CompTIA Security+ Certification Exam SY0-601
Version- 7.0 |301 actual exam Questions & Answers|
The local administrator account for a company's VPN appliance was unexpectedly
used to log in to the remote management interface. Which of the following would
have most likely prevented this from happening? - ANSWER B. Changing the
default password
An organization is building a single virtual environment that will host customer
applications and data that require availability at all times. The data center that is
hosting the environment will provide generator power and ISP services. Which of the
following is the best solution to support the organization's requirement? - ANSWER
UPS
Which of the following must be considered when designing a high-availability
network? (Choose two). - ANSWER Attack Surface and Ease of Recovery
Which of the following methods to secure credit card data is best to use when a
requirement is to see only the last four numbers on a credit card? - ANSWER
Masking
A technician needs to apply a high-priority patch to a production system. Which of
the following steps should be taken first? - ANSWER Create a change control
request
A systems administrator is looking for a low-cost application-hosting solution that is
cloudbased. Which of the following meets these requirements? - ANSWER
Serverless framework
Which of the following describes the process of concealing code or text inside a
graphical image? - ANSWER . Steganography
A business received a small grant to migrate its infrastructure to an off-premises
solution. Which of the following should be considered first? - ANSWER . Security of
architecture
An organization is leveraging a VPN between its headquarters and a branch
location. Which of the following is the VPN protecting? - ANSWER Data in transit
While troubleshooting a firewall configuration, a technician determines that a "deny
any" policy should be added to the bottom of the ACL. The technician updates the
policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue? - ANSWER B. Testing the
policy in a non-production environment before enabling the policy in the production
network
, Which of the following are common VoIP-associated vulnerabilities? (Choose two). -
ANSWER SPIM and Vishing
An enterprise is trying to limit outbound DNS traffic originating from its internal
network. Outbound DNS requests will only be allowed from one device with the IP
address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
- ANSWER D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access
list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
A security architect at a large, multinational organization is concerned about the
complexities and overhead of managing multiple encryption keys securely in a
multicloud provider environment. The security architect is looking for a solution with
reduced latency to allow the incorporation of the organization's existing keys and to
maintain consistent, centralized control and management regardless of the data
location. Which of the following would best meet the architect's objectives? -
ANSWER HSMaaS
An organization wants a third-party vendor to do a penetration test that targets a
specific device. The organization has provided basic information about the device.
Which of the following best describes this kind of penetration test? - ANSWER A.
Partially known environment
Which of the following is the phase in the incident response process when a security
analyst reviews roles and responsibilities? - ANSWER Preparation
A company has decided to move its operations to the cloud. It wants to utilize
technology that will prevent users from downloading company applications for
personal use, restrict data that is uploaded, and have visibility into which applications
are being used across the company. Which of the following solutions will best meet
these requirements? - ANSWER CASB
A systems administrator wants to prevent users from being able to access data
based on their responsibilities.
The administrator also wants to apply the required access structure via a simplified
format. Which of the following should the administrator apply to the site recovery
resource group? - ANSWER RBAC
After a security incident, a systems administrator asks the company to buy a NAC
platform. Which of the following attack surfaces is the systems administrator trying to
protect? - ANSWER Wired
A security analyst needs to harden access to a network. One of the requirements is
to authenticate users with smart cards. Which of the following should the analyst
enable to best meet this requirement? - ANSWER D. EAP-TLS
Several employees received a fraudulent text message from someone claiming to be
the Chief Executive Officer (CEO). The message stated: "I'm in an airport right now
with no access to email. I need you to buy gift cards for employee recognition
awards. Please send the gift cards to following email address." Which of the
following are the best responses to this situation? (Choose two). - ANSWER Add a
Version- 7.0 |301 actual exam Questions & Answers|
The local administrator account for a company's VPN appliance was unexpectedly
used to log in to the remote management interface. Which of the following would
have most likely prevented this from happening? - ANSWER B. Changing the
default password
An organization is building a single virtual environment that will host customer
applications and data that require availability at all times. The data center that is
hosting the environment will provide generator power and ISP services. Which of the
following is the best solution to support the organization's requirement? - ANSWER
UPS
Which of the following must be considered when designing a high-availability
network? (Choose two). - ANSWER Attack Surface and Ease of Recovery
Which of the following methods to secure credit card data is best to use when a
requirement is to see only the last four numbers on a credit card? - ANSWER
Masking
A technician needs to apply a high-priority patch to a production system. Which of
the following steps should be taken first? - ANSWER Create a change control
request
A systems administrator is looking for a low-cost application-hosting solution that is
cloudbased. Which of the following meets these requirements? - ANSWER
Serverless framework
Which of the following describes the process of concealing code or text inside a
graphical image? - ANSWER . Steganography
A business received a small grant to migrate its infrastructure to an off-premises
solution. Which of the following should be considered first? - ANSWER . Security of
architecture
An organization is leveraging a VPN between its headquarters and a branch
location. Which of the following is the VPN protecting? - ANSWER Data in transit
While troubleshooting a firewall configuration, a technician determines that a "deny
any" policy should be added to the bottom of the ACL. The technician updates the
policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue? - ANSWER B. Testing the
policy in a non-production environment before enabling the policy in the production
network
, Which of the following are common VoIP-associated vulnerabilities? (Choose two). -
ANSWER SPIM and Vishing
An enterprise is trying to limit outbound DNS traffic originating from its internal
network. Outbound DNS requests will only be allowed from one device with the IP
address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
- ANSWER D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access
list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
A security architect at a large, multinational organization is concerned about the
complexities and overhead of managing multiple encryption keys securely in a
multicloud provider environment. The security architect is looking for a solution with
reduced latency to allow the incorporation of the organization's existing keys and to
maintain consistent, centralized control and management regardless of the data
location. Which of the following would best meet the architect's objectives? -
ANSWER HSMaaS
An organization wants a third-party vendor to do a penetration test that targets a
specific device. The organization has provided basic information about the device.
Which of the following best describes this kind of penetration test? - ANSWER A.
Partially known environment
Which of the following is the phase in the incident response process when a security
analyst reviews roles and responsibilities? - ANSWER Preparation
A company has decided to move its operations to the cloud. It wants to utilize
technology that will prevent users from downloading company applications for
personal use, restrict data that is uploaded, and have visibility into which applications
are being used across the company. Which of the following solutions will best meet
these requirements? - ANSWER CASB
A systems administrator wants to prevent users from being able to access data
based on their responsibilities.
The administrator also wants to apply the required access structure via a simplified
format. Which of the following should the administrator apply to the site recovery
resource group? - ANSWER RBAC
After a security incident, a systems administrator asks the company to buy a NAC
platform. Which of the following attack surfaces is the systems administrator trying to
protect? - ANSWER Wired
A security analyst needs to harden access to a network. One of the requirements is
to authenticate users with smart cards. Which of the following should the analyst
enable to best meet this requirement? - ANSWER D. EAP-TLS
Several employees received a fraudulent text message from someone claiming to be
the Chief Executive Officer (CEO). The message stated: "I'm in an airport right now
with no access to email. I need you to buy gift cards for employee recognition
awards. Please send the gift cards to following email address." Which of the
following are the best responses to this situation? (Choose two). - ANSWER Add a
