CompTIA SY0-601 Online Practice Questions and Exam Preparation

CompTIA SY0-601 Online Questions & Answers

• Question 81:

  After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

  A. Risk acceptance
  B. Risk avoidance
  C. Risk transference
  D. Risk mitigation
  C. Risk transference

  ---

  whenever risk management is outsourced the risk is said to be transfered

• Question 82:

  Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?

  A. Cameras
  B. Faraday cage
  C. Access control vestibule
  D. Sensors
  E. Guards
  C. Access control vestibule

• Question 83:

  A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

  A. Encryption at rest
  B. Masking
  C. Data classification
  D. Permission restrictions
  A. Encryption at rest

• Question 84:

  A bakery has a secret recipe that it wants to protect. Which of the following objectives should be added to the company's security awareness training?

  A. Insider threat detection
  B. Risk analysis
  C. Phishing awareness
  D. Business continuity planning
  A. Insider threat detection

  ---

  The objective that should be added to the company's security awareness training is insider threat detection. Insider threats refer to potential security risks posed by employees, contractors, or anyone with legitimate access to the organization's sensitive information or assets. In this scenario, the bakery wants to protect its secret recipe, and it is crucial to educate employees about the risks of unauthorized disclosure or theft of sensitive information by individuals within the organization. By raising awareness about insider threats, employees can better understand the importance of safeguarding the company's intellectual property and take appropriate measures to prevent unauthorized access or disclosure.

• Question 85:

  Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

  A. Shared deployment of CIS baselines
  B. Joint cybersecurity best practices
  C. Both companies following the same CSF
  D. Assessment of controls in a vulnerability report
  C. Both companies following the same CSF

• Question 86:

  An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?

  A. SSO
  B. CHAP
  C. 802.1x
  D. OpenID
  D. OpenID

  ---

  It's using sign-in credentials from OTHER popular websites. An example of this would be logging into CompTIA using a google/gmail account. OpenID uses SSO. However, SSO is more broad and I feel OpenID perfectly fits this scenario.

• Question 87:

  The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner. Which of the following configurations would be BEST to fulfil this requirement?

  A. NAC
  B. ACL
  C. WAF
  D. NAT
  B. ACL

• Question 88:

  The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

  A. data controller.
  B. data owner
  C. data custodian.
  D. data processor
  C. data custodian.

  ---

  From the official CompTIA Security+ Study Guide glossary: data custodian - An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.

• Question 89:

  An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

  A. a push notification
  B. a password
  C. an SMS message
  D. an authentication application
  A. a push notification

• Question 90:

  A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

  A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls.
  B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.
  C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
  D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
  C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

  ---

  A. incorrect, there cannot be a "common" configuration profile applied to different vendor devices, each device vendor will need a different profile configured for it. B. incorrect, SCEP-based is the most common type of enrollment, if this were true, all MDM certificates would unnecessarily be exposed. C. correct, the compensating control would be a baseline mdm profile for each vendor (IOS, Android, Samsung, etc.) D. incorrect, MDMs do in fact support heterogeneous deployments, minimum most MDM's will support IOS and Android. Device enrollment with Intune https://docs.microsoft.com/en-us/mem/intune/user-help/use-managed-devices-to-get-work-done SCEP Information https://docs.microsoft.com/en-us/mem/intune/protect/certificates-configure