CompTIA SY0-601 Quiz Flashcards
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the companyג€™s data?
Containerization
A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO’s objectives?
Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)
Perform a site survey
Create a heat map
A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employeeג€™s hard disk. Which of the following should the administrator use?
dd for disk duplicator
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?
The data processor is a General Data Protection regulation
(GDPR) role that uses and manipulates data on behalf of the data controller.
HTTPS uses port
443
DNS uses port
53
SNMP uses port
161
SSH uses port
22
You received an email from an online store stating that they are giving away iPhones at a 70% discount in
the clearance sale. The email also stated that everyone is rushing to buy these iPhones, and only a limited stock is available. The email contained a link that you had to click to register yourself.
Which type of social engineering principle is being used here?
Scarcity
You suspect that one of the systems on the network is infected with malware. Even after scanning the
system with updated antimalware, you are not able to locate anything. The system, however, continues to
show malware symptoms. Which type of malware can be present on this system?
Fileless
Which type of wireless attack requires a disassociation attack as a pre-requisite?
An evil twin is a WAP that has the same name as the legitimate WAP. The attacker
first dissociates the clients from the legitimate WAP using the disassociation attack. The clients then
connect to the evil twin.
You have joined an organization as a software development team leader. You want your team to adopt secure coding techniques. Which of the following should you use?
In this scenario, you should use the OWASP secure coding guidelines. The OWASP
guidelines should be integrated into the development
You are performing dynamic code analysis on a Web application. Which of the following tasks are you likely to be performing while the application is running?
Verifying the environmental configuration is part of the dynamic code analysis.
You want to extend your organization’s security policies to the cloud environment. Which of the following should you use?
CASB, Cloud Access Security Broker, extends the security policies of an organization to the cloud implementation. They are responsible for extending the security between the users and the cloud service providers.
You want to gather information about several emails from a domain. You also want to list the sub domains for the domain that you specify. Which tool should you use?
the Harvester
Cuckoo is an
an open-source sandbox for malware analysis
Nessus is a
a vulnerability management tool
Sniper is an
an information gathering and penetration testing platform
the Harvester is an
open-source tool specializing in gathering information, such as emails, employee information, sub-domains, and hostnames. It can use a variety of search engines, such as Google and Bing, and other platforms, such as LinkedIn
You want to refer to the knowledge base of adversary tactics and techniques and learn about their attack methods. Which of the following should you refer to in this scenario?
use MITRE ATT&CK, the knowledge base of adversary tactics and techniques collected from real-world scenarios. You can use this to learn about specific methods of an attacker.
A system is used as a tool in cybercrime. You need to ensure that you capture the digital evidence without fail. Keeping the Order of volatility in mind, which of the following should you focus on first to maintain the Order of volatility?
As per the Order of volatility, this is the first thing you need to capture. You need to get the information from the cache and registers.
You have several security policies to make part of the Information Security Management System (ISMS). Which of the following framework should you use?
you should opt for the ISO 27001 framework that helps you establish an ISMS. It provides guidelines as to how the policies should be written and applied. It helps the organizations put practices in place that help them safeguard the information.
You are suspecting a financial fraud that has taken place. You want to ensure that you can detect it.
Which of the following method should you use?
Mandatory vacations are enforced to detect any kind of illegitimate or wrong practices followed by the employees. You can audit the financial data after the required people are
sent on vacation.
You have been tasked to add a disclaimer to the email that is received from external domains. Which of the following methods should you use?
Prepending is the method of adding a disclaimer or information text to the emails received from external domains.
A vishing attack allows an attacker to
use a fake caller ID to conduct a phishing
attack. In this attack, the attacker attempts to get sensitive information from the call recipient.
Smishing is a
phishing attack that is conducted by sending an SMS with a malicious link.
Whaling is a
type of social engineering attack that targets high-profiled individuals in an organization.
Which of the following attack can an attacker conduct to circumvent an account lockout by trying the passwords?
Password spraying attack
You want to conduct a DNS poisoning attack. Which of the following tools should you use?
It can conduct various attacks, such as DNS poisoning and ARP poisoning. In the
DNS poisoning attack, the attacker changes the IP address in DNS records and redirects the users to its website. In this scenario, from the given choices, you need to use the Ettercap tool
You are the security administrator for your organization. You have to ensure that all systems are compliant with a specific baseline. During a security audit, which of the following should you prove that the systems are compliant against the baseline?
A benchmark is about comparing the system with a specific standard, which is the baseline. You need to use the benchmark to measure the compliance of these systems.
Instead of upgrading the existing Customer Relationship Management (CRM) application, the
management of your organization has decided to go with a cloud version CRM to save cost on
implementation and maintenance. Which type of cloud delivery model would you be using in this
scenario?
you would be using the SaaS cloud delivery model, which allows you to use a cloud-hosted application. This reduces cost because you don’t have to purchase the application and can work with subscriptions
IaaS is
Infrastructure As A Service, which allows you to set up an entire network or datacenter in the cloud. In this scenario, you have only to use an application.
PaaS is
Platform As A Service, which allows you to develop and maintain applications in the cloud. In this scenario, you have only to use an application.
XaaS is
Anything As A Service, which allows you to use anything in the cloud virtually. In this scenario, you have only to use an application.
You are reviewing the code for an application. You find a lot of code that is not being used. When you independently execute the code, it still runs without error. Which type of code is this?
Dead code
Code reuse is
using the existing code to build another application. This saves developmental costs and time.
The dead code exists in
an application’s code and can work as desired. However, due to requirement changes, the code is not removed and is left without any purpose
Stored procedures are
pre-compiled SQL queries that are executed on
databases.
Camouflage is
a piece of code that looks like real code in an application. It is used to prevent the attacker from getting the real code in reverse engineering.
Which of the following defines Crossover Error Rate (CER)?
FAR = FRR
Biometric security uses
False Acceptance Rate (FAR) for the proportion of times a system grants access to an
unauthorized person. FRM is a Type 2 error
False Rejection Rate (FRR) is the
proportion of times a biometric system fails to grant access to an authorized person. FRR is a Type 1 error
Crossover Error Rate (CER), also known as
Equal Error Rate (EER)
You have received a new server for testing purposes. Using two hard drives, you want to implement a RAID that will provide the highest write performance. You do not want any fault tolerance. Which of the following RAID should you configure?
With two hard drives, you should configure RAID 0, known as spanned volume
RAID 1 is known as
mirroring and provides fault tolerance using two hard drives. However, it does not provide excellent performance.
RAID 5 provides the best
Read and write performance and fault tolerance.
However, it required three hard drives.
RAID 10 or RAID 1+0 or RAID 0+1 requires
three hard drives and provides good
performance and speed.
CASB, Cloud Access Security Broker, extends
the security policies of an
organization to the cloud implementation. They are responsible for extending the security between the users and the cloud service providers.
You manage a Windows domain. What method can you use to protect the domain?
Rename the administrator and guest accounts
You want to implement two-factor authentication in which a user must be asked to enter a password and a one-time password received on the mobile device. Which of the following method should you implement?
HOTP
Static codes are
one-time use codes that are implemented with static cards.
Token keys are
hardware devices that are plugged into the USB port
HOTP
The HMAC-based one-time password is generated by an application or hardware
device and sent to the mobile phone. This type of password can be used only once
Using Nmap, you want to scan for the common 100 ports. Which parameter should you use to do this?
To perform the scan for the common 100 ports, you need to use the -F option for a
fast scan.
Using Nmap, you want to scan for all 65535 ports. Which parameter should you use to do this?
With the -p- option, Nmap will scan all 65535 ports.
Using Nmap, you want to scan for the operating system version. Which parameter should you use to do this?
With the -A option, Nmap will scan for the operating system version.
Technical detective security control is
e a technology control that detects an
attack. Honeypot and Intrusion Detection System (IDS) are examples of this.
You want to use an ISO standard that helps you set up risk management practices within your
organization. Which of the following ISO standard should you use?
To set up risk management practices within your organization, you need to use the ISO 31000 framework.
ISO 27001 framework helps you establish an ISMS, It provides
guidelines as to how the policies should be written and applied. It helps the organizations put practices in place that help them safeguard the information.
You want to ensure that none of the users within the organization has the privilege to misuse their powers in the accounts department. Which of the following system should you implement?
Separation of duties is implemented to prevent fraud. For example, for any monetary transactions, authorization is required from two people.
You are performing dynamic code analysis on a Web application. Which of the following tasks are you likely to be performing while the application is running?
Verifying the environmental configuration issues
An attacker is using the hashes to crack an authentication protocol. Which type of attack is occurring?
The pass the hash attack is occurring. In this attack, the attacker captures the password hashes. Instead of decrypting the hashes, the attacker uses the hashes to crack the authentication protocol.
You want to name all systems on the network based on their department names. Which of the following should you use for this purpose?
You should use the standard naming convention, which helps you set specific names based on the team, department, room, or location
One of the biggest challenges in code reuse is
The development time. Because you want the code to be reused later in other applications, you need to plan and develop it carefully.
You have configured NIC teaming in a critical server. Along with redundancy, which of the following does the NIC team provide?
The incoming traffic is distributed to both the network interface cards (NICs). Along with redundancy, NIC teaming provides load balancing
Which of the following would be a secure replacement of Telnet?
Telnet transmits the information in clear text and is rarely used. SSH is secure, replaces Telnet, and encrypts the channels information needs to travel.
SNMP is used for
monitoring network devices
Which of the following protocol should you use to secure voice and video?
SRTP stands for Secure Real-time Transport Protocol (SRTP). It is mainly used to
secure voice and video transmissions
IPSec is used with
VPNs to authenticate and encrypt data packets
You want to perform a code scan to find any malicious code hidden inside. Which of the following method should you use?
Static code analysis requires you to review the code and find errors and malicious code hidden inside it.
If you compromise a jump server, which of the following outcomes is likely to occur as an attacker?
A jump server is a server that authenticates the users before they can access a network. It is like a gatekeeper. After the users are authenticated, they can access the network with fewer restrictions. If the jump server is compromised, the attacker virtually has access to the entire
network.
You have configured a root and two subordinate certificate authorities. You want to ensure that the root server is highly secured. Which of the following recommended method should you use?
To ensure that a root certificate authority is highly secure, you should power off the root server and keep it offline. If the root server is compromised, the entire certificate authority environment is compromised.
Which of the following can reduce the impact of lateral movement in an attack?
When an attack occurs on a network, the attacker wants to perform the lateral
movement to search for sensitive information. This usually happens when you have a flat network. With the help of network segmentation, you can reduce the attack by preventing the attacker from moving laterally in the network.
You are about to initiate a penetration test. Instead of using the Harvester tool, you want to use an alternate to enumerate subdomains. Which of the following tool can serve as an alternate to the Harvester?
The sublist3r tool is an alternate to the Harvester tool. It can be used to enumerate subdomains.
For digital forensics, you want to make a copy of a disk. You want to ensure the disk is duplicated with everything. Which of the following command should you use?
You need to use the dd command to copy the disk. You can create an exact image of the disk without losing a single byte of data. When you create an image, you can verify the MD5 checksum of the disk and the image. They both should be the same.
The cp command is used
for copying a file and is not used for digital forensics
The logger command
is used to write to the log file
The Tcpdump command
is used for analyzing the network packets. It captures
the TCP/IP packets for analysis.
Which of the following provides Cloud Controls Matrix (CCM) to the cloud vendors and customers for assessing a cloud service provider?
CSA or Cloud Security Alliance (CSA) provides CCM to the cloud vendors and customers for assessing a cloud service provider.
NIST, or the National Institute of Standards and Technology, provides a
cybersecurity framework for government agencies and other entities.
Which of the following is a non-legal agreement between two parties to work together with defined responsibilities?
An MoU or Memorandum of Understanding is a non-legal agreement between two parties with defined responsibilities.
ISA or Interconnection Security Agreement is an agreement
between two entities or parties that use a shared infrastructure. It defines the levels of connectivity for the parties and the security risks in the interconnectivity.
SLA or Service Level Agreement is a contract
between the service provider and
the customer. It defines the service levels to be provided by the service providers.
Your organization has insured the complete data center by paying a huge amount. Which of the risk management strategies have they used?
In this scenario, the organization has used the risk transfer strategy. You are
transferring the risk to the insurance company.
