Practice Free SY0-601 Exam Online Questions
A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network.
Which of the following will best assist with this investigation?
- A . Perform a vulnerability scan to identify the weak spots.
- B . Use a packet analyzer to investigate the NetFlow traffic.
- C . Check the SIEM to review the correlated logs.
- D . Require access to the routers to view current sessions
An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours.
Which of the following would the organization implement to mitigate this risk?
- A . Clean desk policy
- B . Background checks
- C . Non-disclosure agreements
- D . Social media analysis
A
Explanation:
A clean desk policy is a set of rules that require employees to clear their desks of any documents, papers, or devices that contain sensitive or confidential information when they leave their workstations. This policy helps to prevent unauthorized access, theft, or disclosure of proprietary information during facility tours or other situations where outsiders may visit the premises.
Which of the following best describes the process of adding a secret value to extend the length of stored passwords?
- A . Hashing
- B . Quantum communications
- C . Salting
- D . Perfect forward secrecy
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days.
Which of the following types of sites is the best for this scenario?
- A . Real-time recovery
- B . Hot
- C . Cold
- D . Warm
A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:
• Sensitive customer data must be safeguarded
• Documents from managed sources should not be opened in unmanaged destinations.
• Sharing of managed documents must be disabled,
• Employees should not be able to download emailed images to their devices.
• Personal photos and contact lists must be kept private.
• IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.
Which of the following are the best features to enable to meet these requirements? (Select two).
- A . Remote wipe
- B . VPN connection
- C . Biometric authentication
- D . Device location tracking
- E . Geofencing
- F . Application approve list
- G . Containerization
Which of the following supplies non-repudiation during a forensics investigation?
- A . Dumping volatile memory contents first
- B . Duplicating a drive with dd
- C . Using a SHA-2 signature of a drive image
- D . Logging everyone in contact with evidence
- E . Encrypting sensitive data
C
Explanation:
Using a SHA-2 signature of a drive image is a way to supply non-repudiation during a forensics investigation, as it can verify the integrity and authenticity of the data captured in the image. SHA-2 is a family of secure hash algorithms that can produce a unique and fixed-length digest of any input data. By hashing the drive image and comparing the signature with the original hash, the investigator can prove that the image has not been altered or tampered with since the time of acquisition. This can also help to identify the source of the data and prevent any denial from the suspect.
Reference:
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/managing-evidence/
https://www.skillsoft.com/course/comptia-security-incident-response-digital-forensics-supporting-investigations-f889a108-9721-4e2c-8e9e-b49b01295e48
An organization needs to implement more stringent controls over administrator/root credentials and service accounts.
Requirements for the project include:
* Check-in/checkout of credentials
* The ability to use but not know the password
* Automated password changes
* Logging of access to credentials
Which of the following solutions would meet the requirements?
- A . OAuth 2.0
- B . Secure Enclave
- C . A privileged access management system
- D . An OpenID Connect authentication system
C
Explanation:
A privileged access management (PAM) system is a solution that helps protect organizations against cyberthreats by monitoring, detecting, and preventing unauthorized privileged access to critical resources12. A PAM system can meet the requirements of the project by providing features such as: Check-in/checkout of credentials: A PAM system can store and manage privileged credentials in a secure vault, and allow authorized users to check out credentials when needed and check them back in when done. This reduces the risk of credential theft, misuse, or sharing23.
The ability to use but not know the password: A PAM system can enable users to access privileged accounts or resources without revealing the actual password, using methods such as password injection, session proxy, or single sign-on23. This prevents users from copying, changing, or sharing passwords2.
Automated password changes: A PAM system can automatically rotate and update passwords for privileged accounts according to predefined policies, such as frequency, complexity, and uniqueness23. This ensures that passwords are always strong and unpredictable, and reduces the risk of password reuse or compromise2.
Logging of access to credentials: A PAM system can record and audit all activities related to privileged access, such as who accessed what credentials, when, why, and what they did with them23. This provides visibility and accountability for privileged access, and enables detection and investigation of anomalies or incidents2.
A PAM system is different from OAuth 2.0, which is an authorization framework that enables third-party applications to obtain limited access to an HTTP service on behalf of a resource owner4. OAuth 2.0 does not provide the same level of control and security over privileged access as a PAM system does.
A PAM system is also different from a secure enclave, which is a hardware-based security feature that creates an isolated execution environment within a processor to protect sensitive data from unauthorized access or modification5. A secure enclave does not provide the same functionality as a PAM system for managing privileged credentials and access.
A PAM system is also different from an OpenID Connect authentication system, which is an identity layer on top of OAuth 2.0 that enables users to verify their identity across multiple websites using a single login6. OpenID Connect does not provide the same scope and granularity as a PAM system for controlling and monitoring privileged access.
A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business.
Which of the following constraints BEST describes the reason the findings cannot be remediated?
- A . inability to authenticate
- B . Implied trust
- C . Lack of computing power
- D . Unavailable patch
D
Explanation:
If the systems are running unsecure protocols and the company that developed them is no longer in business, it is likely that there are no patches available to remediate the issue.
Reference: CompTIA Security+ Certification Exam Objectives 1.6: Given a scenario, implement secure protocols. CompTIA Security+ Study Guide, Sixth Edition, pages 35-36
Users are reporting performance issues from a specific application server A security administrator notices that user traffic is being intermittently denied depending on which load balancer the traffic is originating from.
Which of the following types of log files should be used to capture this information?
- A . Session traffic
- B . Syslog data
- C . Security events
- D . DNS responses
- E . Authentication
A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information.
Which of the following roles is the company assuming?
- A . Data owner
- B . Data processor
- C . Data steward
- D . Data collector
D
Explanation:
A data collector is a person or entity that collects personal data from individuals for a specific purpose. A data collector may or may not be the same as the data controller or the data processor, depending on who determines the purpose and means of processing the data and who actually processes the data.