Home / CompTIA / SY0-601

Question list

List of questions

Question 1

(0)

DRAG DROP A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Question 2

(0)

DRAG DROP A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS Use the minimum set of commands to set this up and verify that it works. Commands cannot b

Question 3

(0)

DRAG DROP Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS) • Hostname: ws01 • Domain: comptia.org • IPv4: 10.1.9.50 • IPV4: 10.2.10.50 • Root: h

Question 4

(0)

DRAG DROP An attack has occurred against a company. INSTRUCTIONS You have been tasked to do the following: Identify the type of attack that is occurring on the network by clicking on the attacke

Question 5

(0)

HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be

Question 6

(0)

HOTSPOT Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation. INSTRUCTIONS Not all attacks and remediation acti

Question 7

(0)

HOTSPOT An incident has occurred in the production environment. Analyze the command outputs and identify the type of compromise. If at any time you would like to bring back the initial state of t

Question 8

(0)

HOTSPOT The security administrator has installed a new firewall which implements an implicit DENY policy by default. INSTRUCTIONS Click on the firewall and configure it to allow ONLY the

Question 9

(0)

HOTSPOT You are security administrator investigating a potential infection on a network. Click on each host and firewall. Review all logs to determine which host originated the Infecton and then d

Question 10

(0)

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable T

Question 522 - SY0-601 discussion

Which of the following is used to quantitatively measure the criticality of a vulnerability?

CVE

CVSS

CIA

CERT

Suggested answer: B

Explanation:

The correct answer is B. CVSS.

CVSS stands for Common Vulnerability Scoring System. It is a framework that provides a standardized way to measure the criticality of a vulnerability based on various factors, such as the impact, exploitability, and remediation level of the vulnerability. CVSS assigns a numerical score from 0 to 10 to each vulnerability, where 0 means no risk and 10 means the highest risk. CVSS also provides a qualitative rating for each score, such as low, medium, high, or critical. CVSS helps organizations prioritize the remediation of vulnerabilities based on their severity and potential impact12.

CVE stands for Common Vulnerabilities and Exposures. It is a list of publicly known and standardized identifiers for vulnerabilities and exposures in software and hardware systems. CVE provides a brief description of each vulnerability or exposure, but does not assign a score or rating to them. CVE helps organizations communicate and share information about vulnerabilities and exposures in a consistent and reliable way3 .

CIA stands for Confidentiality, Integrity, and Availability. It is a model that defines the three main objectives of information security. Confidentiality means protecting data from unauthorized access or disclosure. Integrity means ensuring data is accurate and consistent and has not been tampered with. Availability means ensuring data is accessible and usable by authorized parties when needed.

CIA helps organizations design and implement security controls and policies to protect their data and systems .

CERT stands for Computer Emergency Response Team. It is a group of experts who respond to security incidents and provide guidance and assistance to mitigate and prevent cyberattacks. CERT also conducts research and analysis on cybersecurity trends and issues, and disseminates information and best practices to the public. CERT helps organizations improve their security posture and resilience against cyber threats .

For more information on CVSS and other concepts related to vulnerability assessment and management, you can refer to [this video] or [this guide] from CompTIA Security+.

Show Answer

asked 02/10/2024

Karen Charllotte Aglipay

30 questions

Your answer: A B C D

0 comments

Sorted by