100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CompTIA Security+ SYO-601 Exam Questions and Verified Answers 2023. $12.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. CompTIA Security + SYO 601
  4.  
  5. CompTIA Security + SYO 601

Exam (elaborations)

CompTIA Security+ SYO-601 Exam Questions and Verified Answers 2023.
 30 views  0 purchase
  • Course
  • CompTIA Security + SYO 601
  • Institution
  • CompTIA Security + SYO 601

CompTIA Security+ SYO-601 Exam Questions and Verified Answers 2023.

Preview 4 out of 43  pages

Document information

  • October 4, 2023
  • 43
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers

Subjects

  • comptia security syo 601 exam

Written for

  • CompTIA Security + SYO 601
  • CompTIA Security + SYO 601

Seller

avatar-seller
AIMHigher

Reviews received

Content preview

1 CompTIA Security + SYO -601 Exam Questions and Verified Answers 2023 1.A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities. Which of the following would BEST meet this need? A. CVE B. SIEM C. SOAR D. CVSS Answer: D Explanation: The Common Vulnerability Scoring System (CVSS) is a system widely used in vulnerability management programs. CVSS indicates the severity of an information security vulnerability, and is an integral component of many vulnerability scanning tools. 2. Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident? A. MOU B. MTTR C. SLA D. NDA Answer: C Explanation: Service level agreement (SLA). An SLA is an agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels. 3. Which of the following describes the BEST approach for deploying application patches? A. Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems. B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems C. Test the patches m a test environment apply them to the production systems and then apply them to a staging environment D. Apply the patches to the production systems apply them in a staging environment, and then test all of them in a testing environment Answer: A 4. An organization that is located in a flood zone is MOST likely to document the 2 concerns associated with the restoration of IT operation in a: A. business continuity plan B. communications plan. C. disaster recovery plan. D. continuity of operations plan Answer: C 5. An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high -definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine -learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.) A. Voice B. Gait C. Vein D. Facial E. Retina F. Fingerprint Answer: B,D 6. Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations? A. Least privilege B. Awareness training C. Separation of duties D. Mandatory vacation Answer: C Explanation: Separation of duties - is a means of establishing checks and balances against the possibility that critical system or procedures can be compromised by insider threats. Duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers. 7.A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review? A. Vulnerability feeds 3 B. Trusted automated exchange of indicator information C. Structured threat information expression D. Industry information -sharing and collaboration groups Answer: D 8.A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement? A. Discretionary B. Rule-based C. Role-based D. Mandatory Answer: D 9.Which of the following describes the ability of code to target a hypervisor from inside A. Fog computing B. VM escape C. Software -defined networking D. Image forgery E. Container breakout Answer: B Explanation: Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. https://whatis.techtarget.com/definition/virtual -machine - escape#:~:text=Virtual machine escape is an,VMs) running on t hat host. 10.A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social -engineering techniques was used in this case? A. SPIM B. Vishing C. Spear phishing D. Smishing Answer: D 11.A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate -owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture 4 while also protecting the company’s data? A. Containerization B. Geofencing C. Full-disk encryption D. Remote wipe Answer: A Explanation: https://www.hexnode.com/blogs/what -is-containerization -and-why-is-it-important -for- your-business/ 12. Which of the following BEST explains the difference between a data owner and a data custodian? A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data Answer: B Explanation: Data Owner - the administrator/CEO/board/president of a company Data custodian - the ones taking care of the actual data - like IT staff (generally) or HR staff (for HR - related data) https://security.stackexchange.com/questions/218049/what -is-the- difference -between -data-owner -data-custodian -and-system -owner https://www.nicola askham.com/blog/2019/4/12/whats -the-difference -between -data-owners -and-data- custodians 13.HOTSPOT Select the appropriate attack and remediation from each drop -down list to label the corresponding attack with its remediation. INSTRUCTIONS Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller AIMHigher. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

76658 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart