SY0-601 CompTIA Exam Questions and Free Practice Test

Question 73

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

A. PCI DSS

B. GDPR

C. NIST

D. ISO 31000

Correct Answer:B

Question 74

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

A. Security information and event management

B. A web application firewall

C. A vulnerability scanner

D. A next-generation firewall

Correct Answer:A

Question 75

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

A. Corrective

B. Physical

C. Detective

D. Administrative

Correct Answer:C

Question 76

A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).

A. Something you know

B. Something you have

C. Somewhere you are

D. Someone you are

E. Something you are

F. Something you can do

Correct Answer:BE

Question 77

Which of the following BEST explains the difference between a data owner and a data custodian?

A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

B. The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

C. The data owner is responsible for controlling the data, while the data custodian is responsible for maintaining the chain of custody when handling the data

D. The data owner grants the technical permissions for data access, while the data custodian maintains the database access controls to the data

Correct Answer:B

Question 78

Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers'
accounts. Which of the following should be implemented to prevent similar situations in the future?

A. Ensure input validation is in place to prevent the use of invalid characters and values.

B. Calculate all possible values to be added together and ensure the use of the proper integer in the code.

C. Configure the web application firewall to look for and block session replay attacks.

D. Make sure transactions that are submitted within very short time periods are prevented from being processed.

Correct Answer:A

START SY0-601 EXAM