CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 61:

  Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?

  A. OWASP

  B. Obfuscation/camouflage

  C. Test environment

  D. Prevent of information exposure

  Correct Answer: D

  Preventing information exposure is a secure application development concept that aims to block verbose error messages from being shown in a user's interface. Verbose error messages are detailed messages that provide information about errors or exceptions that occur in an application. Verbose error messages may reveal sensitive information about the application's structure, configuration, logic, or data that could be exploited by attackers. Therefore, preventing information exposure involves implementing proper error handling mechanisms that display generic or user-friendly messages instead of verbose error messages.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration

• Question 62:

  An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox. Which of the following would be the best way for the security administrator to address this type of alert in the future?

  A. Utilize a SOAR playbook to remove the phishing message.

  B. Manually remove the phishing emails when alerts arrive.

  C. Delay all emails until the retroactive alerts are received.

  D. Ingest the alerts into a SIEM to correlate with delivered messages.

  Correct Answer: A

  One possible way to address this type of alert in the future is to use a SOAR (Security Orchestration, Automation, and Response) playbook to automatically remove the phishing message from the inbox3. A SOAR playbook is a set of predefined actions that can be triggered by certain events or conditions. This can help reduce the response time and human error in dealing with phishing alerts.

• Question 63:

  A security administrator needs to block a TCP connection using the corporate firewall, Because this connection is potentially a threat. the administrator not want to back an RST.

  Which of the following actions in rule would work best?

  A. Drop

  B. Reject

  C. Log alert

  D. Permit

  Correct Answer: A

  the difference between drop and reject in firewall is that the drop target sends nothing to the source, while the reject target sends a reject response to the source. This can affect how the source handles the connection attempt and how fast the port scanning is. In this context, a human might say that the best action to block a TCP connection using the corporate firewall is A. Drop, because it does not send back an RST packet and it may slow down the port scanning and protect against DoS attacks.

• Question 64:

  Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

  A. Vulnerability scanner

  B. Open-source intelligence

  C. Packet capture

  D. Threat feeds

  Correct Answer: D

  Threat feeds, also known as threat intelligence feeds, are a source of information about current and emerging threats, vulnerabilities, and malicious activities targeting organizations. Security analysts use threat feeds to gather information about attacks and threats targeting their industry or sector. These feeds are typically provided by security companies, research organizations, or industry-specific groups. By using threat feeds, analysts can identify trends, patterns, and potential threats that may target their own organization, allowing them to take proactive steps to protect their systems.

  References:

  1.

  CompTIA Security+ Certification Exam Objectives (SY0-601): https://www.comptia.jp/pdf/Security%2B%20SY0-601%20Exam%20Objectives.pdf

  2.

  SANS Institute: Threat Intelligence: What It Is, and How to Use It Effectively: https://www.sans.org-room/whitepapers/analyst/threat-intelligence-is-effectively-36367

• Question 65:

  A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

  A. Proxy server

  B. NGFW

  C. WAF

  D. Jump server

  Correct Answer: D

  A jump server, also known as a jump host or jump box. The most common example is managing a host in a DMZ from trusted networks or computers. A jump server acts as a buffer for a network of multiple devices and keeps outside traffic from sensitive information. Its primary function is to prevent a malicious hacker from accessing your data and make your network less prone to self-propagating spyware. Jump servers are installed in such a way that they are placed between a secure zone and a DMZ to provide transparent management on devices on the DMZ. Jump servers are often used in organizations with private networks to enable secure access to assets and user workstations.

• Question 66:

  During an engagement, penetration testers left USB keys that contained specially crafted malware in the company's parking lot. A couple days later, the malware contacted the command-and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report?

  A. Conduct an awareness campaign on the usage of removable media.

  B. Issue a user guidance program focused on vishing campaigns.

  C. Implement more complex password management practices.

  D. Establish a procedure on identifying and reporting suspicious messages.

  Correct Answer: A

• Question 67:

  Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

  A. Disaster recovery plan

  B. Incident response procedure

  C. Business continuity plan

  D. Change management procedure

  Correct Answer: D

  Change management procedure," is the correct answer when it comes to adhering to best practices for setting up a new set of firewall rules. creating a change procedure for the firewall configuration is one of the best practices for firewall rule configuration managing firewall rulesets and policies by a formal change management control process is also recommended. A change management procedure ensures that any changes made to the firewall configuration are done in a controlled and documented manner, reducing the risk of errors and unauthorized changes.

• Question 68:

  The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

  A. SSO would simplify username and password management, making it easier for hackers to guess accounts.

  B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

  C. SSO would reduce the password complexity for frontline staff.

  D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

  Correct Answer: D

• Question 69:

  Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

  A. Privacy

  B. Availability

  C. Integrity

  D. Confidentiality

  Correct Answer: C

• Question 70:

  Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

  A. Phone call

  B. Instant message

  C. Email

  D. Text message

  Correct Answer: C

  Email is a commonly used vector for phishing attacks and impersonation because it allows attackers to craft convincing messages that may appear to come from a legitimate company or source. Malicious actors can use various tactics, such as spoofed email addresses, convincing logos, and language that mimics official communications, to deceive recipients into believing that the email is legitimate. This can make email-based impersonation highly effective, and it's why email phishing is a prevalent method for cyberattacks.