CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 321:

  Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

  A. Smart card
  B. push notifications
  C. Attestation service
  D. HMAC-based
  E. one-time password
  B. push notifications

• Question 322:

  The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access

  Which of the following is the BEST security solution to reduce this risk?

  A. CASB
  B. VPN concentrator
  C. MFA
  D. VPC endpoint
  A. CASB

• Question 323:

  Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

  A. Order of volatility
  B. Preservation of event logs
  C. Chain of custody
  D. Compliance with legal hold
  A. Order of volatility

  ---

  Explanation Explanation/Reference:The order of volatility is a concept in digital forensics and incident response that refers to the sequence in which different types of data should be preserved or collected during an investigation, based on their likelihood to change or be lost. The general principle is to start with the most volatile data first, as it is more prone to alteration or loss, and then proceed to less volatile data. The order of volatility typically follows a hierarchy from more volatile to less volatile data.

• Question 324:

  Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?

  A. OWASP
  B. Vulnerability scan results
  C. NIST CSF
  D. Third-party libraries
  A. OWASP

• Question 325:

  DRAG DROP

  A security administrator is given the security and availability profiles for servers that are being deployed.

  Match each RAID type with the correct configuration and MINIMUM number of drives.

  Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions:

  1. All drive definitions can be dragged as many times as necessary

  2. Not all placeholders may be filled in the RAID configuration boxes

  3. If parity is required, please select the appropriate number of parity checkboxes

  4. Server profiles may be dragged only once

  Instructions: If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  Select and Place:

  

  

  ---

  Explanation/Reference:

  RAID-0 is known as striping. It is not a fault tolerant solution but does improve disk performance for read/write operations. Striping requires a minimum of two disks and does not use parity. RAID-0 can be used where performance is required over fault tolerance, such as a media streaming server.

  RAID-1 is known as mirroring because the same data is written to two disks so that the two disks have identical data. This is a fault tolerant solution that halves the storage space. A minimum of two disks are used in mirroring and does not use parity. RAID-1 can be used where fault tolerance is required over performance, such as on an authentication server.

  RAID-5 is a fault tolerant solution that uses parity and striping. A minimum of three disks are required for RAID-5 with one disk's worth of space being used for parity information.

  However, the parity information is distributed across all the disks. RAID-5 can recover from a sing disk failure.

  RAID-6 is a fault tolerant solution that uses dual parity and striping. A minimum of four disks are required for RAID-6. Dual parity allows RAID-6 to recover from the simultaneous failure of up to two disks. Critical data should be stored on a RAID-6 system.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 34-36, 234-235

• Question 326:

  A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall.

  Which of the following would be the BEST option to remove the rules?

  A. # iptables -t mangle -X
  B. # iptables -F
  C. # iptables -Z
  D. # iptables -P INPUT -j DROP
  B. # iptables -F

• Question 327:

  Which of the following stores data directly on devices with limited processing and storage capacity?

  A. Thin client
  B. Containers
  C. Edge
  D. Hybrid cloud
  A. Thin client

• Question 328:

  A junior human resources administrator was gathering data about employees to submit to a new company awards program The employee data included job title business phone number location first initial with last name and race. Which of the following best describes this type of information?

  A. Sensitive
  B. Non-Pll
  C. Private
  D. Confidential
  B. Non-Pll

  ---

  Non-PII stands for non-personally identifiable information, which is any data that does not directly identify a specific individual. Non-PII can include information such as job title, business phone number, location, first initial with last name, and race. Non-PII can be used for various purposes, such as statistical analysis, marketing, or research. However, non-PII may still pose some privacy risks if it is combined or linked with other data that can reveal an individual's identity. References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.investopedia.com/terms/n/non-personally-identifiable-information- npii.asp

• Question 329:

  A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?

  A. Role-based
  B. Need-to-know
  C. Mandatory
  D. Discretionary
  A. Role-based

  ---

  Explanation Explanation/Reference:

• Question 330:

  A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

  A. Data owner
  B. Data processor
  C. Data steward
  D. Data collector
  D. Data collector

  ---

  A data collector is a person or entity that collects personal data from individuals for a specific purpose. A data collector may or may not be the same as the data controller or the data processor, depending on who determines the purpose and means of processing the data and who actually processes the data.