A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
The presence of a certificate mismatch warning when navigating to https://www.site.com implies that the user is being directed to a server presenting an incorrect SSL/TLS certificate. This situation typically arises from DNS poisoning, where the DNS records are tampered with, redirecting the user to a malicious server instead of the intended website. This manipulation causes the browser to detect that the certificate presented by the server does not match the expected certificate for the domain, triggering the warning. Domain hijacking involves taking control of the domain registration, which would not necessarily result in a certificate mismatch. On-path attacks and evil twin attacks involve different methods of intercepting or mimicking network traffic and would not typically result in a certificate mismatch warning.
C is the correct answer. By the way, there is a course in north carolina and they are receiving $4000 in advance and showing you 6-hour pre-recorded videos every saturday. There is no human intervention and no update over time. They are lying and giving you fake promises before signing up to course and then there is no contact after you became member. Be careful because they are completely SCAMMER.
C. DNS poisoning. The certificate mismatch warning suggests that the website is using a different SSL/TLS certificate than what the browser was expecting. This could happen if an attacker has tampered with the DNS resolution process, so the user is directed to a different server than the legitimate site. This type of attack is known as DNS poisoning, where an attacker corrupts or manipulates the DNS cache of a network to redirect users to malicious websites. On-path attacks involve intercepting and altering network traffic between the user and the website, while domain hijacking refers to the unauthorized transfer of a domain name from its rightful owner to another party. Evil twin attacks involve setting up a rogue wireless access point to impersonate a legitimate one in order to steal login credentials or other sensitive information. None of these scenarios fit the description given in the question.
Agree. The answer is not B, as DNS hijacking would corrupt the registration records, and hence there would be no certificate error.
Ok brothers, I took the 601 exam today, June 14th 2024, passed with a 769 score. I had a total of 74 questions, about 50% of the questions for me were on this dump. I also had 4 PBQ's(they actually were the first 4 questions on my exam) that were from this dump, all exactly as listed here. I went over all of the questions twice, focused on questions 600-860 as other have stated to do. I also had viewed all of Professor Messor's 601 videos on youtube. I spent a total of 1 1/2 months studying for this 601 exam, two to three hours a day. You guys can do this!! Just go over all of these questions twice, spend a day or two before the exam reviewing the PBQ's and you guys will also pass this exam. Remember, the 601 is being retired on July 31st, 2024. I will definitely be on this site for other exams and when I recertify in three years with the 701. Thank you all for your input on these discussions, they truly help. Good luck brothers!! Believe and you will see!
this makes no sense. If you did 601 why will they change list of the questions from the bucket now since the exam is retiring it’s either you are bot trying to sell 701 or something else
I agree. It makes zero sense to me. That's why I was so surprised. But, I now know I passed because I actually knew the subjects and material, not just memorized answers. If I had it to do over again, I would have waited and took 701.
It's true!!! Most of questions for Sec+ 601 are different from this batch. I had contributor access, went over these questions twice, found my weak areas, studied those topics, watched Professor Messer and Pete Zerger (his videos helped me BTW) and still didn't get the questions from here. I got 4 PBQs: 3 PBQs from here, 1 new one. I got some questions from 600 to 860, but roughly 10% of those. The rest of questions I never saw before. At first, I felt frustrated but I focused and answered all 74 questions on time and time to spare to check over. I wouldn't rely on this dump too much, just study your lessons, abbreviations, possible scenarios and you should be fine. Good luck
Username: SlugLife Last login: May 23, 2024, 5:34 a.m. Comments #: 3
SlugLife and some of the others here that took the 601 test recently aren't lying! I'm not a bot. Not posting any links for you to click. Mine was 74 questions also. Only about 10 were in this list though. I wish I could say more were from this list but they were not. And I also had the 4 PBQ's right at the front. I passed because I reviewed all these 860 questions and their discussion 3x plus Prof Messer. I agree that it makes no sense it was changed right before expiration, but it was. Know your stuff. Assuming you will pass with no experience and just reading these questions once will not get you there. And I'm glad about that. Makes the cert worth more.
did you go through all 860 questions in here or only first 100/150 (which are currently unlocked for non-contributor users)? Most users wrote in comments that majority of current exam questions are from 600-860 range which make sense to me as these are the most valid/the newest one
I went through all 860. And I cannot say that mine were mostly from 600-860. They were not. Long story short, I had to earn it. Memorizing answers would NOT have worked.
did you go through all 860 questions in here or only first 100/150 (which are currently unlocked for non-contributor users)? Most users wrote in comments that majority of current exam questions are from 600-860 range which make sense to me as these are the most valid/the newest one
I just took this exam today (SYO-601) and honestly only about 10 questions out of 74 questions was from this bank. I’m not sure if Comptia switched up the exam or this is really for SYO-701 but DO NOT JUST MEMORIZE THIS BANK. I Thank God I didn’t just rely on this bank or I would have never passed and I mean I barely passed (757/750)! I used a Udemy course (Andrew Ramdayal) for deeper knowledge for the information I was coming across from this bank. This really is what got me through this exam. Lastly I did get 3 out of 4 of the PBQ from this bank on the Exam so that was good but other than that this test was a true nail biter. I hope everyone that sees this takes my advice to use these questions as practice questions and don’t rely on this bank alone.
Are you sure you took 601 and not 701?
I recently took the syo-601 exam and everything no_restaurant9617 said was my experience as well. I will emphasize was he stated, don't rely on this bank of questions alone. PBQs are helpful but that is it.
Same for me as "No_Restaurant9617" and "SlugLife" above. Read my comments there. Passed 601, not 701. I know for sure I took 601.
The described attack is most consistent with DNS poisoning. The user’s traffic is being redirected to a malicious server that presents an incorrect SSL/TLS certificate, triggering the browser warning. Domain hijacking, on the other hand, involves gaining control of the domain itself and typically does not present as a certificate mismatch warning.
Some people say that all the questions from here and vert few people say that are very few questions from here which confuses me.If anyone knows the reason for this,please help me..
KNOW YOUR STUFF READ THE DICUSSIONS
Took exam and pass 777 May 20th 2024, unfortunately for me only 10 or so questions came from dump. My advice to you read discussions and every answer know why the answer is and why not the others
I passed my exam on 07/09/24. I got 3 PBQs from here and 1 new one This dump is good for studying, but I wouldn't rely on it too much. I wasn't lucky to get most of the questions on here like most people boast about. I probably got 7 questions from here, everything else was new. I signed up for 601, so I felt sort of discouraged during the exam, then I quickly snapped out of it, I focus and I passed. I now have my stackable certs: A+, Net+ and Security.
did you go through all 860 questions in here or only first 100/150 (which are currently unlocked for non-contributor users)? Most users wrote in comments that majority of current exam questions are from 600-860 range which make sense to me as these are the most valid/the newest one
Passed my 601 exam (1st July) 811/750. 82 questions, 3 PBQs. Only about 10% of the questions came from this dump (Had non-contributor access so only went through the first 200 or so questions). The discussions are very helpful though. They help you to logically arrive at the correct answers. Thank you to all the discussion contributors. For the exam: 1. Know your stuff, don't just cram. A lot of the questions and LEAST likely, MOST likely, BEST and the likes, not just outright answers. You need to be familiar with what is being asked to best answer the questions. 2. Don't spend too much time on the PBQs. If you find yourself spending more than 5 minutes on each, flag them and move on. Go through the rest of the exam then come back and review. 3. Know your acronyms. My exam was chokeful of them. Good luck to those going to take the exam!
Passed SY0-601 today 13/6/24 with 780. Only about 20% of the questions was from here. 1 PBQ I've never seen before. Should definitely not rely on dump alone and study up. 601 won't be around for much longer so might be better to start looking into 701. Happy to answer any questions anyone has.
IF there wasn't much on here in your exam what areas would you advise to hit extra hard? Did you go and find the PBQ that was on your test? If so, what is a good direction to look it up in? I test on the 24th(Monday)
Keep us posted, my exam 601 on 27th
I take my exam today, will post the results later in here
out of the 5 PQB 4 were from here one was new but I had seen it somewhere in the internet. Only 10 question were from here out of the 74. I passed, but was tough. Exam topic helps but don't expect the same question.
Hey guys, what's your study strategy to pass the exam? How many revisions did you do before you took the test and passed it?
Go over all the questions once, study the PBQs as much as you can, then go over the questions again. Saw some comments recommending going through 600-860. If you have time go over all of them again. Good luck
c is the correct one!
I'm wondering if anybody has taken the exam within the last month or so if this dump had most questions. I assume that some people who say there aren't questions from here took 701 instead of 601, but let me know!
I just took it today, I probably had two questions from this dump; all are the pbq’s are on their tho Make sure to ready the discussions to actually understand the info
Taking the exam tomorrow. Exam is nearly retired but it lasts for 3 years anyway (That is if i pass) Thanks for everyone that comments on the discussions :)
Passed the Exam with 822. I think only one or two questions were not on this dump. All PBQs were here. Just go over the questions twice and good luck.
Another 701
If you want to prepare for the CompTIA Security+ 601 exam, I recommend you visit this website that will help you with your practice: toolsecurity.com.ar.
does this site valid for 701