ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 615 discussion

Actual exam question from CompTIA's SY0-601
Question #: 615
Topic #: 1
[All SY0-601 Questions]

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

  • A. Create different accounts for each region, each configured with push MFA notifications.
  • B. Create one global administrator account and enforce Kerberos authentication.
  • C. Create different accounts for each region, limit their logon times, and alert on risky logins.
  • D. Create a guest account for each region, remember the last ten passwords, and block password reuse.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by sujon_london at Sept. 3, 2023, 10:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sujon_london
Highly Voted 1 year, 8 months ago
Selected Answer: C
To mitigate the concern of hackers gaining access to the service account and pivoting throughout the global network, the BEST solution would be to create different accounts for each region, limit their logon times, and alert on risky logins (C). Enforcing Kerberos authentication (Option B) is also a good security measure, but it should be used in conjunction with creating different accounts for each region. Kerberos authentication is used to authenticate users over insecure networks and can help prevent attackers from intercepting login credentials. Implementing multi-factor authentication (MFA) (Option A) is also a good security measure, but it should be used in addition to creating different accounts for each region. MFA adds an extra layer of security by requiring users to provide additional authentication factors, such as a code sent to their phone, in addition to their password.
upvoted 13 times
Mez92
1 year, 8 months ago
A. “Create different accounts for each region,” each configured with push MFA notifications. / “but it should be used in addition to creating different accounts for each region.” But creating accounts for region is part of option A?
upvoted 9 times
bob_burgers
1 year, 5 months ago
Scans are automated. This is a credentialed scan. Good luck acknowledging 10,000 MFA push updates to one person each time the scanner logs in to an endpoint. Not a real world solution, but about 50/50 it is CompTIA thinking. I'm going C as I do this sort of work everyday and in no way can we do a MFA push to each login, if so it would be using a one-time MFA push for a period of time, but the questions doesn't give us those details. Feels like A, but reality is it is C. Good luck to all.
upvoted 4 times
mrface33
1 year, 1 month ago
I also do this sort of work every day and we setup MFA on accounts like this I don't know what you mean by the scanner logs. I think it's A.
upvoted 3 times
...
...
...
...
spearous
Most Recent 1 year ago
Selected Answer: A
i vote for C, so this is what my company is doing. every of each root login is giving MFA for confirmation. even if hacker gain access to some degree, he can't receive MFA, so he can't login. the problem with C, even if you limit time/ notify risky login, it can't fully prevent hacker login as A. Come on, it is mobile MFA erea. even my school email login is using MFA...
upvoted 1 times
spearous
1 year ago
whoops, i mean i vote for A...
upvoted 2 times
...
...
dbdbfb0
1 year, 1 month ago
Selected Answer: C
Gotta go with C. Can't be A because service accounts can't acknowledge push notifications.
upvoted 4 times
...
MF757
1 year, 1 month ago
Selected Answer: A
Configuring push Multi-Factor Authentication (MFA) notifications adds an additional layer of security. Even if attackers manage to compromise one of the accounts, they would still need to bypass MFA to gain unauthorized access, making it significantly more difficult for them to pivot through the network
upvoted 1 times
...
subaie503
1 year, 2 months ago
Selected Answer: C
C - it's a service account, can't MFA
upvoted 4 times
...
cannon
1 year, 3 months ago
ChatGPT --- Answer: A. Create different accounts for each region, each configured with push MFA notifications. Explanation: Create Different Accounts for Each Region: By creating different accounts for each region, the organization can limit the scope of potential compromise if one account is breached. This approach compartmentalizes access and reduces the impact of a single account compromise. Configured with Push MFA Notifications: Multi-Factor Authentication (MFA) adds an extra layer of security by requiring users to provide additional authentication factors beyond passwords. Configuring accounts with push MFA notifications enhances security by requiring users to approve login attempts via a secondary device or application, adding an additional barrier against unauthorized access.
upvoted 1 times
memodrums
1 year, 3 months ago
how do you had MFA to a service account? Doesn't make sense.
upvoted 1 times
...
...
klinkklonk
1 year, 3 months ago
Selected Answer: C
Because how could a service account respond to a push notification?
upvoted 3 times
...
Booma1234
1 year, 4 months ago
Selected Answer: C
The amount of people that have said "A" for a service account is concerning. Had to vote "C" to change the vote a little.
upvoted 4 times
rickirikci11
1 year, 4 months ago
It is just a bad reason
upvoted 1 times
...
...
ganymede
1 year, 4 months ago
Selected Answer: C
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
upvoted 1 times
...
mattjclark98
1 year, 5 months ago
Selected Answer: C
This is a credentialed scan. Good luck acknowledging 10,000 MFA push updates to one person each time the scanner logs in to an endpoint. Not a real world solution,
upvoted 4 times
...
EMP00000000
1 year, 6 months ago
Selected Answer: C
Option A = 2 measures Option C = 3 measures I vote C.
upvoted 1 times
...
DChilds
1 year, 7 months ago
Selected Answer: A
MFA with push notifications will drastically reduce the likelihood of hacker gaining access, more than time based access and alerting, I will go with A here.
upvoted 3 times
JT4
1 year, 7 months ago
Voting for C here!!! Service accounts are used by system services such as web servers to interact with other system services. How will these service accounts accept the MFA push?????
upvoted 10 times
klinkklonk
1 year, 3 months ago
Exactly. There's a basic misunderstanding here of what a service account is.
upvoted 1 times
...
...
...
Dark_Tarantula
1 year, 7 months ago
Selected Answer: A
Going for A here, with MFA enabled it is unlikely for an attacker to get access to the account even if he/she knows the password. The option C also works however, it does not prevent the attacker from getting access to the account. It just limits the time he could actually log into the account.
upvoted 3 times
...
DarexTech100
1 year, 7 months ago
Selected Answer: A
Create different accounts for each region, each configured with push MFA notifications. Creating different accounts for each region and limiting logon times can help with segmentation but doesn't add the level of security provided by MFA.
upvoted 3 times
...
DarexTech100
1 year, 8 months ago
Selected Answer: A
A. Create different accounts for each region, each configured with push MFA notifications. Creating different accounts for each region and configuring them with Multi-Factor Authentication (MFA) push notifications would be a strong approach to mitigate the concern of unauthorized access. With MFA, even if an attacker gains access to the password, they would still need to bypass an additional layer of authentication. By using different accounts for each region, the potential impact of an account compromise is also limited to that region, reducing the risk of an attacker pivoting throughout the global network.
upvoted 2 times
...
32d799a
1 year, 8 months ago
Selected Answer: A
Given the options and the need to prevent attackers from pivoting through the network, Option A (creating different accounts for each region, each configured with push MFA notifications) would be the BEST to help mitigate the concern. C. Limiting logon times can help by restricting the window of opportunity for misuse. However, if attackers are aware of these times, they could potentially work within them
upvoted 2 times
...
touisuzuki
1 year, 8 months ago
Selected Answer: C
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel