CompTIA Updated SY0-601 Exam Questions and Answers by renee

Compensating controls are alternative or additional controls that are implemented when the primary or preferred controls are not feasible or effective. Compensating controls can provide a similar level of protection or reduce the risk to an acceptable level until a proper fix is released. For example, if a vulnerability exists in a web server that allows remote code execution, a compensating control could be to restrict access to the web server by using a firewall or an IPS.

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation best describes a risk reduction technique. Risk reduction is a strategy that aims to lower the likelihood or impact of a risk by implementing controls or mitigations. For example, if a technical control is not feasible or cost-effective, a company can reduce the risk by educating users on how to avoid or handle the threat, such as using strong passwords, avoiding phishing emails, or reporting incidents.

An on-path attack is an attack that took place when an attacker was eavesdropping on a user who was shopping online and was able to spoof the IP address associated with the shopping site. An on-path attack is a type of network attack that involves intercepting or modifying traffic between two parties by placing oneself in the communication path. An on-path attack can also be called a man-in-the-middle attack or a session hijacking attack. An on-path attacker can steal sensitive information, such as credit card details, or redirect the user to a malicious website. References: https://www.comptia.org/blog/what-is-a-man-in-the-middle-attack https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pdf

Dynamic resource allocation is a technique that allows cloud providers to adjust the amount and distribution of computing resources according to the changing demand and capacity of the cloud environment1. Dynamic resource allocation can improve the efficiency and utilization of available computing power, as well as reduce the cost and energy consumption of the cloud infrastructure1. Dynamic resource allocation can also enhance the system availability and reliability by avoiding potential denial-of-service situations caused by overloading or under-provisioning of resources1.