SY0-601: CompTIA Security Certification Exam Questions and Answers

SY0-601: CompTIA Security Certification Exam Questions and Answers 01. Which of the following disaster recovery sites would require the MOST time to get operations back online? a) Colocation b) Cold c) Hot d) Warm Correct answer- b) Cold 02. A Chief Financial Officer (CFO) has been receiving email messages that have suspicious links embedded from unrecognized senders. The emails ask the recipient for identity verification. The IT department has not received reports of this happening to anyone else. Which of the following is the MOST likely explanation for this behavior? a) The CFO is the target of a whaling attack. b) The CFO is the target of identity fraud. c) The CFO is receiving spam that got past the mail filters. d) The CFO is experiencing an impersonation attack. Correct answer- a) The CFO is the target of a whaling attack. 03. Why do vendors provide MD5 values for their software patches? a) To provide the necessary key for patch activation b) To allow the downloader to verify the authenticity of the site providing the patch c) To ensure that auto-updates are enabled for subsequent patch releases d) To allow the recipient to verify the integrity of the patch prior to installation Correct answer- d) To allow the recipient to verify the integrity of the patch prior to installation 04. The IT department receives a call one morning about users being unable to access files on the network shared drives. An IT technician investigates and determines the files became encrypted at 12:00 a.m. While the files are being recovered from backups, one of the IT supervisors realizes the day is the birthday of a technician who was fired two months prior. Which of the following describes what MOST likely occurred? a) The fired technician placed a logic bomb. b) The fired technician installed a rootkit on all the affected users' computers. c) The fired technician installed ransomware on the file server. d) The fired technician left a network worm on an old work computer. Correct answer- a) The fired technician placed a logic bomb. 05. You have been asked to provide a virtualized environment. Which of the following makes it possible for many instances of an operating system to be run on the same machine? a) API b) Virtual machine c) Hypervisor d) Container Correct answer- c) Hypervisor To get preparation tips for CompTIA SY0-601 Exam: Correct answer- Click Here: 06. Which of the following would be the BEST method to prevent the physical theft of staff laptops at an open-plan bank location with a high volume of customers each day? a) Guards at the door b) Cable locks c) Visitor logs d) Cameras Correct answer- b) Cable locks 07. What is the term given to a framework or model outlining the phases of attack to help security personnel defend their systems and respond to attacks? a) Command and control b) Intrusion kill chain c) Cyber-incident response d) CIRT Correct answer- b) Intrusion kill chain 08. A security manager needed to protect a high-security datacenter, so the manager installed an access control vestibule that can detect an employee's heartbeat, weight, and badge. Which of the following did the security manager implement? a) A physical control b) A corrective control c) A compensating control d) A managerial control Correct answer- a) A physical control 09. Joe, an employee, knows he is going to be fired in three days. Which of the following characterizations describes the employee? a) An insider threat b) A competitor c) A hacktivist d) A state actor Correct answer- a) An insider threat 10. An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following describes this policy? a) Change management b) Job rotation c) Separation of duties d) Least privilege Correct answer- c) Separation of duties