CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 1041:

  A software company has a shared codebase for multiple projects using the following strategy:

  1.

  Unused features are deactivated but still present on the code.

  2.

  New customer requirements trigger additional development work.

  Which of the following will most likely occur when the company uses this strategy?

  A. Malicious code
  B. Dead code
  C. Outsourced code
  D. Code obfuscation
  B. Dead code

  ---

  Dead code refers to portions of a program's source code that are never executed during the program's runtime. In this strategy, features that are deactivated but still present in the code are effectively dead code. They are not actively used or executed, yet they remain in the codebase.

• Question 1042:

  The spread of misinformation sorrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take risk of goding to the polls. This is an example of:

  A. Prepending
  B. An influence compain
  C. A watering-hole attack.
  D. Intimidation.
  E. Information elicitation.
  B. An influence compain

• Question 1043:

  A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

  Click here to unsubscribe

  Which of the following will the forensics investigator MOST likely determine has occurred?

  A. SQL injection
  B. CSRF
  C. XSS
  D. XSRF
  D. XSRF

• Question 1044:

  Which of the following is a policy that provides a greater depth of knowldge across an organization?

  A. Asset manahement policy
  B. Separation of duties policy
  C. Acceptable use policy
  D. Job Rotation policy
  D. Job Rotation policy

• Question 1045:

  A security analyst reviews web server logs and notices the following lines:

  

  Which of the following vulnerabilities has the attacker exploited? (Choose two.)

  A. Race condition
  B. LFI
  C. Pass the hash
  D. XSS
  E. RFI
  F. Directory traversal
  B. LFI
  F. Directory traversal

• Question 1046:

  An attacker browses a company's online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique?

  A. Hoax
  B. Reconnaissance
  C. Impersonation
  D. pretexting
  B. Reconnaissance

  ---

  Impersonation is a form of social engineering attack when the attacker pretends to be someone else.. nothing related to the question here.

• Question 1047:

  An organization has implemented a two-step verification process to protect user access to data that s stored in the coud Ic scssnncsitcibin a vdiemiietanebins code to access the data. Which of the following authentication methods did the organization implement?

  A. Token key
  B. Static code
  C. Push notification
  D. HOTP
  C. Push notification

• Question 1048:

  A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system

  Which of the following is the CISO using to evaluate Hie environment for this new ERP system?

  A. The Diamond Model of Intrusion Analysis
  B. CIS Critical Security Controls
  C. NIST Risk Management Framework
  D. ISO 27002
  C. NIST Risk Management Framework

• Question 1049:

  Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

  A. Penetration test
  B. Continuity of operations planning
  C. Tabletop exercise
  D. Simulation
  C. Tabletop exercise

• Question 1050:

  An organization Chief information Security Officer a position that will be responsibles for implementing technical controls to protect data, include ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

  A. Data protection officer
  B. Data owner
  C. Backup administrator
  D. Data custodian
  E. Internal auditor
  D. Data custodian

  ---

  Data Custodians The primary responsibilities of a data custodian are: Maintain physical and system security including physical security of servers and data user security as determined appropriate by the Data Trustees or Data Stewards. Ensure adequate system backups and disaster recovery plans. https://www.belmont.edu/oair/data-governance/role-data-custodians.html#:~:text=Data%20Custodiansandtext=The%20primary%20responsibilities%20of%20a,backups%20and%20disaster%20recovery%20plans.