CompTIA SY0-601 Free Practice Questions

NEW QUESTION 1
A company’s bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company’s forensics team to assist in the cyber-incident investigation.
An incident responder learns the following information:
The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs.
All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network.
Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected.
Which of the following is the MOST likely root cause?

• A. HTTPS sessions are being downgraded to insecure cipher suites
• B. The SSL inspection proxy is feeding events to a compromised SIEM
• C. The payment providers are insecurely processing credit card charges
• D. The adversary has not yet established a presence on the guest WiFi network

Answer: C

NEW QUESTION 2
A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server?

• A. Randomize the shared credentials
• B. Use only guest accounts to connect.
• C. Use SSH keys and remove generic passwords
• D. Remove all user accounts.

Answer: C

NEW QUESTION 3
A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

• A. Man-in- the middle
• B. Spear-phishing
• C. Evil twin
• D. DNS poising

Answer: D

NEW QUESTION 4
A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

• A. Unsecme protocols
• B. Default settings
• C. Open permissions
• D. Weak encryption

Answer: D

NEW QUESTION 5
A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites. INSTRUCTIONS
Click on each firewall to do the following:
Deny cleartext web traffic.
Ensure secure management protocols are used.
Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

• A.

Answer: A

Explanation:
See explanation below.
Explanation
Firewall 1:


DNS Rule – ANY --> ANY --> DNS --> PERMIT
HTTPS Outbound – 10.0.0.1/24 --> ANY --> HTTPS --> PERMIT Management – ANY --> ANY --> SSH --> PERMIT
HTTPS Inbound – ANY --> ANY --> HTTPS --> PERMIT HTTP Inbound – ANY --> ANY --> HTTP --> DENY
Firewall 2:


Firewall 3:


DNS Rule – ANY --> ANY --> DNS --> PERMIT
HTTPS Outbound – 192.168.0.1/24 --> ANY --> HTTPS --> PERMIT Management – ANY --> ANY --> SSH --> PERMIT
HTTPS Inbound – ANY --> ANY --> HTTPS --> PERMIT HTTP Inbound – ANY --> ANY --> HTTP --> DENY

NEW QUESTION 6
Which of the following refers to applications and systems that are used within an organization without consent or approval?

• A. Shadow IT
• B. OSINT
• C. Dark web
• D. Insider threats

Answer: A

NEW QUESTION 7
A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:
* Protection from power outages
* Always-available connectivity In case of an outage
The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

• A. Lease a point-to-point circuit to provide dedicated access.
• B. Connect the business router to its own dedicated UPS.
• C. Purchase services from a cloud provider for high availability
• D. Replace the business's wired network with a wireless network.

Answer: C

NEW QUESTION 8
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

• A. OAuth
• B. SSO
• C. SAML
• D. PAP

Answer: C

NEW QUESTION 9
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

• A. Predictability
• B. Key stretching
• C. Salting
• D. Hashing

Answer: C

NEW QUESTION 10
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

• A. An air gap
• B. A Faraday cage
• C. A shielded cable
• D. A demilitarized zone

Answer: A

NEW QUESTION 11
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better.

• A. validate the vulnerability exists in the organization's network through penetration testing
• B. research the appropriate mitigation techniques in a vulnerability database
• C. find the software patches that are required to mitigate a vulnerability
• D. prioritize remediation of vulnerabilities based on the possible impact.

Answer: D

NEW QUESTION 12
A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

• A. Upgrade the bandwidth available into the datacenter
• B. Implement a hot-site failover location
• C. Switch to a complete SaaS offering to customers
• D. Implement a challenge response test on all end-user queries

Answer: B

NEW QUESTION 13
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

• A. SDP
• B. AAA
• C. IaaS
• D. MSSP
• E. Microservices

Answer: D

NEW QUESTION 14
Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

• A. SaaS
• B. PaaS
• C. IaaS
• D. DaaS

Answer: C

NEW QUESTION 15
A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

• A. Trusted Platform Module
• B. A host-based firewall
• C. A DLP solution
• D. Full disk encryption
• E. A VPN
• F. Antivirus software

Answer: AB

NEW QUESTION 16
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

• A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
• B. The document is a backup file if the system needs to be recovered.
• C. The document is a standard file that the OS needs to verify the login credentials.
• D. The document is a keylogger that stores all keystrokes should the account be compromised.

Answer: A

NEW QUESTION 17
An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?

• A. NGFW
• B. Pagefile
• C. NetFlow
• D. RAM

Answer: C

NEW QUESTION 18
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?

• A. SIEM
• B. CASB
• C. UTM
• D. DLP

Answer: D

NEW QUESTION 19
A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

• A. Security information and event management
• B. A web application firewall
• C. A vulnerability scanner
• D. A next-generation firewall

Answer: A

NEW QUESTION 20
An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication?

• A. Quarantining the compromised accounts and computers, only providing them with network access
• B. Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.
• C. Isolating the compromised accounts and computers, cutting off all network and internet access.
• D. Logging off and deleting the compromised accounts and computers to eliminate attacker access.

Answer: B

NEW QUESTION 21
In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

• A. Identification
• B. Preparation
• C. Eradiction
• D. Recovery
• E. Containment

Answer: E

NEW QUESTION 22
Which of the following is the purpose of a risk register?

• A. To define the level or risk using probability and likelihood
• B. To register the risk with the required regulatory agencies
• C. To identify the risk, the risk owner, and the risk measures
• D. To formally log the type of risk mitigation strategy the organization is using

Answer: C

NEW QUESTION 23
A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the following controls will the analyst MOST likely recommend?

• A. MAC
• B. ACL
• C. BPDU
• D. ARP

Answer: A

NEW QUESTION 24
......