SY0-601 Online Practice Questions and Answers

Correct Answer: B

A is wrong, Newly installed 4k cameras or newly installed potato camera's makes no difference. All cameras solutions inevitably lead to deadspots. This is common knowledge so wouldn't cause the MOST concern. B is right particularly

because they are "Internet Accesible", and a 4K camera. So the most concerning thing is that these cameras are accesible to those who are not authorized for it.

C Physical security will not prevent theft of the cameras, but their theft is an acceptable risk.

D A CISO isn't bothered by the excessive space of the HQ video files. That is someone elses job to worry about.

Correct Answer: A

1) Data breach -> password leak 2) Reset -> new password 3) User's reuse password for 1) -> account easily compromised

A password resue policy would mean that you cannot use the same or previously used password. This is also the most common option you see whenever there is a big data leak that was done.

Correct Answer: A

First the executive is in a pretty high position to be a threat at all. Because an insider threat for me is someone with intention to harm the company. Second, by uploading an controversial article isn't going to harm the company directly.

Correct Answer: A

"A" should be the right exam answer. In the real world, you might have to be a bit more picky which logs to choose, as you have limitations like EPS based licenses for your SIEM or limited hardware resources, so it not always the best solution to feed everything to your SIEM.

Correct Answer: B

Security Guards and Cameras in Lesson 21: Explaining Physical Security | Topic 21A.. "CCTV (closed circuit television) is a cheaper means of providing surveillance than maintaining separate guards at each gateway or zone, though still not cheap to set up if the infrastructure is not already in place on the premises. It is also quite an effective deterrent." and the "Review Activity: Physical Site Security Controls" 1. What physical site security controls act as deterrents? Lighting is one of the most effective deterrents. Any highly visible security control (guards, fences, dogs, barricades, CCTV, signage, and so on) will act as a deterrent

Correct Answer: A

The package contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).

Correct Answer: C

CASB is a security solution that provides visibility and control over the use of cloud services by employees within an organization. It helps enforce security policies and ensures that access to internet services is restricted to authorized users only. CASB allows the organization to define granular policies based on users, devices, locations, and activities, enabling them to control the actions each user can perform on each cloud service. By deploying CASB, the analyst can gain better visibility into data usage and potential data leaks, and apply security policies to prevent unauthorized access and actions on internet services. This can help protect sensitive data and mitigate the risks associated with the use of cloud services within the organization.

Correct Answer: B

Before connecting security devices to the network, it is crucial to address default settings first. Manufacturers often ship devices with default settings that include default usernames, passwords, and configurations. These settings are widely known and can be easily exploited by attackers. Changing default settings helps to secure the device and prevent unauthorized access. Reference: CompTIA Security+ SY0-501 Exam Objectives, Section 3.2: "Given a scenario, implement secure systems design." (https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf)

Correct Answer: A

Their assessment indicates a lower tolerance for risk in terms of cybersecurity. They recognize that the allocated time isn't adequate to ensure proper cybersecurity measures, suggesting a reluctance to proceed without sufficient assurance of security. This aligns more closely with the concept of risk tolerance, indicating their unwillingness to take on the associated risks due to time constraints.

Correct Answer: B

Dead code refers to portions of a program's source code that are never executed during the program's runtime. In this strategy, features that are deactivated but still present in the code are effectively dead code. They are not actively used or executed, yet they remain in the codebase.