Here you have the best CompTIA SY0-601 practice exam questions
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
The presence of a certificate mismatch warning when navigating to https://www.site.com implies that the user is being directed to a server presenting an incorrect SSL/TLS certificate. This situation typically arises from DNS poisoning, where the DNS records are tampered with, redirecting the user to a malicious server instead of the intended website. This manipulation causes the browser to detect that the certificate presented by the server does not match the expected certificate for the domain, triggering the warning. Domain hijacking involves taking control of the domain registration, which would not necessarily result in a certificate mismatch. On-path attacks and evil twin attacks involve different methods of intercepting or mimicking network traffic and would not typically result in a certificate mismatch warning.
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A USB data blocker is a device that prevents data transfer between a computer and a USB device while still allowing power to flow through, making it effective at preventing unauthorized access to removable media. This device blocks any data from being read or written to the USB device, ensuring that only charging can occur, minimizing the risk of data theft or malicious data transfer.
A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?
A reverse proxy sits in front of web servers and forwards client requests to the appropriate back-end servers. It can offload tasks such as SSL termination, caching, and load balancing from the back-end servers, reducing their workload and resource utilization. Additionally, reverse proxies can distribute traffic among multiple back-end servers, improving scalability and flexibility. Since session persistence is not important for the applications running on the back-end servers, the reverse proxy can distribute requests dynamically without needing to maintain session state, further reducing the burden on individual servers. Reverse proxies meet the requirement for increased scalability and flexibility while allowing updates and modifications without disrupting the services.
Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?
A phishing email stating that a cash settlement has been awarded but will expire soon describes a social engineering technique that seeks to exploit a person's sense of urgency. It creates a false sense of immediate action required to prevent missing out on something valuable, prompting the target to react quickly and often without careful consideration.
A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1
Which of the following has been observed?
The provided log entry indicates a SQL injection (SQLi) attack. SQL injection occurs when an attacker inserts or