CompTIA Security+ Certification Exam SY0-601
Vendor: CompTIA
Exam Code: SY0-601
Exam Name: CompTIA Security+ Certification Exam
New Updated Questions from Braindump2go
QUESTION 686
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the
security policy, all web-server ports except 443 should be disabled.
Which of the following can be used to accomplish this task?
A. Application allow list
B. SWG
C. Host-based firewall
D. VPN
Answer: B
QUESTION 687
A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the
following would BEST allow the company to meet this requirement?
A. laaS
B. PasS
C. MaaS
D. SaaS
Answer: B
QUESTION 688
Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent
transactions?
A. Recovery
B. Deterrent
C. Corrective
D. Detective
Answer: D
QUESTION 689
The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data
at rest only in certain fields in the database schema.
The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs.
, Which of the following is the BEST solution to meet the requirement?
A. Tokenization
B. Masking
C. Full disk encryption
D. Mirroring
Answer: B
QUESTION 690
A SOC operator is analyzing a log file that contains the following entries:
A. SQL injection and improper input-handling attempts
B. Cross-site scripting and resource exhaustion attempts
C. Command injection and directory traversal attempts
D. Error handling and privilege escalation attempts
Answer: C
QUESTION 691
Which of the following actions would be recommended to improve an incident response process?
A. Train the team to identify the difference between events and incidents
B. Modify access so the IT team has full access to the compromised assets
C. Contact the authorities if a cybercrime is suspected
D. Restrict communication surrounding the response to the IT team
Answer: A
QUESTION 692
An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users
will be allowed to use their personal computers or they will be provided organization assets. Either way no data or applications
will be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals?
A. VDI
B. MDM
C. COPE
D. UTM
Answer: A
QUESTION 693
The Chief Information Security Officer directed a nsk reduction in shadow IT and created a policy requiring all unsanctioned high-
nsk SaaS applications to be blocked from user access.
Which of the following is the BEST security solution to reduce this risk?
A. CASB
B. VPN concentrator
C. MFA
Vendor: CompTIA
Exam Code: SY0-601
Exam Name: CompTIA Security+ Certification Exam
New Updated Questions from Braindump2go
QUESTION 686
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the
security policy, all web-server ports except 443 should be disabled.
Which of the following can be used to accomplish this task?
A. Application allow list
B. SWG
C. Host-based firewall
D. VPN
Answer: B
QUESTION 687
A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the
following would BEST allow the company to meet this requirement?
A. laaS
B. PasS
C. MaaS
D. SaaS
Answer: B
QUESTION 688
Which of the following control Types would be BEST to use in an accounting department to reduce losses from fraudulent
transactions?
A. Recovery
B. Deterrent
C. Corrective
D. Detective
Answer: D
QUESTION 689
The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data
at rest only in certain fields in the database schema.
The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs.
, Which of the following is the BEST solution to meet the requirement?
A. Tokenization
B. Masking
C. Full disk encryption
D. Mirroring
Answer: B
QUESTION 690
A SOC operator is analyzing a log file that contains the following entries:
A. SQL injection and improper input-handling attempts
B. Cross-site scripting and resource exhaustion attempts
C. Command injection and directory traversal attempts
D. Error handling and privilege escalation attempts
Answer: C
QUESTION 691
Which of the following actions would be recommended to improve an incident response process?
A. Train the team to identify the difference between events and incidents
B. Modify access so the IT team has full access to the compromised assets
C. Contact the authorities if a cybercrime is suspected
D. Restrict communication surrounding the response to the IT team
Answer: A
QUESTION 692
An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users
will be allowed to use their personal computers or they will be provided organization assets. Either way no data or applications
will be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals?
A. VDI
B. MDM
C. COPE
D. UTM
Answer: A
QUESTION 693
The Chief Information Security Officer directed a nsk reduction in shadow IT and created a policy requiring all unsanctioned high-
nsk SaaS applications to be blocked from user access.
Which of the following is the BEST security solution to reduce this risk?
A. CASB
B. VPN concentrator
C. MFA
