CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 81:

  An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

  A. Intrusion prevention system

  B. Proxy server

  C. Jump server

  D. Security zones

  Correct Answer: A

  To address the issue of suspicious attempts to access company resources that were not detected, the best solution to implement on the company's network would be an Intrusion Prevention System (IPS).

  An Intrusion Prevention System (IPS) is a security device or software application that monitors network traffic for malicious activity and can automatically take action to block or prevent potential threats. It goes beyond intrusion detection by actively analyzing network traffic in real-time and can actively respond to identified threats.

  With an IPS in place, the system can detect and block suspicious activities, such as unauthorized attempts to access company resources, before they can cause harm. It provides an additional layer of security to the network and can help to mitigate various cyber threats.

• Question 82:

  Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day to-day work activities?

  A. Encrypted

  B. Intellectual property

  C. Critical

  D. Data in transit

  Correct Answer: B

  Intellectual property refers to creations of the mind, such as inventions, literary and artistic works, designs, symbols, names, and images used in commerce. In an RandD context, this could encompass everything from new product designs to innovative software algorithms. Protecting intellectual property is vital to maintain a company's competitive advantage and to prevent unauthorized use or copying.

• Question 83:

  An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?

  A. Heat map

  B. Input validation

  C. Site survey

  D. Embedded systems

  Correct Answer: C

  To find the areas with a poor or non-existent wireless signal, the administrator should conduct a wireless site survey. A wireless site survey is a process of planning and designing a wireless network by surveying the physical location to understand the RF (radio frequency) characteristics and signal propagation in the area.

  During a site survey, the administrator uses specialized tools and equipment to measure the wireless signal strength at various locations within the building. The data collected is then used to create a heat map, which visually represents the signal coverage and strength across the surveyed area. This heat map helps identify areas with poor or weak signal strength and allows the administrator to make informed decisions about the placement of wireless access points or other necessary adjustments to improve wireless coverage and performance.

• Question 84:

  A security analyst reviews web server logs and finds the following string gallerys?file--. ./../../../../. . / . ./etc/passwd

  Which of the following attacks was performed against the web server?

  A. Directory traversal

  B. CSRF

  C. Pass the hash

  D. SQL injection

  Correct Answer: A

  Directory traversal is an attack that exploits a vulnerability in a web application or a file system to access files or directories that are outside the intended scope. The attacker can use special characters, such as .../ or ...\ , to navigate through

  the directory structure and access restricted files or directories.

• Question 85:

  A security practitioner is performing due diligence on a vendor that is being considered for cloud services. Which of the following should the practitioner consult for the best insight into the current security posture of the vendor?

  A. PCI DSS standards

  B. SLA contract

  C. CSF framework

  D. SOC 2 report

  Correct Answer: D

  A SOC 2 report is a document that provides an independent assessment of a service organization's controls related to the Trust Services Criteria of Security, Availability, Processing Integrity, Confidentiality, or Privacy. A SOC 2 report can help a security practitioner evaluate the current security posture of a vendor that provides cloud services1.

• Question 86:

  A company has hired an assessment team to test the security of the corporate network and employee vigilance. Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors. Which of the following is taking place?

  A. A red-team test

  B. A white-team test

  C. A purple-team test

  D. A blue-team test

  Correct Answer: A

  A red-team test is a type of security assessment that simulates a real-world attack on an organization's network, systems, applications, and people. The goal of a red- team test is to evaluate the organization's security posture, identify vulnerabilities and gaps, and test the effectiveness of its detection and response capabilities. A red-team test is usually performed by a group of highly skilled security professionals who act as adversaries and use various tools and techniques to breach the organization's defenses. A red-team test is often conducted without the knowledge or consent of most of the organization's staff, except for a few senior executives who authorize and oversee the exercise.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://cybersecurity.att.com/blogs/security-essentials/what-is-red-teaming

• Question 87:

  A junior human resources administrator was gathering data about employees to submit to a new company awards program The employee data included job title business phone number location first initial with last name and race. Which of the following best describes this type of information?

  A. Sensitive

  B. Non-Pll

  C. Private

  D. Confidential

  Correct Answer: B

  Non-PII stands for non-personally identifiable information, which is any data that does not directly identify a specific individual. Non-PII can include information such as job title, business phone number, location, first initial with last name, and race. Non-PII can be used for various purposes, such as statistical analysis, marketing, or research. However, non-PII may still pose some privacy risks if it is combined or linked with other data that can reveal an individual's identity.

  References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.investopedia.com/terms/n/non-personally-identifiable-information- npii.asp

• Question 88:

  An attacker is targeting a company. The attacker notices that the company's employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees' devices will also become infected. Which of the following techniques is the attacker using?

  A. Watering-hole attack

  B. Pretexting

  C. Typosquatting

  D. Impersonation

  Correct Answer: A

  a watering hole attack is a form of cyberattack that targets a specific group of users by infecting websites that they commonly visit123. The attacker seeks to compromise the user's computer and gain access to the network at the user's workplace or personal data123. The attacker observes the websites often visited by the victim or the group and infects those sites with malware14 . The attacker may also lure the user to a malicious site

  4. A watering hole attack is difficult to diagnose and poses a significant threat to websites and users2 .

• Question 89:

  A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

  A. Data owner

  B. Data processor

  C. Data steward

  D. Data collector

  Correct Answer: D

  A data collector is a person or entity that collects personal data from individuals for a specific purpose. A data collector may or may not be the same as the data controller or the data processor, depending on who determines the purpose and means of processing the data and who actually processes the data.

• Question 90:

  Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

  A. NAC

  B. DLP

  C. IDS

  D. MFA

  Correct Answer: A

  NAC stands for network access control, which is a security solution that enforces policies and controls on devices that attempt to access a network. NAC can help prevent unauthorized devices from accessing the internal network by verifying their identity, compliance, and security posture before granting them access. NAC can also monitor and restrict the activities of authorized devices based on predefined rules and roles.

  References: https://www.comptia.org/ certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.cisco.com/c/en/us/products/security/what-is-network-access-control-nac.html