SY0-601 CompTIA Exam Questions and Free Practice Test

Question 25

Which of the following is the purpose of a risk register?

A. To define the level or risk using probability and likelihood

B. To register the risk with the required regulatory agencies

C. To identify the risk, the risk owner, and the risk measures

D. To formally log the type of risk mitigation strategy the organization is using

Correct Answer:C

Question 26

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?

A. OAuth

B. SSO

C. SAML

D. PAP

Correct Answer:C

Question 27

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective'? (Select TWO)

A. Load balancing

B. Incremental backups

C. UPS

D. RAID

E. Dual power supply

F. NIC teaming

Correct Answer:AD

Question 28

An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

A. The theft of portable electronic devices

B. Geotagging in the metadata of images

C. Bluesnarfing of mobile devices

D. Data exfiltration over a mobile hotspot

Correct Answer:D

Question 29

An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization?

A. Shadow IT

B. An insider threat

C. A hacktivist

D. An advanced persistent threat

Correct Answer:D

Question 30

A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls.

B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.

C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.

D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.

Correct Answer:C

START SY0-601 EXAM