The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Question 31
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?
A. OAuth
B. SSO
* C. SAML
D. PAP
Question 32
In which of the following risk management strategies would cybersecurity insurance be used?
* A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
Question 33
An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?
A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
* D. Data exfiltration over a mobile hotspot
Question 34
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.
Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:
A. perform attribution to specific APTs and nation-state actors.
* B. anonymize any PII that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.
Question 35
An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?
A. Incident response
B. Communications
* C. Disaster recovery
D. Data retention
Question 36
An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization’s needs for a third factor?
A. Date of birth
* B. Fingerprints
C. PIN
D. TPM
Question 37
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?
A. Order of volatility
B. Data recovery
* C. Chain of custody
D. Non-repudiation
Question 38
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?
A. Deploy an MDM solution.
* B. Implement managed FDE.
C. Replace all hard drives with SEDs.
D. Install DLP agents on each laptop.
Question 39
Which of the following refers to applications and systems that are used within an organization without consent or approval?
* A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats
Question 40
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?
* A. An air gap
B. A Faraday cage
C. A shielded cable
D. A demilitarized zone