CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 211:

  A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

  A. Tokenization
  B. Input validation
  C. Code signing
  D. Secure cookies
  B. Input validation

• Question 212:

  A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?

  A. RA
  B. OCSP
  C. CRL
  D. CSR
  C. CRL

  ---

  OCSP is quicker that CRL

• Question 213:

  A security professional wants to enhance the protection of a critical environment that is used to store and manage a company's encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

  A. DLP
  B. HSM
  C. CA
  D. FIM
  B. HSM

  ---

  An HSM is a dedicated hardware device that provides a secure environment for cryptographic operations and key management. It is designed to be tamper-resistant, physically hardened, and provides strong protection for sensitive cryptographic material and keys. HSMs are often used in environments where secure and reliable key management is essential, such as in banking, financial institutions, or other critical systems where data confidentiality and integrity are paramount.

• Question 214:

  When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

  A. Acceptance
  B. Mitigation
  C. Avoidance
  D. Transference
  D. Transference

• Question 215:

  While assessing the security of a web application, a security analyst was able to introduce unsecure strings through the application input fields by bypassing client-side controls. Which of the following solutions should the analyst recommend?

  A. Code signing
  B. Host-based intrusion detection system
  C. Secure cookies
  D. Server-side validation
  D. Server-side validation

• Question 216:

  As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

  A. User behavior analysis
  B. Packet captures
  C. Configuration reviews
  D. Log analysis
  C. Configuration reviews

• Question 217:

  A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?

  A. Discretionary
  B. Rule-based
  C. Role-based
  D. Mandatory
  D. Mandatory

  ---

  Explanation Explanation/Reference:Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc) and a category (which is essentially an indication of the management level, department or project to which the object is available). Mandatory Access Control is by far the most secure access control environment but does not come without a price. Firstly, MAC requires a considerable amount of planning before it can be effectively implemented https://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control

• Question 218:

  a user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?

  A. Something you know, something you have, and somewhere you are
  B. Something you know, something you can do, and somewhere you are
  C. Something you are, something you know, and something you can exhibit
  D. Something you have, somewhere you are, and someone you know
  A. Something you know, something you have, and somewhere you are

  ---

  Something you know = password Something you have = USB key Somewhere you are = state where company resides

• Question 219:

  On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)

  A. Data accessibility
  B. Legal hold
  C. Cryptographic or hash algorithm
  D. Data retention legislation
  E. Value and volatility of data
  F. Right-to-audit clauses
  A. Data accessibility
  E. Value and volatility of data

  ---

  directly from the link @AspiringScriptKiddie provided: Note Before conducting a live acquisition, data acquisition priorities should be identified in terms of data accessibility, as well as the value and volatility of the data.

• Question 220:

  An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?

  A. Bug bounty
  B. White-box
  C. Black-box
  D. Gray-box
  D. Gray-box