CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 31:

  A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

  A. Enable HIDS on all servers and endpoints.

  B. Disable unnecessary services.

  C. Configure the deny list appropriately on the NGFW.

  D. Ensure the antivirus is up to date.

  Correct Answer: A

• Question 32:

  An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

  A. Privilege escalation

  B. Buffer overflow

  C. SQL injection

  D. Pass-the-hash

  Correct Answer: D

  Unlike other credential theft attacks, a pass the hash attack does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session.

• Question 33:

  Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

  A. Code repositories

  B. Dark web

  C. Threat feeds

  D. State actors

  E. Vulnerability databases

  Correct Answer: A

  Commonly, unintentional corporate credential leakage in cloud environments can occur through code repositories. Developers and teams often store code, configuration files, and other sensitive information in repositories like GitHub, Bitbucket, or GitLab. If these repositories are not properly secured or if sensitive data is inadvertently included in code commits, it can lead to credential exposure. Attackers might search public repositories for such information, potentially gaining unauthorized access to corporate resources.

  The other options (B. Dark web, C. Threat feeds, D. State actors, E. Vulnerability databases) are not typically sources of unintentional corporate credential leakage but rather relate to different aspects of cybersecurity, threat intelligence, and actors involved in cyberattacks.

• Question 34:

  An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?

  A. SSO

  B. CHAP

  C. 802.1x

  D. OpenID

  Correct Answer: D

  It's using sign-in credentials from OTHER popular websites. An example of this would be logging into CompTIA using a google/gmail account. OpenID uses SSO. However, SSO is more broad and I feel OpenID perfectly fits this scenario.

• Question 35:

  An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?

  A. NIC teaming

  B. Cloud backups

  C. A load balancer appliance

  D. UPS

  Correct Answer: D

  While NIC teaming, cloud backups, and load balancer appliances are all important for different aspects of an IT infrastructure, they do not directly address the need for continuous power availability, which is the primary concern in this scenario. UPS, in combination with backup generators and ISP services, helps ensure that the data center remains operational even during power-related issues.

• Question 36:

  A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

  A. CHAP

  B. PEAP

  C. MS-CHAPv2

  D. EAP-TLS

  Correct Answer: D

  EAP-TLS is a strong and secure authentication method that involves the use of digital certificates, typically stored on smart cards, for user authentication. It requires the user to present a valid certificate, which is verified by the authentication server, providing a high level of security.

• Question 37:

  A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

  A. SCEP

  B. OCSP

  C. CSR

  D. CRL

  Correct Answer: B

  OCSP (Online Certificate Status Protocol) is a protocol used to check the revocation status of a digital certificate. It allows a client to query a server (OCSP responder) about the current status of a certificate, which can inform the client whether the certificate has been revoked or is still valid.

  When a certificate authority (CA) invalidates or revokes a certificate, this information is updated in real-time on the OCSP responder. By using OCSP, the security administrator can determine whether any of the certificates installed on the company's machines have been revoked and need updating.

• Question 38:

  A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

  A. Engage the penetration-testing firm's rea-team services to fully mimic possible attackers.

  B. Give the penetration tester data diagrams of core banking applications in a known-environment test.

  C. Limit the scope of the penetration test to only the system that is used for teller workstations.

  D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

  Correct Answer: D

• Question 39:

  The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

  A. Ensure the scan engine is configured correctly.

  B. Apply a patch to the domain controller.

  C. Research the CVE.

  D. Document this as a false positive.

  Correct Answer: D

• Question 40:

  A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?

  A. An NGFW

  B. A CASB

  C. Application whitelisting

  D. An NG-SWG

  Correct Answer: B

  A Cloud Access Security Broker (CASB) would best meet the requirements stated in the scenario. CASBs can provide visibility into which cloud applications are being used across a company, restrict data that is uploaded to the cloud, and prevent unauthorized downloading of company applications for personal use. They act as a gatekeeper, allowing the organization to extend its security policies beyond its own infrastructure. CASBs provide features like visibility, data security, threat protection, and compliance, ensuring secure and only authorized use of cloud services by employees.