Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 5 Part 2

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 481

Exam Question

Which of the following can be used to validate the origin (provenance) of digital evidence? (Select 2 answers)

A. Hashing
B. Tokenization
C. Salting
D. Metadata examination
E. Checksums

Correct Answer

A. Hashing
E. Checksums

Question 482

Exam Question

Which of the following answers refers to an example order of volatility for a typical computer system?

A. Cache memory -> RAM -> Disk files -> Temporary files -> Swap/Pagefile -> Archival media
B. Archival media -> Disk files -> Temporary files -> Swap/Pagefile -> RAM -> Cache memory
C. Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media
D. Temporary files -> RAM -> Cache memory -> Swap/Pagefile -> Archival media -> Disk files

Correct Answer

C. Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

Question 483

Exam Question

A type of file that an OS uses to hold parts of programs and data files that cannot be stored in RAM due to insufficient memory space is called: (Select 2 answers)

A. Swap file
B. Temporary file
C. Pagefile
D. Signature file
E. Archive file

Correct Answer

A. Swap file
C. Pagefile

Question 484

Exam Question

In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as:

A. Order of volatility
B. Layered security
C. Chain of custody
D. Transitive access

Correct Answer

A. Order of volatility

Question 485

Exam Question

In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as:

A. Proxy list
B. Order of volatility
C. Access log
D. Chain of custody

Correct Answer

D. Chain of custody

Question 486

Exam Question

A SOAR playbook is a checklist of actions that can be performed in response to a security incident.

A. True
B. False

Correct Answer

A. True

Question 487

Exam Question

An IETF specification that defines how IP flow information is to be formatted and transferred from an exporter to a collector is called:

A. NetFlow
B. IPFIX
C. sFlow
D. NXLog

Correct Answer

B. IPFIX

Question 488

Exam Question

Which of the following is a Cisco-designed IP traffic collection method that by default does not offer packet sampling?

A. IPFIX
B. NetFlow
C. NXLog
D. sFlow

Correct Answer

B. NetFlow

Exam Question

Which of the following is a cross-platform log-managing tool?

A. NetFlow
B. rsyslog
C. NXLog
D. sFlow
E. syslog-ng

Correct Answer

C. NXLog

Question 490

Exam Question

Which of the following are log managing utilities for Unix and Unix-like systems that implement the basic syslog protocol and extend it with additional functionalities? (Select 2 answers)

A. NXLog
B. syslog-ng
C. NetFlow
D. rsyslog
E. sFlow

Correct Answer

B. syslog-ng
D. rsyslog