CompTIA CompTIA Certifications SY0-601 Questions & Answers

• Question 381:

  Which of the following is an example of transference of risk?

  A. Purchasing insurance

  B. Patching vulnerable servers

  C. Retiring outdated applications

  D. Application owner risk sign-off

  Correct Answer: A

• Question 382:

  An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps Which of the following control types has the organization implemented?

  A. Compensating

  B. Corrective

  C. Preventive

  D. Detective

  Correct Answer: D

  The organization has implemented a detective control. A detective control is a security control that is used to detect security incidents or policy violations after they have occurred. In this case, the organization has implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. This is an example of a detective control, as it is designed to detect any deviations from the organization's secure configuration standards. Detective controls are typically used in conjunction with other types of controls, such as preventive controls, which are designed to prevent incidents from occurring, and corrective controls, which are used to correct any issues that are detected. Compensating controls are used to address risks that cannot be mitigated by other means.

• Question 383:

  A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter.

  Which of the following is the BEST solution to reduce the risk of data loss?

  A. Dual supply

  B. Generator

  C. UPS

  D. POU

  E. Daily backups

  Correct Answer: C

  The best solution to reduce the risk of data loss in this situation would be to use a UPS (uninterruptible power supply). A UPS is a device that provides a backup power source to critical systems and equipment in the event of a power outage or disruption. It works by providing a temporary power supply to the system using batteries, allowing the system to continue running until a permanent power source can be restored. This would be particularly useful in the case of brief power outages or brownouts, as it would allow the data centers to continue operating without experiencing any disruption or data loss. Other options, such as dual supply, generator, or point-of-use (POU) systems, may also be effective in certain situations, but a UPS is generally the most reliable and efficient option for protecting against power disruptions. Daily backups are important for protecting against data loss, but they alone may not be sufficient to prevent data loss in the event of a prolonged power outage or disruption.

• Question 384:

  A security analyst has identified malware spreading through the corporate network and has activated the CSIRT

  Which of the following should the analyst do NEXT?

  A. Review how the malware was introduced to the network

  B. Attempt to quarantine all infected hosts to limit further spread

  C. Create help desk tickets to get infected systems reimaged

  D. Update all endpoint antivirus solutions with the latest updates

  Correct Answer: B

  Phases in the Incident Response Plan

  1.

  Preparation: The organization plans out how they will respond to attack, this can involve:

  2.

  Identification: Detecting and determining whether an incident has occurred.

  3.

  Containment: Once a threat has been identified, the organization must limit or prevent any further damage. 4. Eradication: The removal of the threat

  5.

  Recovery: Restoring systems affected by the incident

  6.

  Lessons Learned: Where the organization reviews their incident response and prepare for a future attack

• Question 385:

  A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls

  Which of the following should be implemented to BEST address the CSO's concerns? {Select TWO)

  A. AWAF

  B. ACASB

  C. An NG-SWG

  D. Segmentation

  E. Encryption

  F. Containerization

  Correct Answer: BC

  NG-SWG -> NG SWG) is designed to address the key cloud and web security use cases encompassing granular policy controls, web filtering, threat protection, and data protection spanning managed and unmanaged apps, cloud services, and web traffic.

  CASB The CASB serves as a policy enforcement center, consolidating multiple types of security policy enforcement and applying them to everything your business utilizes in the cloud-regardless of what sort of device is attempting to access it, including unmanaged smartphones, IoT devices, or personal laptops.

• Question 386:

  Which of the following is a benefit of including a risk management framework into an organization's security approach?

  A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner

  B. It identifies specific vendor products that have been tested and approved for use in a secure environment.

  C. It provides legal assurances and remedies in the event a data breach occurs

  D. It incorporates control, development, policy, and management activities into IT operations.

  Correct Answer: D

  An effective risk management framework will prioritize understanding the risks that your business faces to take the necessary steps to protect your assets and your business

• Question 387:

  Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

  A. Intellectual property theft

  B. Elevated privileges

  C. Unknown backdoor

  D. Quality assurance

  Correct Answer: C

• Question 388:

  A company is implementing a DLP solution on the file server. The file server has Pll. financial information, and health information stored on it Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data

  Which of the following should the company do to help accomplish this goal?

  A. Classify the data

  B. Mask the data

  C. Assign an application owner

  D. Perform a risk analysis

  Correct Answer: A

  A. Classify the data - helps create different data types to apply different rules

  B. Mask the data - mask sensitive part of the data won't help distinguishing data

  C. Assign the application owner - not relevant

  D. Perform a risk analysis - does not distinguish different data

• Question 389:

  A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?

  A. SIEM correlation dashboards

  B. Firewall syslog event logs

  C. Network management solution login audit logs

  D. Bandwidth monitors and interface sensors

  Correct Answer: A

  SIEM could tell when the breach occurred in firewall AND in network management solution

• Question 390:

  A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an Iv1FA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

  A. Context-aware authentication

  B. Simultaneous authentication of equals

  C. Extensive authentication protocol D. Agentless network access control

  Correct Answer: A

  An access control scheme that verifies an object's identity based on various environmental factors, like time, location, and behavior.