CompTIA Security+ Certification Exam SY0-601
Version- 7.0 |301 actual exam Questions & Answers|
A file-based representation of the state of a virtual machine at a given point in time is
called: - ANSWER Snapshot
The term "VM sprawl" is used to describe a situation in which large number of
deployed virtual machines lack proper administrative controls. - ANSWER TRUE
The term "VM escape" refers to the process of breaking out of the boundaries of a
guest operating system installation to access the primary hypervisor controlling all
the virtual machines on the host machine. - ANSWER TRUE
Which of the following security measures can be used to prevent VM sprawl? (Select
2 answers) - ANSWER - Usage audit
- Asset documentation
What are the countermeasures against VM escape? (Select 2 answers) - ANSWER
- Sandboxing
- Patch management
Which of the following terms refers to the concept of virtualization on an application
level? - ANSWER Containerization
What type of backups are commonly used with virtual machines? - ANSWER
Snapshot backups
In cloud computing, users on an on-premises network take advantage of a transit
gateway to connect to: - ANSWER VPC
Which of the following statements can be used to describe the disadvantages of
virtualization? (Select 2 answers) - ANSWER - Multiple virtual machines that are run
on a single host share hardware resources which has a degrading effect on
performance
- Hardware used for hosting virtual machines becomes a single point of failure
Which of the following answers refers to a cloud computing service model in which
clients, instead of buying all the hardware and software, purchase computing
resources as an outsourced service from suppliers who own and maintain all the
necessary equipment and software? - ANSWER IaaS (Infrastructure as a Service)
Which cloud service model would provide the best solution for a web developer
intending to create a web app? - ANSWER PaaS (Platform as a Service)
A cloud computing service model offering remote access to applications based on
monthly or annual subscription fee is called: - ANSWER SaaS (Software as a
Service)
, What is the name of a cloud computing deployment model in which the cloud
infrastructure is provisioned for open use by the general public? - ANSWER Public
cloud
A cloud deployment model consisting of two or more interlinked cloud infrastructures
(private, community, or public) is referred to as a hybrid cloud. - ANSWER TRUE
The term "Fog computing" refers to a local network infrastructure between IoT
devices and the cloud designed to speed up data transmission and processing. -
ANSWER TRUE
Which of the following answers refers to a security policy enforcement software tool
or service placed between cloud service users and cloud applications? - ANSWER
CASB (Cloud access security broker)
Which of the following answers refers to a nonprofit organization promoting best
practices related to cloud computing environments? - ANSWER CSA (Cloud
Security Alliance)
Which of the following answers refers to a cybersecurity control framework for cloud
computing? - ANSWER CCM (Cloud Controls Matrix)
A social engineering technique whereby attackers under disguise of a legitimate
request attempt to gain access to confidential information is commonly referred to
as: - ANSWER Phishing
Which of the following answers refer to smishing? (Select 2 answers) - ANSWER -
Social engineering technique
- Text messaging
The practice of using a telephone system to manipulate user into disclosing
confidential information is known as: - ANSWER Vishing
Which of the following terms is commonly used to describe an unsolicited advertising
message? - ANSWER Spam
What type of spam relies on text-based communication? - ANSWER SPIM
Phishing scams targeting a specific group of people are referred to as: - ANSWER
Spear phishing
In computer security, the term "Dumpster diving" is used to describe a practice of
sifting through trash for discarded documents containing sensitive data. Found
documents containing names and surnames of the employees along with the
information about positions held in the company and other data can be used to
facilitate social engineering attacks. Having the documents shredded or incinerated
before disposal makes dumpster diving less effective and mitigates the risk of social
engineering attacks. - ANSWER TRUE
Version- 7.0 |301 actual exam Questions & Answers|
A file-based representation of the state of a virtual machine at a given point in time is
called: - ANSWER Snapshot
The term "VM sprawl" is used to describe a situation in which large number of
deployed virtual machines lack proper administrative controls. - ANSWER TRUE
The term "VM escape" refers to the process of breaking out of the boundaries of a
guest operating system installation to access the primary hypervisor controlling all
the virtual machines on the host machine. - ANSWER TRUE
Which of the following security measures can be used to prevent VM sprawl? (Select
2 answers) - ANSWER - Usage audit
- Asset documentation
What are the countermeasures against VM escape? (Select 2 answers) - ANSWER
- Sandboxing
- Patch management
Which of the following terms refers to the concept of virtualization on an application
level? - ANSWER Containerization
What type of backups are commonly used with virtual machines? - ANSWER
Snapshot backups
In cloud computing, users on an on-premises network take advantage of a transit
gateway to connect to: - ANSWER VPC
Which of the following statements can be used to describe the disadvantages of
virtualization? (Select 2 answers) - ANSWER - Multiple virtual machines that are run
on a single host share hardware resources which has a degrading effect on
performance
- Hardware used for hosting virtual machines becomes a single point of failure
Which of the following answers refers to a cloud computing service model in which
clients, instead of buying all the hardware and software, purchase computing
resources as an outsourced service from suppliers who own and maintain all the
necessary equipment and software? - ANSWER IaaS (Infrastructure as a Service)
Which cloud service model would provide the best solution for a web developer
intending to create a web app? - ANSWER PaaS (Platform as a Service)
A cloud computing service model offering remote access to applications based on
monthly or annual subscription fee is called: - ANSWER SaaS (Software as a
Service)
, What is the name of a cloud computing deployment model in which the cloud
infrastructure is provisioned for open use by the general public? - ANSWER Public
cloud
A cloud deployment model consisting of two or more interlinked cloud infrastructures
(private, community, or public) is referred to as a hybrid cloud. - ANSWER TRUE
The term "Fog computing" refers to a local network infrastructure between IoT
devices and the cloud designed to speed up data transmission and processing. -
ANSWER TRUE
Which of the following answers refers to a security policy enforcement software tool
or service placed between cloud service users and cloud applications? - ANSWER
CASB (Cloud access security broker)
Which of the following answers refers to a nonprofit organization promoting best
practices related to cloud computing environments? - ANSWER CSA (Cloud
Security Alliance)
Which of the following answers refers to a cybersecurity control framework for cloud
computing? - ANSWER CCM (Cloud Controls Matrix)
A social engineering technique whereby attackers under disguise of a legitimate
request attempt to gain access to confidential information is commonly referred to
as: - ANSWER Phishing
Which of the following answers refer to smishing? (Select 2 answers) - ANSWER -
Social engineering technique
- Text messaging
The practice of using a telephone system to manipulate user into disclosing
confidential information is known as: - ANSWER Vishing
Which of the following terms is commonly used to describe an unsolicited advertising
message? - ANSWER Spam
What type of spam relies on text-based communication? - ANSWER SPIM
Phishing scams targeting a specific group of people are referred to as: - ANSWER
Spear phishing
In computer security, the term "Dumpster diving" is used to describe a practice of
sifting through trash for discarded documents containing sensitive data. Found
documents containing names and surnames of the employees along with the
information about positions held in the company and other data can be used to
facilitate social engineering attacks. Having the documents shredded or incinerated
before disposal makes dumpster diving less effective and mitigates the risk of social
engineering attacks. - ANSWER TRUE
