CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 481:

  A software developer would like to ensure the source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

  A. Version control
  B. Obfuscation toolkit
  C. Code reuse
  D. Continuous integration
  E. Stored procedures
  B. Obfuscation toolkit

• Question 482:

  A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would best prevent email contents from being released should another breach occur?

  A. Implement S/MIME to encrypt the emails at rest.
  B. Enable full disk encryption on the mail servers.
  C. Use digital certificates when accessing email via the web.
  D. Configure web traffic to only use TLS-enabled channels.
  A. Implement S/MIME to encrypt the emails at rest.

  ---

  S/MIME (Secure/Multipurpose Internet Mail Extensions) is a technology that provides end-to-end encryption for email messages. When S/MIME is implemented, email messages are encrypted while at rest on the email server, making it difficult for an attacker to access the content even if they gain unauthorized access to the mail servers. Therefore, implementing S/MIME to encrypt the emails at rest would be the best option to prevent email contents from being released in case of another breach.

• Question 483:

  Which of the following types of controls is a CCTV camera that is not being monitored?

  A. Detective
  B. Deterrent
  C. Physical
  D. Preventive
  B. Deterrent

  ---

  Security Guards and Cameras in Lesson 21: Explaining Physical Security | Topic 21A.. "CCTV (closed circuit television) is a cheaper means of providing surveillance than maintaining separate guards at each gateway or zone, though still not cheap to set up if the infrastructure is not already in place on the premises. It is also quite an effective deterrent." and the "Review Activity: Physical Site Security Controls" 1. What physical site security controls act as deterrents? Lighting is one of the most effective deterrents. Any highly visible security control (guards, fences, dogs, barricades, CCTV, signage, and so on) will act as a deterrent

• Question 484:

  A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

  A. .pfx
  B. .csr
  C. .pvk
  D. .cer
  D. .cer

• Question 485:

  The following IP information was provided to internal auditors to help assess organizational security:

  

  Which of the following tools would most likely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.)

  A. ipconfig
  B. ping
  C. chmod
  D. netstat
  E. traceroute
  F. route
  D. netstat
  E. traceroute

• Question 486:

  A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

  A. Subject alternative name
  B. Wildcard
  C. Self-signed
  D. Domain validation
  B. Wildcard

  ---

  Explanation Explanation/Reference:Wildcard SSL certificates are for a single domain and all its subdomains. A subdomain is under the umbrella of the main domain. Usually subdomains will have an address that begins with something other than 'www.' For example, www.cloudflare.com has a number of subdomains, including blog.cloudflare.com, support.cloudflare.com, and developers.cloudflare.com. Each is a subdomain under the main cloudflare.com domain. Wildcard SSL Certificate A single Wildcard SSL certificate can apply to all of these subdomains. Any subdomain will be listed in the SSL certificate. Users can see a list of subdomains covered by a particular certificate by clicking on the padlock in the URL bar of their browser, then clicking on "Certificate" (in Chrome) to view the certificate's details. https://www.cloudflare.com/learning/ssl/types-of-ssl-certificates/

• Question 487:

  Which of the following ISO standards is certified for privacy?

  A. ISO 9001
  B. ISO 27002
  C. ISO 27701
  D. ISO 31000
  C. ISO 27701

  ---

  ISO 27701 also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems. https://pecb.com/whitepaper/the-future-of-privacy-with-isoiec-27701

• Question 488:

  A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

  A. Proxy server
  B. NGFW
  C. WAF
  D. Jump server
  D. Jump server

  ---

  A jump server, also known as a jump host or jump box. The most common example is managing a host in a DMZ from trusted networks or computers. A jump server acts as a buffer for a network of multiple devices and keeps outside traffic from sensitive information. Its primary function is to prevent a malicious hacker from accessing your data and make your network less prone to self-propagating spyware. Jump servers are installed in such a way that they are placed between a secure zone and a DMZ to provide transparent management on devices on the DMZ. Jump servers are often used in organizations with private networks to enable secure access to assets and user workstations.

• Question 489:

  Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

  A. Data encryption
  B. Data masking
  C. Anonymization
  D. Tokenization
  B. Data masking

  ---

  Explanation Explanation/Reference:Tokenization means that all or part of data in a field is replaced with a randomly generated token. The token is stored with the original value on a token server or token vault, separate to the production database. An authorized query or app can retrieve the original value from the vault, if necessary, so tokenization is a reversible technique. Tokenization is used as a substitute for encryption, because from a regulatory perspective an encrypted field is the same value as the original data.

• Question 490:

  An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of?

  A. Pretexting
  B. Impersonation
  C. Ransomware
  D. Invoice scam
  D. Invoice scam