CompTIA SY0-601 Practice Test

An organization routes all of its traffic through a VPN Most users are remote and connect
into a corporate datacenter that houses confidential information There is a firewall at the
Internet border followed by a DIP appliance, the VPN server and the datacenter itself.
Which of the following is the WEAKEST design element?

A.

The DLP appliance should be integrated into a NGFW.

B.

Split-tunnel connections can negatively impact the DLP appliance's performance

C.

Encrypted VPN traffic will not be inspected when entering or leaving the network

D.

Adding two hops in the VPN tunnel may slow down remote connections

Which of the following disaster recovery tests is The LEAST time-consuming for the
disaster recovery team?

A.

Tabletop

B.

Parallel

C.

Full interruption

D.

Simulation

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

A.

AInvestigation

B.

Containment

C.

Recovery

D.

Lessons learned

An organization’s help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as
these websites were accessible the previous day. The security analysts run the following
command: ipconfig /flushdns, but the issue
persists. Finally, an analyst changes the DNS server for an impacted machine, and the
issue goes away. Which of the following attacks MOST likely occurred on the original DNS
server?

A.

DNS cache poisoning

B.

Domain hijacking

C.

Distributed denial-of-service

D.

DNS tunneling

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

A.

Bug bounty

B.

Black-box

C.

Gray-box

D.

White-box

E.

Red-leam

Which of the following is the purpose of a risk register?

A.

To define the level or risk using probability and likelihood

B.

To register the risk with the required regulatory agencies

C.

To identify the risk, the risk owner, and the risk measures

D.

To formally log the type of risk mitigation strategy the organization is using

An attacker is exploiting a vulnerability that does not have a patch available. Which of the
following is the attacker exploiting?

A.

Zero-day

B.

Default permissions

C.

Weak encryption

D.

Unsecure root accounts

Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee’s workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?

A.

A worm that has propagated itself across the intranet, which was initiated by
presentation media

B.

A fileless virus that is contained on a vCard that is attempting to execute an attack

C.

A Trojan that has passed through and executed malicious code on the hosts

D.

A USB flash drive that is trying to run malicious code but is being blocked by the host  firewall

A security analyst needs to perform periodic vulnerably scans on production systems.
Which of the following scan types would produce the BEST vulnerability scan report?

A.

Port

B.

Intrusive

C.

Host discovery

D.

Credentialed

A security analyst is Investigating a malware incident at a company. The malware Is
accessing a command-and-control website at www.comptia.com. All outbound Internet
traffic is logged to a syslog server and stored in /logfiles/messages.
Which of the following commands would be BEST for the analyst to use on the syslog
server to search for recent traffic to the command-and-control website?

A.

Option A

B.

Option B

C.

Option C

D.

Option D