Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

SY0-601Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 26

A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose?

  • A: Service
  • B: Shared
  • C: Generic
  • D: Admin

Question 27

A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

  • A: Autopsy
  • B: Memdump
  • C: FTK imager
  • D: Wireshark

Question 28

An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

  • A: Delete the private key from the repository.
  • B: Verify the public key is not exposed as well.
  • C: Update the DLP solution to check for private keys.
  • D: Revoke the code-signing certificate.

Question 29

An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?

  • A: Compensating
  • B: Corrective
  • C: Preventive
  • D: Detective

Question 30

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

  • A: CASB
  • B: VPN concentrator
  • C: MFA
  • D: VPC endpoint

Question 31

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

  • A: Data in transit
  • B: Data in processing
  • C: Data at rest
  • D: Data tokenization

Question 32

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?

  • A: Check the hash of the installation file.
  • B: Match the file names.
  • C: Verify the URL download location.
  • D: Verify the code signing certificate.

Question 33

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of action?

  • A: Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
  • B: Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.
  • C: Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.
  • D: Request the caller send an email for identity verification and provide the requested information via email to the caller.

Question 34

Which of the following would BEST provide detective and corrective controls for thermal regulation?

  • A: A smoke detector
  • B: A fire alarm
  • C: An HVAC system
  • D: A fire suppression system
  • E: Guards

Question 35

Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?

  • A: Hashing
  • B: Tokenization
  • C: Masking
  • D: Encryption

Question 36

Which of the following is a benefit of including a risk management framework into an organization's security approach?

  • A: It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.
  • B: It identifies specific vendor products that have been tested and approved for use in a secure environment.
  • C: It provides legal assurances and remedies in the event a data breach occurs.
  • D: It incorporates control, development, policy, and management activities into IT operations.

Question 37

An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

  • A: Development
  • B: Test
  • C: Production
  • D: Staging

Question 38

During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?

  • A: The forensic investigator forgot to run a checksum on the disk image after creation.
  • B: The chain of custody form did not note time zone offsets between transportation regions.
  • C: The computer was turned off, and a RAM image could not be taken at the same time.
  • D: The hard drive was not properly kept in an antistatic bag when it was moved.

Question 39

An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

  • A: FRR
  • B: Difficulty of use
  • C: Cost
  • D: FAR
  • E: CER

Question 40

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

  • A: User training
  • B: CASB
  • C: MDM
  • D: DLP

Question 41

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

  • A: On-path attack
  • B: Protocol poisoning
  • C: Domain hijacking
  • D: Bluejacking

Question 42

A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

  • A: Private cloud
  • B: Hybrid environment
  • C: Managed security service provider
  • D: Hot backup site

Question 43

After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

  • A: CASB
  • B: VPC
  • C: SWG
  • D: CMS

Question 44

Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

  • A: Recovery
  • B: Deterrent
  • C: Corrective
  • D: Detective

Question 45

A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the
BEST way for the company to mitigate this attack?

  • A: Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.
  • B: Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.
  • C: Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.
  • D: Use an automated tool to flood the phishing websites with fake usernames and passwords.

Question 46

A security engineer is building a file transfer solution to send files to a business partner. The users would like to drop off the files in a specific directory and have the server send the file to the business partner. The connection to the business partner is over the internet and needs to be secure. Which of the following can be used?

  • A: S/MIME
  • B: LDAPS
  • C: SSH
  • D: SRTP

Question 47

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

  • A: Rainbow table attack
  • B: Password spraying
  • C: Logic bomb
  • D: Malware bot

Question 48

A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

  • A: User certificate
  • B: Self-signed certificate
  • C: Computer certificate
  • D: Root certificate

Question 49

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber's knowledge. A review of the audit logs for the medical billing company's system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account.
Which of the following does this action describe?

  • A: Insider threat
  • B: Social engineering
  • C: Third-party risk
  • D: Data breach

Question 50

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

  • A: Accept the risk if there is a clear road map for timely decommission.
  • B: Deny the risk due to the end-of-life status of the application.
  • C: Use containerization to segment the application from other applications to eliminate the risk.
  • D: Outsource the application to a third-party developer group.
Page 2 of 35 • Questions 26-50 of 860
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!