Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
COMPTIA SECURITY SY0-601 EXAM REVIEW Questions with 100% Correct Answers Latest Updates 2024 GRADED A+.
Typology: Exams
1 / 15
What is due diligence? Answer: a legal term meaning that responsible persons have not been negligent in discharging their duties. QUESTION What is the Sarbanes-Oxley Act (SOX)? Answer: mandates the implementation of risk assessments, internal controls, and audit procedures. QUESTION What is the Computer Security Act (1987)? Answer: requires federal agencies to develop security policies for computer systems that process confidential information QUESTION What is the Federal Information Security Management Act (FISMA)? Answer: introduced to govern the security of data processed by federal government agencies. QUESTION What is the General Data Protection Regulation (GDPR)? Answer: means that personal data cannot be collected, processed, or retained without the individual's informed consent. QUESTION What is informed consent?
Answer: means that the data must be collected and processed only for the stated purpose, and that purpose must be clearly described to the user in plain language, not legalese. QUESTION What is the Center for Internet Security (CIS)? Answer: a not-for-profit organization (founded partly by The SANS Institute). It publishes the well- known "The 20 CIS Controls." QUESTION What is port 20-21? Answer: File Transfer Protocol (FTP) QUESTION What is port 22? Answer: Secure Shell (SSH), Secure Copy Protocol (SCP), Secure File Transfer Protocol (SFTP) QUESTION What is port 23? Telnet QUESTION What is port 25? Simple Mail Transfer Protocol;l (SMTP) QUESTION What is port 49?
TACACS (Terminal Access Controller Access Control System QUESTION What is port 53? Domain Name System (DNS) QUESTION What is port 67/68? Dynamic Host Configuration Protocol (DHCP) QUESTION What is port 69? Answer: Trivial File Transfer Protocol (TFTP) QUESTION What is port 80? Answer: Hypertext Transfer Protocol (HTTP) QUESTION What is port 88? Answer: Kerberos QUESTION What is port 443? Answer:
Hypertext Transfer Protocol Secure (HTTPS) and Secure Socket Layer Virtual Private Network (SSL VPN) QUESTION What is port 110? Answer: Post Office Protocol; Version 3 (POP3) QUESTION What is port 119? Network News Transfer Protocol (NNTP) QUESTION What is port 143? Internet Message Access Protocol Version 4 (IMAP4) QUESTION What is port 161? Simple Network Management Protocol (SNMP) QUESTION What is port 162? Simple Network Management Protocol Trap (SNMP Trap) QUESTION What is port 389? Lightweight Directory Access Protocol (LDAP) QUESTION What is port 500?
What is port 514? Syslog QUESTION What is port 1701? Layer 2 Tunneling Protocol (L2TP) QUESTION What is port 1723? Point-to-Point Protocol (PPTP) QUESTION What is port 3389? Remote Desktop Protocol (RDP) QUESTION Vulnerability Answer: a weakness that could be triggered accidentally or exploited intentionally to cause a security breach. QUESTION Threat Answer: the potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or thing that poses the threat is called athreat actor or threat agent.
The path or tool used by a malicious threat actor can be referred to as the attack vector. QUESTION Risk Answer: the likelihood and impact (or consequence) of a threat actor exploiting a vulnerability. QUESTION Topology Discovery (Footprinting) Answer: scanning for hosts, IP ranges, and routes between networks to map out the structure of the target network QUESTION ipconfig Answer: show the configuration assigned to network interface(s) in Windows, including the hardware or media access control (MAC) address, IPv4 and IPv6 addresses, default gateway, and whether the address is static or assigned by DHCP. If the address is DHCP-assigned, the output also shows the address of the DHCP server that provided the lease. QUESTION ifconfig Answer: show the configuration assigned to network interface(s) in Linux. QUESTION ping Answer: probe a host on a particular IP address or host name using Internet Control Message Protocol (ICMP). You can use ping with a simple script to perform a sweep of all the IP addresses in a subnet. QUESTION arp
Answer: display the local machine's Address Resolution Protocol (ARP) cache. The ARP cache shows the MAC address of the interface associated with each IP address the local host has communicated with recently. This can be useful if you are investigating a suspected spoofing attack. For example, a sign of a man-in-the- middle attack is where the MAC address of the default gateway IP listed in the cache is not the legitimate router's MAC address. QUESTION route Answer: view and configure the host's local routing table. Most end systems use a default route to forward all traffic for remote networks via a gateway router. If the host is not a router, additional entries in the routing table could be suspicious. QUESTION tracert Answer: uses ICMP probes to report the round trip time (RTT) for hops between the local host and a host on a remote network. tracert is the Windows version of the tool. QUESTION traceroute Answer: performs route discovery from a Linux host. traceroute uses UDP probes rather than ICMP, by default. QUESTION pathping Answer: provides statistics for latency and packet loss along a route over a longer measuring period. pathping is a Windows tool; the equivalent on Linux is mtr. QUESTION What is a security policy? Answer: A formalized statement that defines how security will be implemented within an organization QUESTION
Overall internal responsibility for security might be allocated to a dedicated department such as a Answer: Director of Security, Chief Security Officer (CSO), or Chief Information Security Officer (CISO). QUESTION What is a Security Operations Center (SOC)? Answer: a location where security professionals monitor and protect critical information assets across other business functions, such as finance, operations, sales/marketing, and so on. Because SOCs can be difficult to establish, maintain, and finance, they are usually employed by larger corporations, like a government agency or a healthcare company. QUESTION What is Development and Operations (DevOps)? Answer: a cultural shift within an organization to encourage much more collaboration between developers and system administrators. By creating a highly orchestrated environment, IT personnel and developers can build, test, and release software faster and more reliably. QUESTION a single point-of-contact for the notification of security incidents should be handled by a dedicated... Answer: cyber incident response team (CIRT)/computer security incident response team (CSIRT)/computer emergency response team (CERT) QUESTION A multinational company manages a large amount of valuable intellectual property (IP) data, plus personal data for its customers and account holders. What type of business unit can be used to manage such important and complex security requirements? Answer: QUESTION A business is expanding rapidly and the owner is worried about tensions between its established IT and programming divisions. What type of security business unit or function could help to resolve these issues? Answer:
What is a security control? Answer: is something designed to make give a system or data asset the properties of confidentiality, integrity, availability, and non-repudiation. QUESTION What are the three broad categories of security controls? Answer: Technical, Operational, Managerial QUESTION What entails a technical security control? Answer: the control is implemented as a system (hardware, software, or firmware). For example, firewalls, antivirus software, and OS access control models are technical controls. Technical controls may also be described as logical controls. QUESTION What entails a managerial security control? Answer: the control gives oversight of the information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls. QUESTION What entails an operational security control? Answer: the control is implemented primarily by people rather than systems. For example, security guards and training programs are operational controls rather than technical controls. QUESTION What are the categories of security controls according to their objective/function?
Answer: Preventative, Detective, Corrective, Physical, Deterrent, Compensating QUESTION What entails a 'Corrective Security Control'? Answer: the control acts to eliminate or reduce the impact of an intrusion event. A corrective control is used after an attack. A good example is a backup system that can restore data that was damaged during an intrusion. Another example is a patch management system that acts to eliminate the vulnerability exploited during the attack. QUESTION What entails a 'Deterrent Security Control? Answer: the control may not physically or logically prevent access, but psychologically discourages an attacker from attempting an intrusion. This could include signs and warnings of legal penalties against trespass or intrusion. QUESTION What entails a 'Physical Security Control'? Answer: controls such as alarms, gateways, locks, lighting, security cameras, and guards that deter and detect access to premises and hardware are often classed separately. QUESTION What entails a 'Detective Security Control'? Answer: the control may not prevent or deter access, but it will identify and record any attempted or successful intrusion. A detective control operates during the progress of an attack. Logs provide one of the best examples of detective-type controls. QUESTION What entails a 'Compensating Security Control'? Answer:
the control serves as a substitute for a principal control, as recommended by a security standard, and affords the same (or better) level of protection but uses a different methodology or technology. QUESTION What entails a 'Protective Security Control'? Answer: the control acts to eliminate or reduce the likelihood that an attack can succeed. A preventative control operates before an attack can take place. Access control lists (ACL) configured on firewalls and file system objects are preventative-type controls. Anti-malware software also acts as a preventative control, by blocking processes identified as malicious from executing. Directives and standard operating procedures (SOPs) can be thought of as administrative versions of preventative controls. QUESTION What is a cybersecurity framework (CSF)? Answer: a list of activities and objectives undertaken to mitigate risks. The use of a framework allows an organization to make an objective statement of its current cybersecurity capabilities, identify a target level of capability, and prioritize investments to achieve that target QUESTION You have implemented a secure web gateway that blocks access to a social networking site. How would you categorize this type of security control? Answer: QUESTION A company has installed motion-activated floodlighting on the grounds around its premises. What class and function is this security control? Answer: QUESTION A firewall appliance intercepts a packet that violates policy. It automatically updates its Access Control List to block all further packets from the source IP. What TWO functions is the security control performing? Answer:
If a security control is described as operational and compensating, what can you determine about its nature and function? Answer: QUESTION If a company wants to ensure it is following best practice in choosing security controls, what type of resource would provide guidance? Answer: QUESTION red team Answer: performs the offensive role to try to infiltrate the target. QUESTION blue team Answer: performs the defensive role by operating monitoring and alerting controls to detect and prevent the infiltration. QUESTION white team Answer: which sets the rules of engagement and monitors the exercise, providing arbitration and guidance, if necessary QUESTION purple team Answer: the red and blue teams meet for regular debriefs while the exercise is ongoing.
penetration testing Answer: uses authorized hacking techniques to discover exploitable weaknesses in the target's security systems. QUESTION Examples of Active Reconnaissance Answer: social engineering, footprinting, OSINT, War Driving, UAV QUESTION What are the three properties of secure information? Confidentiality, Integrity, and Availability QUESTION What does confidentiality mean in the context of the CIA Triad? means that certain information should only be known to certain people. QUESTION What does integrity mean in the context of the CIA Triad? means that the data is stored and transferred as intended and that any modification is authorized. QUESTION What does availability mean in the context of the CIA Triad? means that information is accessible to those authorized to view or modify it. QUESTION What is a fourth property of secure information that could be added to the CIA Triad?
Nonrepudiation QUESTION What is nonrepudiation? Answer: means that a subject cannot deny doing something, such as creating, modifying, or sending a resource. QUESTION What are the five functions of cybersecurity according to the National Institute of Standards and Technology (NIST)? Answer: Identify, Protect, Detect, Respond, and Recover QUESTION What does 'Identify' mean in the context of cybersecurity functions according to the NIST? Answer: develop security policies and capabilities. Evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them. QUESTION What does 'protect' mean in the context of cybersecurity functions according to the NIST? Answer: procure/develop, install, operate, and decommission IT hardware and software assets with security as an embedded requirement of every stage of this operations life cycle. QUESTION What does 'detect' mean in the context of cybersecurity functions according to the NIST? Answer: perform ongoing, proactive monitoring to ensure that controls are effective and capable of protecting against new types of threats. QUESTION What does 'respond' mean in the context of cybersecurity functions according to the NIST?
Answer: identify, analyze, contain, and eradicate threats to systems and data security. QUESTION What does 'recover' mean in the context of cybersecurity functions according to the NIST? Answer: implement cybersecurity resilience to restore systems and data if other controls are unable to prevent attacks. QUESTION Information security professionals must be competent in the following areas Answer: Participate in risk assessments and testing of security systems and make recommendations. Specify, source, install, and configure secure devices and software. Set up and maintain document access control and user privilege profiles. Monitor audit logs, review user privileges, and document access controls. Manage security-related incident response and reporting. Create and test business continuity and disaster recovery plans and procedures. Participate in security training and education programs.