ExamGecko
Home / CompTIA / SY0-601 / List of questions
Ask Question

CompTIA SY0-601 Practice Test - Questions Answers, Page 3

Add to Whishlist

List of questions

Question 21

Report Export Collapse

Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time?

PoC
PoC
Production
Production
Test
Test
Development
Development
Suggested answer: A
Explanation:

A proof of concept (PoC) environment can be stood up quickly and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time. This environment can utilize either dummy data or actual data. Reference: CompTIA Security+ Certification Guide, Exam SY0-501

asked 02/10/2024
KRISHNA SUMAN
31 questions

Question 22

Report Export Collapse

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

A DMZ
A DMZ
A VPN a
A VPN a
A VLAN
A VLAN
An ACL
An ACL
Suggested answer: D
Explanation:

After segmenting the network, a network manager can use an access control list (ACL) to control the traffic between the segments. An ACL is a set of rules that permit or deny traffic based on its characteristics, such as the source and destination IP addresses, protocol type, and port number.

Reference: CompTIA Security+ Certification Guide, Exam SY0-501

asked 02/10/2024
m laven
34 questions

Question 23

Report Export Collapse

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

The Diamond Model of Intrusion Analysis
The Diamond Model of Intrusion Analysis
The Cyber Kill Chain
The Cyber Kill Chain
The MITRE CVE database
The MITRE CVE database
The incident response process
The incident response process
Suggested answer: A
Explanation:

The Diamond Model is a framework for analyzing cyber threats that focuses on four key elements:

adversary, capability, infrastructure, and victim. By analyzing these elements, security researchers can gain a better understanding of the threat landscape and develop more effective security strategies.

asked 02/10/2024
Liam Derwin
38 questions

Question 24

Report Export Collapse

A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks. Which of the following should the engineer implement?

An air gap
An air gap
A hot site
A hot site
A VUAN
A VUAN
A screened subnet
A screened subnet
Suggested answer: D
Explanation:

A screened subnet is a network segment that can be used for servers that require connections from untrusted networks. It is placed between two firewalls, with one firewall facing the untrusted network and the other facing the trusted network. This setup provides an additional layer of security by screening the traffic that flows between the two networks. Reference: CompTIA Security+ Certification Guide, Exam SY0-501

asked 02/10/2024
Marcin Weglarski
39 questions

Question 25

Report Export Collapse

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

Birthday collision on the certificate key
Birthday collision on the certificate key
DNS hacking to reroute traffic
DNS hacking to reroute traffic
Brute force to the access point
Brute force to the access point
A SSL/TLS downgrade
A SSL/TLS downgrade
Suggested answer: D
Explanation:

The scenario describes a Man-in-the-Middle (MitM) attack where the attacker intercepts traffic and downgrades the secure SSL/TLS connection to an insecure HTTP connection. This type of attack is commonly known as SSL/TLS downgrade attack or a stripping attack. The attacker is able to see and modify the communication between the client and server.

asked 02/10/2024
Venish Arumugam
41 questions

Question 26

Report Export Collapse

A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again. Which of the following is the BEST technical implementation to prevent this from happening again?

Configure DLP solutions
Configure DLP solutions
Disable peer-to-peer sharing
Disable peer-to-peer sharing
Enable role-based
Enable role-based
Mandate job rotation
Mandate job rotation
Implement content filters
Implement content filters
Suggested answer: A
Explanation:

Data loss prevention (DLP) solutions can prevent the accidental or intentional loss of sensitive data. DLP tools can identify and protect sensitive data by classifying and categorizing it, encrypting it, or blocking it from being transferred outside the organization's network.

asked 02/10/2024
Dimitri Bennett
40 questions

Question 27

Report Export Collapse

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:

prepending.
prepending.
an influence campaign.
an influence campaign.
a watering-hole attack.
a watering-hole attack.
intimidation.
intimidation.
information elicitation.
information elicitation.
Suggested answer: B
Explanation:

This scenario describes an influence campaign, where false information is spread to influence or manipulate people's beliefs or actions. In this case, the misinformation led eligible voters to avoid polling places, which influenced the outcome of the election.

asked 02/10/2024
Nitharsan Balanavaneethan
57 questions

Question 28

Report Export Collapse

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Default system configuration
Default system configuration
Unsecure protocols
Unsecure protocols
Lack of vendor support
Lack of vendor support
Weak encryption
Weak encryption
Suggested answer: C
Explanation:

One of the risks of using legacy software is the lack of vendor support. This means that the vendor may no longer provide security patches, software updates, or technical support for the software. This leaves the software vulnerable to new security threats and vulnerabilities that could be exploited by attackers.

asked 02/10/2024
josh hill
42 questions

Question 29

Report Export Collapse

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A An incident response plan
A An incident response plan
A communications plan
A communications plan
A business continuity plan
A business continuity plan
A disaster recovery plan
A disaster recovery plan
Suggested answer: B
Explanation:

The organization should use a communications plan to inform the affected parties. A communications plan is a document that outlines how an organization will communicate with internal and external stakeholders during a crisis or incident. It should include details such as who will be responsible for communicating with different stakeholders, what channels will be used to communicate, and what messages will be communicated.

An incident response plan is a document that outlines the steps an organization will take to respond to a security incident or data breach. A business continuity plan is a document that outlines how an organization will continue to operate during and after a disruption. A disaster recovery plan is a document that outlines how an organization will recover its IT infrastructure and data after a disaster.

asked 02/10/2024
Sergio Monsegur Torralba
41 questions

Question 30

Report Export Collapse

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy

Incremental backups followed by differential backups
Incremental backups followed by differential backups
Full backups followed by incremental backups
Full backups followed by incremental backups
Delta backups followed by differential backups
Delta backups followed by differential backups
Incremental backups followed by delta backups
Incremental backups followed by delta backups
Full backup followed by different backups
Full backup followed by different backups
Suggested answer: B
Explanation:

The best backup strategy for minimizing the number of backups that need to be restored in case of data loss is full backups followed by incremental backups. This strategy allows for a complete restoration of data by restoring the most recent full backup followed by the most recent incremental backup. Reference: CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) page 126

asked 02/10/2024
charles ratchagaraj
49 questions
Total 603 questions
Go to page: of 61
Search

Related questions