPIM.

• Question 15:

  The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

  A. Using least privilege

  B. Changing the default password

  C. Assigning individual user IDs

  D. Implementing multifactor authentication

  Correct Answer: D

  Implementing multifactor authentication (MFA) would have likely prevented unauthorized access to the VPN appliance using the local administrator account. MFA adds an additional layer of security by requiring users to provide multiple forms of verification before gaining access, making it significantly more difficult for unauthorized individuals to log in even if they have the correct username and password.

• Question 16:

  A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

  A. hping

  B. Wireshark

  C. PowerShell

  D. netstat

  Correct Answer: A

  Hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.

• Question 17:

  A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?

  A. Insider threat

  B. RAT

  C. Backdoor

  D. Skimming

  E. NFC attack

  Correct Answer: D

• Question 18:

  An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

  A. Job rotation

  B. Retention

  C. Outsourcing

  D. Separation of duties

  Correct Answer: A

• Question 19:

  Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

  A. Service accounts

  B. Account audits

  C. Password complexity

  D. Lockout policy

  Correct Answer: B

• Question 20:

  Which of the following would be best suited for constantly changing environments?

  A. RTOS

  B. Containers

  C. Embedded systems

  D. SCADA

  Correct Answer: B

  Containers are well-suited for constantly changing environments because they provide a consistent and isolated environment for applications to run, regardless of the underlying infrastructure. They are highly portable and can be quickly deployed, making them a flexible solution for dynamic environments where applications need to be scaled, updated, or moved frequently. Real-time operating systems (RTOS) are designed for predictable and deterministic tasks, while embedded systems and SCADA are more specialized and may not be as adaptable to rapidly changing conditions.