CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 51:

  Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?

  A. AUP

  B. NGFW

  C. DLP

  D. EDR

  Correct Answer: D

• Question 52:

  While investigating a recent security breach, an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

  A. Secure cookies

  B. Input sanitization

  C. Code signing

  D. Blocklist

  Correct Answer: B

• Question 53:

  Which of the following best describes the risk that is present once mitigations are applied?

  A. Control risk

  B. Residual risk

  C. Inherent risk

  D. Risk awareness

  Correct Answer: B

  The residual risk is the amount of risk or danger associated with an action or event remaining after natural or inherent risks have been reduced by risk controls.

• Question 54:

  A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?

  A. Trusted Platform Module

  B. IaaS

  C. HSMaaS

  D. PaaS

  Correct Answer: C

  HSMaaS (Hardware Security Module as a Service): HSMaaS is a cloud service that offers dedicated cryptographic processing and key management. It's designed to protect sensitive data and allows for centralized management and storage of encryption keys. By using HSMaaS, organizations can achieve the required key management across multicloud environments while maintaining centralized control.

• Question 55:

  While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

  A. Documenting the new policy in a change request and submitting the request to change management

  B. Testing the policy in a non-production environment before enabling the policy in the production network

  C. Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy

  D. Including an "allow any" policy above the "deny any" policy

  Correct Answer: A

  The analyst would need to have an entire second testing environment that emulates the ENTIRE infrastructure to be able to test that rule. The most logical and what is stated in all manuals is that before making a change, it should be documented and submitted for approval. In this process, the technical analysis of why the change is made is established, and it is also noted WHEN the testing of the rule will be conducted. A testing window is determined to implement the change in a way that does not affect operations or the availability of services.

• Question 56:

  A security analyst is reviewing an IDS alert and sees the following:

  C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe byPass -nonI -wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\\*.lnk > %USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents \iijlqe.psi;exit Which of the following triggered the IDS alert?

  A. Bluesnarfing attack

  B. URL redirection attack

  C. Fileless malware execution

  D. Macro-based denial of service

  Correct Answer: C

• Question 57:

  Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?

  A. Client

  B. Third-party vendor

  C. Cloud provider

  D. OBA

  Correct Answer: A

  Cloud provider is responsible for securing its infrastructure and any managed elements of the environment. Cloud customer (client) is responsible for securing its workloads, applications, and data.

• Question 58:

  A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the most likely cause of the issue?

  A. The vendor firmware lacks support.

  B. Zero-day vulnerabilities are being discovered.

  C. Third-party applications are not being patched.

  D. Code development is being outsourced.

  Correct Answer: C

  Third-party applications are applications that are developed and provided by external vendors or sources, rather than by the organization itself. Third-party applications may introduce security risks if they are not properly vetted, configured, or updated. One of the most likely causes of vulnerability scanners flagging several hosts after the completion of the patch process is that third-party applications are not being patched. Patching is the process of applying updates or fixes to software to address bugs, vulnerabilities, or performance issues. Patching third-party applications is essential for maintaining their security and functionality, as well as preventing attackers from exploiting known flaws.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.csoonline.com/article/2124681/why-third-party-security-is-your-security.html

• Question 59:

  A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

  A. Dump file

  B. System log

  C. Web application log

  D. Security too

  Correct Answer: B

• Question 60:

  An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation.

  Which of the following method did attacker to insert the contacts without having 'Physical access to device?

  A. Jamming

  B. BluJacking

  C. Disassoaatm

  D. Evil twin

  Correct Answer: B

  bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers. Bluejacking does not involve device hijacking, despite what the name implies. In this context, a human might say that the best answer to the question is B. BluJacking, because it is a method that can insert contacts without having physical access to the device.