The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.
Question 41
A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?
A. Discretionary
B. Rule-based
C. Role-based
* D. Mandatory
Question 42
Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?
A. Least privilege
B. Awareness training
* C. Separation of duties
D. Mandatory vacation
Question 43
On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)
A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
* E. Value and volatility of data
* F. Right-to-audit clauses
Question 44
A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?
A. The scan results show open ports, protocols, and services exposed on the target host
* B. The scan enumerated software versions of installed programs
C. The scan produced a list of vulnerabilities on the target host
D. The scan identified expired SSL certificates
Question 45
An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:
- Check-in/checkout of credentials
- The ability to use but not know the password
- Automated password changes
- Logging of access to credentials
Which of the following solutions would meet the requirements?
A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
* D. An OpenID Connect authentication system
Question 46
A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization’s security posture?
A. Configure the DLP policies to allow all PII
B. Configure the firewall to allow all ports that are used by this application
C. Configure the antivirus software to allow the application
* D. Configure the DLP policies to whitelist this application with the specific PII
E. Configure the application to encrypt the PII
Question 47
A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?
A. MSSP
* B. SOAR
C. IaaS
D. PaaS
Question 48
A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?
A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
* C. Enforce application whitelisting.
D. Implement DLP at the network boundary.
Question 49
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?
A. Pass-the-hash
B. Session replay
C. Object deference
* D. Cross-site request forgery
Question 50
A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?
A. SIEM
B. DLP
* C. CASB
D. SWG