CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 321:

  A social media company based in North Amenca is looking to expand into new global markets and needs to maintain compliance with international standards With which of the following is the company's data protection officer MOST likely concerned''

  A. NIST Framework

  B. ISO 27001

  C. GDPR

  D. PCI-DSS

  Correct Answer: B

  ISO 27001 is an international standard and companies servicing global will want to be certified to stay competitive. Although, GDPR is a law and not a standard, it is still a concern when serving EU customers. In addition, ISO 27001 talks about complying with laws and regulations for those in scope of a company's ISMS, which may very well include GDPR, among others.

• Question 322:

  Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts.

  Which of the following would mitigate the issue?

  A. Complexity requirements

  B. Password history

  C. Acceptable use policy

  D. Shared accounts

  Correct Answer: B

  Password reuse is an important concern in any organization. Many users want to reuse the same password for their account over a long period of time.

• Question 323:

  Which biometric error would allow an unauthorized user to access a system?

  A. False acceptance

  B. False entrance

  C. False rejection

  D. False denial

  Correct Answer: A

  False Acceptance - There are only two metrics that are used to determine the performance of biometrics: FAR (False Acceptance Rate) and FRR (False Rejection Rate). False Acceptance Rate is a metric for biometric performance that determines the number of instances where unauthorized persons were incorrectly authorized. For this question, a biometric error would mean that someone was authorized when they weren't supposed to be authorized.

• Question 324:

  Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

  A. The business continuity plan

  B. The retention policy

  C. The disaster recovery plan

  D. The incident response plan

  Correct Answer: A

  BCP is to empower an organization to keep crucial functions running during downtime. This, in turn, helps the organization respond quickly to an interruption, while creating resilient operational protocols.

• Question 325:

  A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials Which of the following controls was being violated?

  A. Password complexity

  B. Password history

  C. Password reuse

  D. Password length

  Correct Answer: A

• Question 326:

  The Chief Information Secunty Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

  A. Lessons learned

  B. Preparation

  C. Detection

  D. Containment

  E. Root cause analysis

  Correct Answer: A

  Lessons learned is the final step in the incident response where the organization reviews their incident response and prepare for a future attack. This is where you understand how/why an incident occurred, identify any weaknesses in your

  organization's practices, any positive elements or practices that went well, and things that could be done to prepare for a future incident.

  =========================

  Incident Response - A set of instructions or procedures an IT staff follows to detect, respond to, recover and recover from a security incident.

  Phases in the Incident Response Plan

  1.

  Preparation: The organization plans out how they will respond to attack, this can involve:

  2.

  Identification: Detecting and determining whether an incident has occurred.

  3.

  Containment: Once a threat has been identified, the organization must limit or prevent any further damage.

  4.

  Eradication: The removal of the threat

  5.

  Recovery: Restoring systems affected by the incident

  6.

  Lessons Learned: Where the organization reviews their incident response and prepare for a future attack

• Question 327:

  Business partners are working on a secunty mechanism lo validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign encrypt, and decrypt transaction files.

  Which of the following is the BEST solution to adopt?

  A. PKI

  B. Blockchain

  C. SAML

  D. OAuth

  Correct Answer: A

  Ref the following: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786417(v=ws.11)

• Question 328:

  An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security For this reason which of the following features should the security team prioritize FIRST?

  A. Low FAR

  B. Low efficacy

  C. Low FRR

  D. Low CER

  Correct Answer: C

  FAR (False Acceptance Rate)

  FRR (False Rejection Rate)

  CER (Crossover Error Rate) AKA ERR (Equal Error Rate)

  since he is willing to sacrifice Security for Customer Service, Best way to understand this is.

  FAR has to go up in order for FRR to go down.

  typical business practice is in the middle of both which would be near the CER.

• Question 329:

  Which of the following actions would be recommended to improve an incident response process?

  A. Train the team to identify the difference between events and incidents

  B. Modify access so the IT team has full access to the compromised assets

  C. Contact the authorities if a cybercrime is suspected

  D. Restrict communication surrounding the response to the IT team

  Correct Answer: A

  The Preparation (initial phase) involves correct data events are being logged, the reporting of potential incidents is happening and personnel training. Nothing in B, C and D is referring to that.

• Question 330:

  A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department Which of the following account types Is MOST appropriate for this purpose?

  A. Service

  B. Shared

  C. eneric

  D. Admin

  Correct Answer: A

  The study guide explicitly states that generic accounts are for many different individuals doing the same work whereas a service account is explicitly for a application/service to run its work.