Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 2 Part 2

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 181

Exam Question

What are the characteristic features of the Personal Information Exchange (PFX) and P12 digital certificate format? (Select 3 answers)

A. .pfx and .p12 file extensions
B. Generally used for Microsoft windows servers
C. Encoded in text (ASCII Base64) format
D. .pem, .crt, .cer and .key file extensions
E. Encoded in binary format
F. Generally used for Apache servers or similar configurations

Correct Answer

A. .pfx and .p12 file extensions
B. Generally used for Microsoft windows servers
E. Encoded in binary format

Question 182

Exam Question

What are the characteristic features of the Distinguished Encoding Rules (DER) digital certificate format? (Select 3 answers)

A. Encoded in binary format
B. Generally used for Microsoft windows servers
C. .der and .cer file extensions
D. Encoded in text (ASCII Base64) format
E. Generally used for Java servers
F. .pem, .crt, .cer and .key file extensions

Correct Answer

A. Encoded in binary format
C. .der and .cer file extensions
E. Generally used for Java servers

Question 183

Exam Question

A digital certificate which allows multiple domains to be protected by a single certificate is known as:

A. Extended Validation (EV) certificate
B. Wildcard certificate
C. Subject Alternative Name (SAN) certificate
D. Root signing certificate

Correct Answer

C. Subject Alternative Name (SAN) certificate

Question 184

Exam Question

In a digital certificate, the Common Name (CN) field describes a device, an individual, an organization, or any other entity the certificate has been issued for. In an SSL certificate, CN refers to the Fully Qualified Domain Name (FQDN), which is the domain name of the server protected by the SSL certificate.

A. True
B. False

Correct Answer

A. True

Question 185

Exam Question

What is the fastest way for checking the validity of a digital certificate?

A. CRL
B. Key escrow
C. OCSP
D. CSR

Correct Answer

C. OCSP

Question 186

Exam Question

What is the PKI role of Registration Authority (RA)? (Select 2 answers)

A. Accepting requests for digital certificates
B. Validating digital certificates
C. Authenticating the entity making the request
D. Providing backup source for cryptographic keys
E. Issuing digital certificates

Correct Answer

A. Accepting requests for digital certificates
C. Authenticating the entity making the request

Question 187

Exam Question

Which of the following answers refers to a hierarchical system for the creation, management, storage, distribution, and revocation of digital certificates?

A. Web of trust
B. PKI
C. IaaS
D. CA

Correct Answer

B. PKI

Question 188

Exam Question

A security solution that provides control over elevated (i.e. administrative type) accounts is known as:

A. MAC
B. PAM
C. ICS
D. FACL

Correct Answer

B. PAM

Question 189

Exam Question

Discretionary Access Control (DAC) is an access control model based on user identity. In DAC, every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object.

A. True
B. False

Correct Answer

A. True

Question 190

Exam Question

Which of the following answers refer to the Rule-Based Access Control (RBAC) model? (Select 2 answers)

A. Access to resources granted or denied depending on Access Control List (ACL) entries
B. Every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object
C. Implemented in network devices such as firewalls to control inbound and outbound traffic based on filtering rules
D. Every resource has a sensitivity label matching a clearance level assigned to a user; labels and clearance levels can only be applied and changed by an administrator
E. An access control method based on user identity

Correct Answer

A. Access to resources granted or denied depending on Access Control List (ACL) entries
C. Implemented in network devices such as firewalls to control inbound and outbound traffic based on filtering rules